Invisible technology is something that many of us take for granted. When technology works, it’s easy to forget it’s there at all. Unfortunately, this blind spot can lead to system-wide vulnerabilities, data theft and more.
While there may be many scripts running that could be considered invisible, it is the security-focussed items that we should be most concerned with. If the scripts we trust to securely manage our sensitive data are compromised the resulting damage could be catastrophic.
We’re going to explore some of the more common invisible scripts and how you can bring them to your attention in a proactive fashion – before a problem arises.
What is invisible technology?
Invisible technology is an informal term. It groups together the programs and software that are in daily use in your company, while remaining essentially unseen and unnoticed. Neither end users or IT support teams give them much attention, as they work along in the background.
Consider electricity. It’s present in your home and it works. It’s just there it keeps everything running smoothly. You really only notice that you rely on electricity when it stops working. So too with invisible technology. These programs help to create secure trading environments for customers, clients and staff alike, but are only truly appreciated when they fail.
Unfortunately, this oversight can become an opportunity for risk. If there are no routine inspections conducted the chances of delayed updates and malicious incursions increases. These blind spots can allow real threats to take hold in your systems.
What types of software are we talking about? Here are a few examples:
- SSH, related to systems administration,
- TLS, the method many applications use to secure transmitted information,
- Kerberos, a popular authentication method for operating systems, and
- SAML, a way to swap and match identity data.
As an example, let’s examine the TLS case more closely. It’s fair to say that TLS is used in most companies and organisations on a daily basis. Could you say that TLS is checked and audited as often as other, more visible protocols or software? When did you last examine how TLS is deployed in your business? Have you revisited any customised configuration settings? Did the last update revert these to default? Was the last update installed in a timely fashion?
These questions may feel pedantic, but they are not without cause. TLS in particular has been vulnerable to attacks in the past. There have been other issues, too.
When we make new software purchases we vet the options very closely. We review every setting and set custom configurations. Security is often the top concern, alongside functionality and usability. The concern with the so-called invisible security technologies is that once the initial checks are conducted, they are rarely inspected again.
This makes these systems vulnerable to tampering, and we may not notice new attack paths, changes to operating parameters, new potential vulnerabilities or changes to safe configuration.
It is fair to say that IT teams are often under resourced. These invisible technologies may fly under the radar simply due to time restraints and attention being absorbed by more urgent cases. They may also be considered low on the priority list – after all, if it isn’t broken, why fix it?
How can you bring invisible security technologies to light?
There is a process you can undertake to assess your invisible tech. Threat modelling will help you to understand your digital position more clearly. Like most processes, it will take some dedicated resources to conduct the initial assessment, but after that, regular inspection and maintenance is the key to good hygiene.
Create an application threat model for each script. Begin by collating every way the application interacts with your business. Seek out and identify information exchange pathways. Establish exactly how the application operates in every instance it’s deployed. Gather supporting information from adjacent sources, like
- Interaction diagrams,
- Configuration management,
- Business impact assessments,
- Network topology diagrams, and
- Vulnerability assessment systems.
Bring this information together in a Data Flow Diagram (DFD) to see it all clearly. When you conduct a deliberate and thorough review, it will force you to inspect every element in a new way. This measured and considered approach may highlight potential problem areas.
Of course, conducting this type of assessment on every single moving part of your digital environment is beyond the resources of many teams. You can choose to select a couple of applications and apply the threat modelling process to them. Then, take the sense of detailed inspection with you as you carry out your daily IT maintenance tasks. Pay attention to your silent actors and ask yourself how they are intertwined with other applications and information exchanges. Stop and ask questions when you notice something that hasn’t been maintained for a while. If adding this extra procedure to your to-do list is not possible within your resource constraints, consider outsourcing it to a professional IT support team. Their fresh eyes may notice anomalies or vulnerabilities and bring external knowledge of trouble spots. Having them conduct the initial assessment may make the process far more achievable, leaving your own team with the simple oversight and maintenance.
The last step in the process is establishing accountability for checking on these silent applications. If you can, divide these between your team and have them conduct inspections on a routine basis (as well as checking sources for externally identified issues). If you are fortunate, staff may already be responsible for some of these. In this case, ensure that checks are being conducted regularly.
Silent technology makes our everyday digital experience much smoother, but we must be diligent. Deliberate and routine inspection will help avoid it becoming a double-edged sword.
About EC-MSP, your IT support partner
EC-MSP are one of the most trusted IT support providers in London. If you would like more help advice and support with auditing your invisible security technology, including identifying under-the-radar applications, contact us today to see how we can help.