Mitigating M&A Cybersecurity Risk with Netography Fusion
by Mal Fitzgerald
During my career in security and network operations, I’ve had the opportunity to be part of the due diligence process in several mergers and acquisitions. Now, as a sales engineer at Netography, I am working with organizations to share the lessons I learned from my experience and how the Netography Fusion platform can help them.
There are certain steps security architects and directors of SecOps and NetOps need to be able to perform as part of due diligence to ensure their organization isn’t exposed to cybersecurity risk when the two enterprises’ networks come together. As a best practice, they need to understand what the other company has on their network, what’s happening, and what should never occur before allowing connectivity. However, massive coverage gaps in the existing security tech stack make this extremely difficult, if not impossible, to do with confidence.
This is where Netography Fusion® comes in. We eliminate the gaps to give you comprehensive visibility across multi-cloud or hybrid environments – your own as well as the company you are about to acquire. And we provide detections so you can understand the behaviors and activities of all the participants on the network – users, applications, data, and devices. This puts you in a position to perform the following four steps during due diligence.
Step 1: Asset Discovery. CIS Critical Security Control 1 specifies the need to identify all the enterprise assets connected to your on-prem and cloud networks, including IoT devices and unauthorized and unmanaged assets. Being able to confidently say what assets the other company has in their environment certainly is step one of due diligence. But this is hard to do when you rely on point tools, (like an EDR) which is purely agent-based. Organizations have a complex mix of endpoints including smart phones, printers, and wireless access points that can’t support agents. There are also devices you aren’t aware of, or you don’t control, so you can’t put an agent on them.
The Fusion Advantage: Netography Fusion provides comprehensive coverage by relying on metadata from multi-cloud and on-prem networks. Fusion is agentless and encryption-agnostic, so you can visualize and analyze networks by devices, applications, and users at any given time across all environments to create an asset inventory that is always up to date.
Step 2: Assessing Cyber Hygiene. With a handle on asset inventory, now you have to understand what those assets are doing. Visibility into application behavior, more specifically what IPs addresses and ports that application is communicating with, is critical. For example, as the acquirer you may have policies to not do business with a certain country. Being able to quickly identify the assets that are exposed to the Internet, the systems they are running on, and if they are connecting to countries that you don’t do business with currently, is extremely valuable.
The Fusion Advantage: Fusion provides a complete and accurate picture of all network communication related to applications across multi-cloud and hybrid environments. It enriches metadata with context to understand with greater nuance the activities of the participants in the environment and detect hygiene issues, like overly permissive access controls or segmentation policies.
Step 3: Detecting threats already in the network. You also need to understand what is happening on the network of the company you’re acquiring and if you should be concerned. This includes activity such as reconnaissance scanning, brute force techniques, and lateral movement across trust boundaries. Most organizations rely exclusively on firewalls to try to control what they should or shouldn’t let through. However, detecting activity that should never occur – before you connect your VPCs together and enable pathways to your on-prem network infrastructure – is a best practice for due diligence.
The Fusion Advantage: Fusion normalizes and analyzes metadata from the network so you can monitor for suspicious or malicious activity, detect if there are threats lurking in the network, and work with your counterparts in the acquired company to address them proactively. When you do turn on true interconnectivity you will have tackled any pre-existing threats to prevent them from bleeding through.
Step 4: Policy validation: Next, you need to understand and confirm the external services that devices, applications, and users are connecting to in order to make policy decisions. For example, there are several different remote services administrators can use to connect to the network – TeamViewer, RealVNC, Remote Desktop Protocol (RDP), and others. Before networks are merged, you need to be able to determine what will become the corporate standard and then validate compliance.
The Fusion Advantage: Fusion allows you to create detections to gain visibility into all external services in use and business policies in place, so that you can quickly reconcile the services and enforce policies. Instead of relying on logs or the endpoint, Fusion uses agnostic metadata and context from existing network and security infrastructure for comprehensive observability and understanding. Fusion continuously monitors usage of any external services, from remote services to social media, to identify non-compliance. (You can customize the detections that we build into the Fusion portal or create your own to meet your specific policy requirements).
Frictionless deployment
Finally, you need to have a way to perform these four steps without having to install anything in the acquired environment. Netography Fusion is a cloud-native platform for all your multi-cloud and hybrid environments. You gain real-time observability and detection without deploying sensors, agents, or taps, which means a lower TCO and the ability to be fully deployed within an hour or two.
Fusion is multi-tenant by design; the acquired company can be a subtenant with access to their data, but you, as the acquirer, can have access to all data in one portal. You organize your data how you want, and the detection engines start sending data immediately.
It’s always hard to get your arms around what you’ve got, what’s happening, and what should never occur in any network. The difficulty is compounded in an M&A situation. Netography Fusion is ideally suited for this challenge. Providing you with a unified view of all network activity makes it easy to discover assets, assess cyber hygiene, detect and mitigate existing threats, and validate and enforce policies.