By Challenge
By Industry
Featured content
Cyolo Revolutionizes Secure Remote Access with AI-powered Supervision
SANS 2024 State of ICS/OT Cybersecurity Report
5 “Unique” Security Challenges Facing OT/ICS Environments
2024 Gartner® Hype Cycle™ for Cyber-Physical Systems Security Names Cyolo as a Sample Vendor
Reconnaissance is the first step attackers take when planning a cybersecurity attack. It includes the gathering of information about the network and its vulnerabilities, prior to infiltration. Therefore, preventing reconnaissance activities is an important step in your cybersecurity protection plan, and arguably one of the most important ones. Zero trust security can help block reconnaissance, and prevent attackers from advancing if they’re already in the network. Here’s how.
What is Reconnaissance?
Reconnaissance, the first step in the MITRE Att&ck framework, is the act of gathering information to prepare for a cybersecurity attack. Attackers use the reconnaissance stage to learn about the target network and its vulnerabilities. This information will later be used by the hacker to choose the right tools and attack methods.
Attackers gather information about the network and its components like servers, IP addresses, subdomains, usernames, and more. They also learn about security policies and they gather human information like email addresses and personal preferences. Basically, it’s any information that can be used for identifying and creating an attack plan.
Reconnaissance Methods
There are many methods attackers can use for reconnaissance, for example:
Network Reconnaissance Methods
Scanning servers with vulnerability scanners like Shodan
Looking at which technologies the company is implementing and searching for relevant vulnerabilities
Searching for SSL certificates that have been obtained and gathering information about the network
Looking for an organization’s IP range and scanning it
Extracting metadata from an organization’s public files, like geolocation from photos
Identifying customers through Linkedin connections and case studies to plan for a third party attack
Human Reconnaissance Methods
Searching for business emails with the company’s domain
Finding support personas and emails in forums
Getting credentials from third party websites that have been attacked
How Zero Trust Can Help Block Reconnaissance
As you can see, reconnaissance options are plentiful. Therefore, organizations need a security model to help them block and minimize the risk of reconnaissance. That model is zero trust.
Zero trust is a security model that eliminates transitive trust by continually identifying and authenticating every device, user and identity before granting them access to network apps and assets. In addition, the network is cloaked for users, preventing network visibility.
These unique features of the zero trust security architecture prevent active scanning and gathering host information. The network and any information about vulnerabilities is hidden from the attackers. They cannot gather network information.
The remaining reconnaissance methods, and especially the human ones and methods based on public information, cannot be 100% prevented. However, zero trust ensures that even if attackers do infiltrate the network, they will not be able to advance in it.
Zero trust uses security measures like multi-factor authentication (MFA) and user behavior analytics (UBA) before providing users with access to applications and resources. In addition, as mentioned before, the network is not visible to them. Therefore, even if they were able to gain access, for example, they would not be able to proceed beyond their victim’s edge. As a result, zero trust prevents reconnaissance attempts from doing any substantial harm.
Subscribe to Our Newsletter
