It is challenging for IT and security admins to keep up with the rapid pace of change and the constant barrage of new threats and vulnerabilities to worry about. When users connect unknown mobile devices or log in to unauthorized cloud apps and services it exposes the network to risk that the IT team isn’t even aware of. Organizations need to detect and identify this unknown IT so it doesn’t make the network vulnerable.
You can’t secure and protect devices or data you aren’t even aware of. It’s a simple premise, but one that has become more and more relevant in recent years. It’s challenging enough to just keep up with identifying, managing, and resolving the vulnerabilities you know about, but it’s crucial to be able to detect and identify those unknown and shadow IT assets as well.
The explosion of mobile devices, cloud services, and virtualization tools make it very easy for employees to connect to and use unauthorized technologies that IT is not aware of. All of your effort to manage vulnerabilities and protect the network can be undone by one attacker exploiting a vulnerability on an unknown device or service connected to your network. When users introduce technologies and applications without IT consent, they expose the company to unnecessary risk and handicap IT’s ability to effectively protect the network.
Lurking in the shadows
You can’t be confident in your security posture if you can’t be sure you’re identifying and remediating vulnerabilities in all of the devices and applications on your network. You might achieve some false sense of security by checking a box for resolving the vulnerabilities you’re aware of, but shadow IT can still leave you weak and defenseless.
Unknown mobile devices on your network expose you to significant risk. A report from the end of 2015 found that an average mobile app has nine vulnerabilities—and more than a third of those are critical or high vulnerabilities. The report revealed that more than a quarter of the mobile app vulnerabilities result in personal or sensitive information leakage, and nearly a quarter are related to authentication and authorization.
Another place where risk lurks in the shadows is with cloud services and virtualization. Users just sign up for services like Dropbox or an unsanctioned CRM tool, and with the push of a button your network and data are exposed to vulnerabilities you don’t know about. Cloud providers average 18 vulnerabilities per asset. It takes on average 103 days for a typical organization to remediate a security vulnerability. Cloud providers are faster than many other industries when it comes to addressing vulnerabilities, but whether it’s 30 days or 300 days you can’t address or mitigate the risk because you don’t even know you’re exposed.
Read the complete post on the Tenable blog and learn more about how to detect unknown and shadow IT so you can secure and protect your network: You Can’t Defend IT Hidden In The Shadows.