IT Focus Area: security
August 17, 2015
Security on Both Sides of the Perimeter
Security breaches are inevitable. Companies should shift from aging mindsets and predictable tools to comprehensive prevention, detection and response capabilities in order to neutralize potential damage.
In this three-part series, we’re exploring today’s IT security issues from different perspectives:
1. Core infrastructure security and threat and vulnerability management
2. Data protection and identity and access management
3. Security program governance and application security
Part One: Security on Both Sides of the Perimeter
At the 2015 RSA conference, there was a virtual explosion of shiny new security solutions. With more than 500 providers exhibiting, it was a head-spinning reminder that nothing lasts forever, especially in technology. Every time you turn around, the latest-and-greatest technology has just been replaced by something newer.
Technology has been forcing us to adapt throughout history. What’s different today is the unprecedented rate of change in the tools at our disposal, and the heightened demands of users. This acceleration of change is pushing IT security to make changes at an alarming pace. Until recently, security perimeters clearly separated the corporate workspace from the Internet. Inside systems were “trusted.” Anything outside was “untrusted.”
Times have changed.
Social networking, cloud services, mobile devices and the Internet of Things (IoT) are blurring boundaries and increasing vulnerabilities. Multiple remote-access techniques have attracted cyber attackers in droves as employees access corporate data wherever, whenever, and however they choose. In response, companies have to change not only the systems they support to provide functionality, but also what they use to protect data. And—most importantly—they should shift their mindset.
If they don’t, they’re risking the integrity of their business, the support and financial well-being of their customers, and—as the 700 New York Times articles devoted to data breaches last year demonstrated—they’ll probably end up making the wrong kind of headlines.
Something Old + Something New = Something Better
Despite the pace of change, it’s important not to forget that when it comes to IT security, the past is never dead. Along with new security threats, the threatscape is full of old problems—such as known attacks and network misconfigurations. That’s why a successful security strategy for protecting data doesn’t lose sight of perimeter defenses and core infrastructure security controls.
Some experts argue that the security perimeter has dissolved to the point where defenses are basically a lost cause. That’s not true. Just because you can’t build a perfect perimeter anymore doesn’t mean you should stop trying, and focus all your attention on the shiny new thing. Services such as professional architecture assessments can help you address the core of your security program by evaluating the design of your network architecture and its maturity, making sure it’s up-to-date and in line with your objectives.
From a controls’ perspective, security perimeter defenses have evolved and expanded with the advent of behavior-based intrusion detection and prevention systems, network access control, secure web gateways, and distributed denial-of-service (DDoS) protection systems. Firewalls now have “next-generation” capabilities, and provide sophisticated application-layer security.
Because the “bad guys” continue to remain undetected on networks for months—the most recent average reported by the Ponemon Institute was 256 days—threat and vulnerability management is now critical to protecting your company’s network perimeter where devices and data meet. Cyber attacks often take advantage of basic security vulnerabilities, such as poor patch management, weak passwords, web-based personal email services, and a lack of end-user education and security policies.
Vulnerability and other threat assessments in conjunction with security analytics (SIEM, user behavior analytics and big data analytics), security monitoring (network forensics), network-based malware protection, and operationalized threat intelligence can help you identify true threats to your business, and strengthen your first line of defense.
Traditional security controls work well in conjunction with the “latest and greatest,” and each has its role. Only by layering these protections both inside the perimeter—with controls that focus on keeping content safe—and outside, can we hope to gain true visibility into enterprise environments, and effectively defend data.