Addressing the Threat Within: Rethinking Network Security Deployment

By Gigamon

Introduction
Cyber security breaches are happening at an industrial scale. The unabated volume of cyber breaches along with the scale and magnitude of the breaches is forcing the entire industry to re-think how cyber security gets deployed, managed and addressed. At the heart of this change is a fundamental shift in the assumptions and the model under which cyber security has been operating. The traditional model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be woefully inadequate at addressing malware and cyber breaches. Some of these are outlined below:

  • Perimeter Based Security: The traditional cyber security trust model was based on simplistic assumptions of creating a perimeter and ensuring that what was outside the perimeter was unsafe and what was inside was considered secure. That perimeter security typically consisted of a firewall at the internet edge and endpoint security software such as an antivirus solution, at the user end. However, most of the perimeter firewalls and endpoint security software solutions leverage rules and signatures to identify malware. In today’s world, many of the cyber breaches exploit zero-day vulnerabilities. These are vulnerabilities that have been detected but for which no patches exist in various pieces of software or for which no signature or rule exists as yet. Consequently it is increasingly difficult for traditional perimeter-based solutions to prevent malware and threats from breaking in.
  • Simple Trust Model: The traditional cyber security trust model was based on a simple trust model of employees being trusted and everyone else being not trusted. However, in today’s world where employees are using personal computing devices, such as smart phones for business needs, or where the work force consists of employees, consultants, contractors, and vendors, all of whom access an enterprise’s network and IT resources, that simple trust model breaks down and the source of a threat could just as easily be an employee or contract employee. Additionally, the traditional trust model also incorporated the notion of IT-owned assets that were considered trusted as they had the right build of software and anti-virus, among others. However, today employees use not just IT-owned assets but personal assets such as personal laptops, tablets, and smart phones for business productivity. In other words Bring Your Own Device (BYOD) is increasing productivity, but breaking down the simple trust model assumptions.
  • Static Environment: Traditionally, security appliances were deployed at fixed locations. This included firewalls, intrusion detection/prevention systems (IDS/IPS) and other malware detection and prevention systems. Typically these would assume a fixed perimeter or a set of fixed “choke” points at which traffic was expected to traverse and consequently be monitored for threats. However, with the mobility of users, devices and applications the predictability of traffic patterns has diminished. Additionally the adoption of the cloud has extended the edge and perimeter boundaries with the ability to dynamically burst capacity into the cloud on-demand. This is making the workplace a far more dynamic environment with far less predictability on where the boundaries and choke points lie. Consequently, the ability to consistently and comprehensively identify all threats based on the static deployment of security appliances at fixed locations has been severely impaired.

Despite the breakdown in some of the traditional assumptions outlined above, a lot of enterprise security architectures still rely on them for preventing network breach. Additionally, the very nature of cyber threats has also evolved significantly over time. In the past, once a worm or virus breached into a network it would propagate quickly and do as much damage as possible in as short a time as possible. This made it possible to detect worms and viruses more quickly due to the footprint they left in the wake of their disruption. Today’s threats have evolved to become far stealthier, more sophisticated and destructive at an industrial scale. Many of them are grouped under an umbrella called Advanced Persistent Threats (APT). These APTs are the source of many of the recent large scale breaches. They tend to employ a variety of sophisticated methods to compromise the network and take up residence there for long periods of time, hence the name: Advanced Persistent Threat.

 

Read Full Article

Advertisement

Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.