COVID-19 , Endpoint Security , Governance & Risk Management

Exposure Alert: Unsecured Internet Protocol Use Persists

While Rapid7's Tod Beardsley Sees a Decline, 'It's Still Not Good Enough'
Tod Beardsley, director of research, Rapid7

How has the COVID-19 pandemic - and the subsequent lockdown and job losses - affected the character and composition of the internet?

See Also: SASE: Recognizing the Challenges of Securing a Hybrid Workforce

Tod Beardsley, director of research at Rapid7, says that was one of the top questions posed when his firm took its latest look at the prevalence of outdated and unsecured internet protocols and internet-connected devices, as described in its National Industry Cloud Exposure Report for 2020.

The good news: "Generally speaking, the internet, as far as exposure goes, has gotten better," he says. In particular, researchers saw an overall decrease in the use of telnet and SMB, an increase in the use of SSH instead of telnet, as well as an increase in using DNS instead of TLS. In addition, the long-expected "tsunami of awfulness" that researchers have been anticipating with internet of things devices has yet to emerge, he says.

The less-good news, however, is that "things on the internet have gotten marginally better, but it's still not good enough," he says.

In this video interview with Information Security Media Group, Beardsley also discusses:

  • The effect that the pandemic has had on the use of unsecured protocols and services;
  • The continuing problem of outdated, unpatched systems;
  • The widespread, continuing exposure of console applications - including remote desktop protocol - to the internet with insufficient security controls;
  • The importance of using two-factor authentication, IP allow lists, encrypted versions of plaintext protocols and "baking in patching."

Beardsley is the director of security at Rapid7. He has over 20 years of security experience, having has held IT ops and IT security positions at organizations that include 3Com, Dell and Westinghouse. He's been a featured speaker at security and developer conferences on open source security software development, managing the human "Layer 8" component of security and software and reasonable vulnerability disclosure handling.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.