The days of defending the perimeter are over. Look at what happened to a major retailer in late 2013 as an example. Someone posing as a trusted contractor was able to enter the retailer’s network and do all sorts of damage — to the tune of 40 million compromised customers. This attack occurred because the retailer wasn’t looking at insider threats carefully enough.
Indeed, the perimeter has become more and more porous, and network defenses based on this traditional barrier are no longer enough to protect an organization’s business interests and objectives. Instead, security must be enforced at an increasing number of points, and using a variety of different tools and techniques.
Following are four things organizations should focus on as they work to bolster their overall security and keep pace with the moving line of defense.
1. Cloud considerations
How do you help protect virtual servers that are running SaaS and cloud-based services? As organizations move more fully to the cloud, they need gear analogous to what is used for traditional server-based systems. The difference is that the cloud demands specialized equipment that can recognize the virtual machines that are running there and protect them accordingly. For example, an ordinary intrusion detection product would flag servers coming and going, but this would be normal behavior on a hypervisor running lots of virtual machines.
There are many products that can help companies bolster their cloud defenses — including virtual IPS solutions — and some can even coordinate defenses with firewalls inside the enterprise. This area is going to see lots of attention moving forward as software-defined networks’ capabilities increase.
2. Complexities of app-based threats
When thinking about network security, it’s important to understand the changing nature of applications and how end users interact with them. Look for next-generation security products that have more granularity when it comes to detecting oddball behavior. Examples might be multiple people posting to the same Facebook account from inside your network, or a sequence of database queries that come from the same network segment in Estonia.
Firewalls have gotten better at looking at application-based threats. They also can be used to limit how your staff can access social networks. For example, you can set up a firewall rule to allow employees to read your Facebook news feed, but block them from posting to the social network from work computers. Most traditional firewalls have these advanced features, but some firewall vendors have incorporated specialized application behaviors into their products.
3. Security and the Internet fabric
It’s important to understand just how big the cyberthreat is becoming. The bad guys have armies of PCs around the world at their disposal, poised to launch attacks on your network. Security providers have gotten smarter about detecting suspicious activity. They all monitor major Internet peering points and can put appliances on premises to determine when a zero-day threat is about to happen. These tools can also geo-locate the sources of the threat and blacklist IP addresses that are the source of the attacks.
4. Internet domain or IP reputation management
Firewalls with Internet domain or IP reputation management capabilities provide insight into the kind of traffic traversing the network. While these tools aren’t perfect, they give organizations a running start by showing what kinds of attacks are coming across the Internet. Most firewall vendors have their own reputation management services or can work with third-party providers to add this feature.
Security has never been easy, nor has it ever been effective to just “set it and forget it.” Today, however, the pressure to get things done quickly in a fast-moving economy, along with threats coming from all sides, make security professionals’ jobs incredibly challenging. And that’s putting it mildly.
Is your organization looking at security requirements and resources with fresh eyes in the context of the moving line of defense?