Most breaches and attacks do not happen quickly and violently. They happen stealthily over time, with threat actors lurking inside your network for months at a time, performing reconnaissance and looking for your most valuable and sensitive information.
“In fact, the perimeter, although much security spend is focussed on it, is no longer a single space. The attack surface is wide and diverse, leaving many opportunities for hackers to find their way in,” says Lutz Blaeser, MD of Intact Software Distribution.
Bearing in mind the breadth and nature of the attack surface, Blaeser discusses some considerations that security professionals should think about going forward. “Make sure you are securing the right boundary. The fact is today, computing stacks are distributed, mobility is a huge trend, and cloud architectures are the norm. This has made security practitioners rethink the basic elements of perimeter security. If you only focus on the edge, or traditional perimeter, you cannot hope to adequately defend your organisation. Security efforts must be focussed on new applications, BYOD and cloud computing too.”
Secondly, he says security should be built in from the ground up, not added on as an afterthought. “Security must be an integral part of the application development cycle. Today’s organisations rely more heavily than ever before on applications and agile development. Security needs to keep up with this, and it can only hope to do so if it is factored in from the word go. It is ridiculous to assume you can build apps in a distributed computing environment, and then rely on a fixed security model that focusses on the perimeter, AV or infrastructure control points.”
Lowering complexity is also a good idea, says Blaeser. “Businesses that maintain firewalls with hundreds and hundreds of rules aren’t just creating more work for themselves, they are flirting with serious security risks. Rule-base complexity is a major factor when it comes to configuration errors, conflicts, redundant rules, and of course threats. Enforcing security by employing network-based appliances depends on directing traffic from the workloads to the particular point of enforcement, where the IP-based firewall policies are put into place. These policies and rule bases can become highly complex, as they vary according to motion, scale, and change in the data centre.”
These rules also become outdated very quickly, as it is virtually impossible for the organisation to keep up with the manual configurations needed to make all the changes in the underlying infrastructure. “This amount of work, and the attached complexity can lead to errors, resulting in significant security risks to the business.”
Blaeser advises that monitoring and visibility are also vital elements in securing the business. “Thorough monitoring can help identify any anomalous behaviours and policy violations, and alert the security team to them before it is too late. This can help prevent infection from the early stages of an attack, reducing any potential fallout for the business.”
Remember, he concludes, that security needs to be a part of the bigger picture and designed and implemented to meet the complexity of today’s computing environments.