Security discussions today seem to start as a ‘them vs. us’ conversation; good guys and bad guys competing to stay ahead of each other. When we were working inside well-defined architectural lines this was fine, but the world of computing has changed. Network and cloud are merging together, what was the physical network can now be in the cloud and vice-versa. In turn, this means that there are no longer clearly defined battle lines between good and bad. Attacks can be launched from, and to, the cloud, and attackers can easily masquerade as ‘good guys’ in order to gain control of compute and data resources.
Embrace the Unfamiliar for Total Security
Traditional security always started at the perimeter of the network with the installation of a security appliance as a first step and then the addition of layer 4-7 security services to spot and protect against more advanced attacks. This method has worked well but the network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. We are used to protecting traditional user-interfaced physical endpoints including laptops, mobile phones and tablets, but today’s enterprise is more than just these devices.
• IoT and IIoT devices often have no user-interface and do not always include built-in security, putting them not just at risk from attack – but at risk of being used in attacks. The Mirai botnet of 2016 is a great example of how this can happen, and this threat remains relevant in 2019.
• The Cloud is an agile and fast-moving environment containing server workloads, cloud-based SaaS applications and micro-services; security needs to move as fast as the cloud to ensure that data and endpoints are protected from new and evolving threats targeted into this space.
However, for many enterprises, this is where the challenge starts – they have a hard-working security team managing data from multiple security solutions whilst at the same time attempting to balance training needs against business requirements. With so many plates spinning, it is an unfortunate truth that at some point an alert is likely to be missed.
What can be done to keep ahead of the cybercriminals and give business an advantage?
Leverage the Tools you Have
For many, the first step has been to look at the security solutions in place and work to leverage them more effectively. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Products that work better together, analytics and automation are all critical to simplifying the job of the security team and helping them spot incidents faster in order to prioritize and mitigate threats.
Why not better leverage the network for security enforcement? It forms the digital heartbeat for any business. Every email, spreadsheet and diagram traverse the corporate network, which is changing rapidly as organizations adopt cloud, mobile working and new technologies such as 5G to maintain agility and competitive advantage. One way in which security can be expanded beyond traditional firewalls and solutions is by injecting visibility into devices which would not traditionally be considered, including routers, switches and access points.
Routers sit at the edge of the network and see everything. With the ability to turn away bad traffic based on configured knowledge of ‘what is good,’ these devices can be better leveraged for security by providing the ability to shut down attacks before they can gain a foothold on the business:
• Adding security intelligence feeds for network blacklists and blocking command and control traffic, effectively turning away attacks at the edge of the network and freeing up resources on Next Generation Firewalls which can then be better focused on targeted or unknown threats.
• Preventing volumetric DDoS attacks, which have changed significantly in recent years – where the target used to be an entire network, now advanced DDoS attacks target business applications and services to take offline, potentially causing much greater brand and revenue damage.
The Power of Automation
Automation is a powerful tool for managing the security posture of switches on the network. At some point a threat will gain access, whether it’s ransomware from a spear-phishing attack or something more advanced. When this happens, the ability to recognize and quarantine infected devices is essential. Automation tools can create dynamic security policies for pushing out commands to switches and moving infected devices to a quarantined network and mitigating the threat as fast as possible.
Putting things simply: The best way to stay ahead of threats while enabling business agility to keep up with the latest technology advances is to look to the network as the first line of defense. It is important to leverage existing security solutions to improve security posture, but by considering non-traditional network endpoints as part of the solution it also becomes possible to recognize and mitigate threats close to the edge while freeing up resources on more traditional security devices. This will lead to an increased focus on spotting and protecting against more advanced or targeted attacks, leaving your organization ready for whatever looms around the corner.