News Insights: U.S. Federal Reserve System Exposed to Increased Risk of Unauthorized Access

News Insights:

According to Steven Rogers, CEO of Centripetal, “There’s not a clear indication yet of what the vulnerability was.  It could be something as simple as a bad password, or some other server update that wasn’t done, allowing unauthorized access to malware.  We just don’t know. However, all of these systems should employ more advanced intelligence in their security stacks. For example, external threat intelligence-based and internal rule-based systems are increasingly used by enterprises to protect themselves, and reduce security team burdens and discovery times (as well as the organization’s dependence on its teams).  They shouldn’t wait for a vulnerability to be exposed before doing anything.  With the aforementioned technologies in place, the practical effect of a vulnerability would be mitigated.  The agency should still find and fix potential vulnerabilities, but if these protective systems are in place, the attacker will be stopped anyway. It’s great that an audit found this key vulnerability. However, well-designed network security systems should already employ both internal and external protective technologies to prevent successful attackers from stealing data.  These new protective systems, such as Threat Intelligence Gateways, can protect the enterprise from yet unknown vulnerabilities, long before an audit finally discovers them.”