Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

The Willie Sutton Theory of Cyber Security

“Why do you rob banks?”—Reporter

“Because that’s where the money is.” —Willie Sutton

“Why do you rob banks?”—Reporter

“Because that’s where the money is.” —Willie Sutton

Despite the enormous attention on data breaches and cyber attacks, relatively little focus (and investment) has shifted to the principal scene of the crime, the servers and storage devices that manage and safeguard the vast bulk of a company’s or government agency’s data.

Whether this data resides in the compute layer in traditional enterprise data centers or, increasingly, in new cloud computing environments such as Amazon Web Services or Microsoft Azure, it is self-evident that perimeter-centric technologies such as firewalls, IDS/IPS, and APT/malware detection systems provide limited value in addressing internal InfoSec issues. If vaults deep within the building protect banks from bank robbers, why do so many security professionals focus so much attention on their data center’s front door?

It’s time to sharpen our focus to prioritize and secure critical information assets at the source, not only at the perimeter. This becomes even more important—and challenging—as we exit the well understood and fairly static client-server era and move to today’s computing environment, where applications and infrastructure have become more dynamic, distributed, hybrid, and heterogeneous. Much of what has made application development organizations more agile—orchestration, RESTful APIs, GitHub—has had a dark side from a security perspective. Increasingly, multi-tier applications are distributed across multiple environments to optimize cost and processing capabilities—e.g., ecommerce, Hadoop—and the notion of the perimeter as the control point can no longer be assumed.

Irrespective of where computing is running, we have to better understand which assets the Willie Suttons of the cyber world would target and develop a strategy that ringfences them off from other, less strategic assets.

Hybrid data center security

Following is a three-step process for better segmentation of high-value assets:

Step 1. Comprehensively understand your compute environment – You cannot secure what you cannot see. Better security requires a comprehensive mapping of all workloads and network flows. Moreover, this is not a one-time activity, but rather a continuous requirement. Security leadership must move rapidly toward continuous monitoring of compute and network activity.

Advertisement. Scroll to continue reading.

Step 2. Create a segmentation model that ringfences high-value assets – While all data is important, not all information assets are created equal. If you are a bank, a breach of the cell phone numbers of key employees would be an uncomfortable exposure. Access to top customer accounts and passwords would be dramatically more severe. Security teams must first put the most focus on locking down critical assets from more general compute resources.

Step 3. Create a zero-trust model for high-value assets – Traditional network segmentation models are fairly coarse-grain and create an enormous attack surface for bad actors. If there are 100 hosts on a VLAN, compromising one would lead to a “Typhoid Mary” scenario where the other 99 are exposed. Traditional network segmentation schema—including firewall blacklists, and VLANs/zones—are difficult to maintain in dynamic environments and leave too much attack surface available to hackers. More-focused whitelist models and encryption within and across the data center and cloud can support a zero-trust model for server-to-server communications.

Rethinking security for the interior of your data center (or public cloud) could reduce the trade-offs you’re making between security posture and agility while helping your organization adapt to the new realities of dynamic computing and cyber risk. At the end of the day, catching bank robbers is far less valuable than preventing them.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.