As information security professionals, we spend a lot of time thinking about what security products are the highest priority. But as most of these decisions are mired in the nuances and details of the modern enterprise, I’d like to simplify things by bringing us back to a favorite childhood game: What would you bring on a deserted island?
It’s not an easy question to answer in a time when security threats are changing every day in the cat-and-mouse game we’re playing with attackers. For every new threat and attack vector, there is a new company promising the “solution.” This cycle incurs the need for security decision-makers to think about hypothetical scenarios like the “deserted island” in order to prioritize where their budget will provide the most value.
So in choosing just one of these products, we must consider what will protect the widest variety of information in the most effective way—technology that can span a wide, distributed network to block multiple kinds of attacks. There are a few ways to go about this, so security practitioners will always have multiple options when choosing their “deserted island” product.
End-to-end encryption
Securing the largest quantity of information possible means starting with the data itself. Whether the data in question is stored in your physical data center, the cloud or a third-party storage service, effective encryption and its management are central elements to shading it from attackers (not to mention maintaining compliance). This means granular encryption wherever your data is, coupled with tight access control.
Furthermore, encryption pays dividends in the case that you do get breached. With sophisticated enough encryption, even if data is stolen, hackers will find themselves with a useless pile of indecipherable information.
One caveat: the capability to decrypt encrypted traffic for monitoring and management is still crucial. We can’t forget that threat actors often use the same infrastructure we do to obfuscate their malicious payloads. In fact, accordin to a recent survey, nearly half of cyberattacks have been found to use encrypted traffic to avoid detection.
Robust endpoint protection
Vendors across the security industry continue touting the end of the traditional perimeter. Amid this noise, it’s hard to pinpoint who has the best understanding of this issue and, as a result, can provide the best solution for organizations’ ever-growing attack surfaces.
It’s true that the cloud, connected devices and mobility have made it so that the traditional boxed-in enterprise is no longer the norm. Sensitive information now lives wherever it’s being generated and accessed, down to and including a remote PC or a mobile device. Many new smart devices are also being deployed across networks that have poor security controls. Recently, security blogger Brian Krebs’s site was taken down by one of the biggest DDoS attacks enacted by a botnet composed of thousands of poorly protected IoT devices—including routers, security cameras and even printers.
In this light, an effective “deserted island” security solution should have a strong endpoint component if it’s going to protect sensitive information regardless of geographical location or device. Moreover, the endpoints need to be hardened to deter hackers from using them as points of entry and exit as well as gateways for the exfiltration of data.
Interconnected safety measures
Web services and SaaS applications (e.g. Dropbox, Gmail and Slack) have become key pieces of a company’s culture and business operations. Almost every company now relies on them, which means they can also be a point of vulnerability – simply because they become the point at which you lose control over the applications that have access to your business’s information. There’s always the chance that the third-party companies providing web services can be compromised, putting your business at risk in the process.
In this situation, security tools are great and encryption, essential. However, with the growing number of data and endpoints moving freely throughout the enterprise, it is becoming increasingly difficult for security solutions to protect a perimeter with firewalls, IPS/IDS, sandboxes, etc. Endpoint protection and end-to-end encryption are not the end-all to network security issues on their own. More than basic controls, there needs to be increased transparency around service security, user and application behavior and network visibility. Companies deserve to know how third-party providers are using and protecting their data.
Thankfully, we aren’t on a deserted island for which we have to choose only one product to protect online information. But the exercise is important and can help security professionals better prioritize and understand which security products will make the most impact. This level of awareness is essential in an industry where every shiny new toy is cause for both panic and throwing money at the problem. It is impossible to find the cure-all for security issues as we battle creative, intelligent malicious actors. But employing encryption, endpoint protection and ensuring security professionals have a clear understanding of the products available to them is a strong start. There’s a difference between “nice-to-have” security products and “must-have” security products. The “must-haves” are critical to protecting organizations from cyber attacks.