Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
[Security Rating] Discussion for supplier with IP in bad reputation
- This topic has 2 replies, 1 voice, and was last updated 5 months, 2 weeks ago by
.
-
Topic
-
Hi everyone,
I wanted to deal with a topic that I consider very delicate and particular, which can have several interesting ideas.
I will tell you about a situation that happened to me, working for a large company in the financial sector, receiving the request from its TLC structure, to whitelist some vendor IP addresses in its perimeter systems, as the supplier was unable to work with continuity due to the blocking of some of its IPs. These IPs were blocked by SOC several months earlier due to their “bad reputation”, are classified as malicious IP addresses (Bots and spamming) by the major threat intelligence providers (both at the time of the blocking and at the time of the whitelisting request ).
The supplier, a small system integration company, has been working for this customer for several years and has never made available a budget to devote to security interventions and avoid situations of “bad reputation”.
The supplier presses for the opening of the IP otherwise this would cause the postponement of the expiry times foreseen for the end of certain activities to be postponed. However, the IT Security function, of which I share the thought, believes that allowing similar connections, by companies that do not take care of their culture to cyber Security, would cause a reputational loss of their brand. First of all, it is the supplier’s responsibility to protect their systems (and avoid obtaining a bad teputation of their IP) so as not to suffer damage to their brand, and also to follow the customer who might decide, so as not to also suffer damage to the. own brand, to use only certified customers who do not enjoy a sub-optimal reputation.What do you think? Which side are you on?
Allow the supplier to work without delay despite the bad reputation (although there have been no malicious activities detected by these IPs in the customer’s network) or block the job until the supplier adapts to certain security requirements?I’d like to know your opinion to increase the know-how in Cyber Security 😀
Bye
-
Replies
-
-
-
1) “Allow the supplier to work without delay despite the bad reputation (although there have been no malicious activities detected by these IPs in the customer’s network)” = IMO, hindsight is 20/20 🙂 This statement is true only until some new malicious activity is detected by those IPs.
2) As you mentioned, it’s a large company in the financial sector = even if possibility of security breach is less (considering those IPs did not do any malicious activity recently) it’s still an open & known risk item. Usually if there is financial impact in not whitelisting them, then there is usually a paperwork involved do get exceptions or sign-offs to go ahead, please check if such option is available. Basically option where you and your team is acknowledging the risk, but stakeholder/business is ready to sign-off on it because of financial impact, and this is only until a long term solution is developed; so usually this paperwork is valid only for this transaction or only for certain days.
3) Lastly if you have informed vendor multiple times and no remediation done on their side, then I would recommend not to whitelist their IP and take this opportunity to get it fixed on their side.
Good Luck!
-
You must be logged in to reply to this topic.
