While the number of hacker attacks is constantly increasing, many companies do not even know their potential attack surface. The "Fischfang" (“Fishing”) platform developed at Deutsche Telekom provides an overview in the great ocean of IT and unerringly identifies security vulnerabilities. It also provides support in the area of data protection.
In the digitalization age, damaging attacks on companies and other organizations can be mounted even by people with little technical know-how. What's more, even organizations that invest heavily in IT security can fall victim to hacker attacks. Today's hackers and spies profit from three key factors. First, organizations often fail to maintain a proper overview of the IT systems they have in place. Second, more and more security vulnerabilities are being published. Third, it's now possible to massively exploit security vulnerabilities within a matter of hours. (See the photo show below.)
"Fischfang" addresses these challenges. This new platform, which has been developed by Deutsche Telekom IT-security experts, is a novel combination of systems that makes it possible to identify and assess the company's vulnerabilities in real time. In the process, the platform carries out actions that human data analysts routinely apply for the purpose of precisely assessing a security situation. Automation of such check routines enhances checking efficiency, while saving time and costs.
Taking an IT inventory with just a few clicks
“Fischfang” produces an inventory of an organization's IT infrastructure, and then updates it continually. And it does so without having any prior data about the organization. A critical aspect of the process is that all systems have to be validated, to ensure that the system brings up no "by-catch" as it "fishes" for IT-infrastructure elements. The IP addresses, domains, subdomains and blocks that “Fischfang” finds must be up to date, and must not be in use by the organization's own customers. In the interest of the greatest possible accuracy, the system is equipped with artificial intelligence (AI). “Fischfang”'s AI searches for characteristics such as contact details, certificates, colors and logos. In the process, it thoroughly familiarizes itself with the organization's key characteristics and excludes non-relevant systems from its selection. The result is a valid selection. The outlined process can be carried out either semiautomatically or completely automatically.
Companies have a vital interest in obtaining current overviews of their IT infrastructure, because attackers are constantly scouring systems in order to find their weakest points. And a security vulnerability in a supposedly unimportant piece of add-on software can be all an attacker needs in order to damage a main system.
Making it easy to ward off threats
“Fischfang”'s "catch" is analyzed for weaknesses and saved to databases, along with information such as details about software versions and login interfaces.
When a software provider reports a security weakness, experts of Deutsche Telekom "fish" around in their databases for systems that use the relevant software. With the help of various components, they then pinpoint the number of potentially vulnerable systems. Significantly, their component network functions precisely, and returns no false alerts. The following example illustrates the system's precision: In one case, an expensive system available on the market reported that 8,000 systems would have to be closely examined. “Fischfang” found that the number involved was actually only 20 – a number that could feasibly be closely scrutinized by security experts.
Automatic security categorization
Use of clusters, and classification of IT systems with similar characteristics, are already making it easier to detect problems and assess security situations. In the interest of improving such approaches, Deutsche Telekom is collaborating with research institutes in the development of strategies for automated system classifications based on machine learning and defined rules.
Different areas of application
“Fischfang” is now supporting Deutsche Telekom's Cyber Emergency Response Team (CERT) and helping it adequately address critical security vulnerabilities. In addition, Deutsche Telekom is using “Fischfang” to review software for compliance with the General Data Protection Regulation (GDPR) and websites for proper cookie notifications and provision of contact details as legally required. Early detection of non-compliance in such areas helps organizations avoid significant fines.
Other areas of application have been tested or are being planned. In this context, special attention is being given to the area of supply-chain security. This is important in that a company's security vulnerabilities can actually lie outside the company's own immediate sphere – they can reside within its supply chain, for example.
A solution for one and all
Deutsche Telekom's specialists have given “Fischfang” a generic design, in the interest of maximizing its applicability to many different organizations. The potential customers for the system include all organizations with IT infrastructures connected to the Internet and to intranet(s).