Jason Dover, director: product line management at KEMP Technologies explores the security imperative for today’s complex networks.
It is every CISO’s worst nightmare – the phone call in the middle of the night to say that a security breach has occurred. For the rest of us, we have come to accept the daily headlines about data thefts and cyber-attacks – ranging from teenagers getting their kicks from hacking major corporations to organised criminals and state-sponsored cyber terrorists.
So what can be done to avoid the unwanted attention? With today’s increasingly complex, disparate and virtual networks, having an overall view of what it takes to build and maintain a secure infrastructure is essential to keep businesses up and running safely and securely. This is not a simple task but fortunately, a plethora of solutions exist. Whether you choose an integrated offering such as a UTM (Unified Threat Management) device or a cloud-based security suite, or you prefer a mix of complementary best-of-breed products, it is just possible to implement good, comprehensive security controls – for any size of company.
But fuelled by an explosion in connected data and compute resources, attackers are becoming more sophisticated in their mission to access sensitive data. The advanced persistent threat is not against a single piece of technology, but instead looks for the weakest link, from the application software itself to computer, storage and networking stacks.
Traditional techniques, such as firewalls and anti-virus are no longer sufficient to protect the ever-expanding attack surface. As such, when it comes to protecting the network, one could argue that a ‘defence in breadth’ strategy is required to complement the traditional ‘defence in depth’ approach.
Any application exposed to the Internet needs to be protected from unauthorised users and an increasing variety of attack vectors and should also be prevented from leaking sensitive data.
The Open Web Application Security Project (OWASP) is focused on increasing the protection of Internet-facing applications and the OWASP Top 10 is recognised as perhaps the most significant set of threats known against network based services. A typical approach to mitigate such threats is to deploy a Web Application Firewall (WAF). One advantage of this is that if a vulnerability is found in an application and a software patch is not immediately available, a new WAF rule can be added in real time to ensure the application is protected. In fact, services exist to provide regular updates to a WAF to ensure continuous protection. This can simplify the overhead of having to maintain effective security, especially for smaller companies.
But it’s not only applications at risk. Users are also at risk and in turn, the network itself is at risk from users. Basic education on how to protect personal information and avoid common pitfalls such as phishing and malware can help, but the sophistication of assaults on users is increasing all the time. Simple passwords are no longer adequate and need to be replaced with more secure multi-factor authentication. Malware detection is then required both within the network and on the huge variety of end user devices. Given the number of different operating system versions and rapid release cycles in the phone and tablet world, the topic of BYOD requires significant attention, especially when compliance to legislation such as that found in healthcare and finance is required.
Network infrastructure itself can also fall victim to malicious or accidental actions of network administrators. Simple misconfiguration can result in exposure of data, performance impact or even a complete outage. On a more sinister level, seemingly innocent devices seeded with malware can allow almost undetectable access and subsequent exfiltration of data. This is where advanced analytic techniques can be used to identify anomalous behaviour and provide a warning that the network has been compromised.
But if you thought the end was in sight, emerging paradigms of the software defined network, data centre and the cloud are introduced yet more challenges to maintaining security. Whereas the data centre and its associated networks were traditionally fairly static and slow to change, SDN and related technologies are far more dynamic. More devices and more data means more risk and the physical security of the network is more important than ever before. The good news is that strong security is now seen as an imperative for network protection and not just an afterthought.