Over the past year millions of organisations have been impacted by high profile security breaches. Tens of millions of names along with personally identifiable information has been stolen and billions of dollars in damages has resulted regardless of the increasing amount of time and money that is being invested into cybersecurity.
Majority of these breaches occur due IT teams failing to practice basic security techniques. Cybercriminals target known vulnerables as company IT teams regularly fail to patch or replace their susceptible devices. As outlined below, there are substantial reasons why performing the basics has become something that is overlooked frequently.
Networks have gotten really complicated
IT teams used to be across all the networks they could encounter, but with the change in technology to SDN, IoT, private clouds, multicloud, shadow IT, and far more, these network environments become extensive and complicated, stretching IT teams to breaking point. The time taken to understand and embrace digital transformation has seen time taken away from things like patching and repairing devices.
Visibility has diminished
Dynamic scalability has benefitted the IT world dramatically, however downfalls exist. When devices exist on your network for only minutes, doing the tasks of configuring and coordinating the application and removal of policies across multiple hypervisors, a lot of IT resources are used. This creates the issue of maintaining a working inventory of things that need to be patched up and updated. With thousands, or millions, of new IoT devices the ongoing challenge of BYOD, multiple could environments and bringing OT online, it is easy to miss the single device that is desperate for an upgrade, however this is the one device that cybercriminals are able to attack and compromise.
Visibility isn’t just about tracking devices
The knowledge of what devices and resources applications can touch, where the data lives, who has access and where the workflows go is essential. This in conjunction with offline devices, cloud based software and storage devices across multiple cloud-based infrastructures has the demand of a role within itself. This role regularly overlaps with an IT engineer that is assigned the task of preventing the network from burning down.
With the change in technology regularly releasing new software, having the most up to date tools has created an attitude that involves buying the newest and coolest security tool to plug that security hole at the time the issue presented itself. Within our networks this creates dozens of tools that don’t talk to each other or share information from a variety of vendors being used.
This generates a workload for IT teams to manage these extensive networks, with new environments, like SDN or the cloud being added the threat increases. These extensive networks are a cybercriminals favourite things to attack. Over the past few years, the time between when a network is breached to the execution of the attack – Stealing information, encrypting data etc. – has dropped from thirty minutes to less than 10. Detection of advanced threats can be measured in weeks or months, primarily because of the complexity of our networks or the lack of security devices to collaborate, leading to many attacks never being discovered. These cyberattacks then linger in your company’s systems evading detection.
Every organisation needs to consider the following six things when approaching security, especially during the chaos and time pressures of a network undergoing digital transformation.
- Assume you will be compromised
By asking the question “What happens when our network is breached?” a dramatic change in the approach to securing environment will be established throughout your organisation. This will then prompt the engineering of as much risk as possible out of your network before your first security device is deployed.
- Complexity requires simplicity
Trying to secure increasingly complicated network environments with equally complex security solutions is a commonly made mistake. A few vendors that allow you to manage different devices through a single common interface should be used to guarantee your systems aren’t over complicated. This can be done by looking for open standards and API’s that allow them to leverage your existing management and orchestration tools.
- Implement inventory and IoC controls
Tools have been developed that can track all of your devices everywhere regardless of the length they exist on your network. By using one of these tools that can not only see and keep an eye on inventory of every device on your network you should also be able to identify and rank indicators of compromise so you can make sure things are getting patched, updated, or replaced.
- Integration is king
Advanced threats often need lots of data to be discovered, from sensors to sandboxes. When a device discovers a new attack or breach, it needs to let other devices know. And not just the other firewalls from the same vendor. Everything needs to know – your web application firewalls, your IPS devices, your email and web security gateways, your wireless access points, and your endpoint clients.
- Correlation saves networks
Not only does threat intelligence need to be shared, your network needs to be able to do something about it. And once a security event is found, your network needs to able to respond in a holistic, coordinated fashion. Compromised devices need to be isolated from the network. All security devices need to be looking for the same thing. Network segmentation needs to scan for the lateral movement of malware. Your security needs to operate like a single, integrated system.
- Automate your response
The network should be able to respond to an attack of vulnerability without human intervention as much as possible. Patches should be applied, un-patchable or compromised systems should be quarantined, security rules should be updated, and systems should be hardened without relying on human beings. With the addition of things like machine leaning, the network is able to make autonomous decisions as close to the point of compromise as possible. Decisions need to be made at digital speeds to reduce the gap between detection and response as much as possible.
Companies need to plan, design and deploy a security fabric that dynamically spans the entire distributed network, even into the multicloud. This then creates an approach that enables integration, correlation and automation, even across the most distributed and complex environments.