Key Points
Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long.
But a secure working network is the backbone of every modern business, and with so many different attack vectors and entry points, relying on firewalls and point-in-time scanning is no longer enough. You need to understand how your firewalls are being changed in real time, with real-world validation of how they’re configured. You need continuous network monitoring.
What needs protecting in your network?
There is so much sprawl in today’s corporate networks with remote working, cloud computing and third-party integrations, that it’s no longer just the devices or systems that you have in your office and data center that need protecting.
From the hardware and software of the network itself, to all the devices used to access it, from IoT endpoints to laptops and smartphones, network security now needs to look beyond the perimeter to your cloud resources, edge devices, third-party hosted content, integrations with other hardware or software, and assets hosted in dispersed offices.
Just to complicate matters further, some of these services, especially those hosted in the cloud, may only be active for a short space of time for specific projects, events, deployments, or by design. With such a dispersed network, the castle-and-moat model of network security is no longer fit for purpose.
What can go wrong with your network?
Vulnerabilities can be introduced to your network in a number of ways, including misconfigurations, expiring certificates, new assets added to cloud environments, missing patches, or unnecessarily exposing services to the internet. In addition, there’s the ever-present risk of attack from phishing, supply chain compromises and exposed credentials.
For example, a Windows SMB service on your internal network is not a vulnerability, but exposing one to the internet is a different matter entirely – that’s what led to the WannaCry ransomware attack that spread across the world.
Similarly, Australian telco Optus suffered a devastating data breach in 2022 that exposed details of 11 million customers. The breach occurred through an unprotected and publicly-exposed API which didn’t require user authentication, so anyone that discovered the API on the internet could connect to it without a username or password.
How can you protect your network?
Continuous network monitoring supported by regular scanning could have picked up both of these vulnerabilities and prevented these breaches.
Monitoring uses automation to detect and identify flaws and weak spots in your devices, application software and operating systems. It does this by sending probes to look for open ports and services, and once the list of services is discovered, probing each for more information, configuration weaknesses or known vulnerabilities.
It’s common to have a range of systems in your network, from laptops and workstations in the office or at home, to systems in cloud platforms like AWS, Azure, and Google Cloud. Your team may well use a range of operating systems too.
Deciding what to include in your network scan can be hard, but there are multiple ways to tackle it: exposure based, sensitivity based and coverage based. Check out our guide to find out the best approach for your business context.
Why do you need to monitor continuously?
Your network is always changing. New services are spun up, web apps updated, permissions changed, devices added and removed. All of these can introduce potential vulnerabilities. The goal of continuous monitoring is to provide near-immediate feedback and insight into these changes, assessing and prioritizing vulnerabilities, so you can understand the risk across your entire infrastructure.
With this clear picture of what attackers can see and what’s accessible in your internet-facing infrastructure, you can easily tackle any problems as soon as they arise.
Continuous monitoring not only provides visibility into the vulnerabilities in your IT environment and remote devices, but also clarity into how those vulnerabilities translate into business risk, and which are most likely to be targeted by attackers.
Ask the expert: 3 reasons why you need continuous scanning
By Andy Hornegold, Intruder Product VP
1. "I don't need continuous monitoring because my assets/apps/systems don't change that frequently"
Just because your app doesn't change every day, or only changes once every six months, there are always new vulnerabilities being discovered in the technologies you use every day. If you haven't changed your assets/apps/systems in six months, then you haven't patched in six months, which means you're much more likely to be vulnerable to those new vulnerabilities.
2. "You're checking for technologies that I don't use"
We don't make assumptions about the technologies you're using (you know what they say about assumptions) but we will scan for every medium, high or critical vulnerability that there’s a check for, because you may have deployed that technology since our last check. Someone else in your team might have deployed something, and you need to know about it. There's no downside because you don't have to lift a finger - our Emerging Threat Scans does it for you.
3. "Why would I need daily network scanning?"
Vulnerability scanning engines take time to develop checks, and those checks can take days to be released after the vulnerability has been outed (usually it's 24 hours, but there are occasions where this is longer - like CitrixBleed). If a vulnerability blows up, then the next question should (at least) be "am I vulnerable?". If there's no check, how do you know what your exposure is? Attack Surface view will show if you have those technologies exposed and proactively increase monitoring or firewall the assets until a check or patch is available. You need to know that the information you have is up to date.
Continuous network monitoring with Intruder
Advanced network monitoring tools like Intruder run daily network scans so your view is always accurate and up to date – showing active and unresponsive targets, any changes since your last scan, expiring certificates, and the ports and services you expect – and more importantly, don’t expect – to be exposed to the internet.
Any targets you add will kick off a scan. Once finished, we add the target to the queue for rescanning at regular intervals. Any changes will automatically kick off a vulnerability scan, with issues prioritized by context so you can fix what matters most.
If you’re lucky enough to have your own network range, you know how useful it can be but how hard to manage. You want to make sure your whole range is covered, but licensing vast numbers of inactive IPs can be expensive. Our Smart Recon feature monitors your external network ranges for active IPs – but you’ll only pay for the ones in use.
This continuous monitoring gives comprehensive and up-to-date visibility across your entire IT environment to take your network security to another level. If you're looking to learn more about continuous network monitoring, choose a time to chat with us for more information.
