Combating an Advanced Threat Landscape
Diwakar Dayal, VP Sales (Security), Cisco India and SAARC
The cyber world is continuously evolving. Organizations and consumers alike are witnessing complex threats which not only possess the ability to disrupt business operations resulting in information leakage and also cause serious financial losses. For instance, a recent news article reported a 19 year old boy from a small town in India successfully hacking the website of a leading Indian PSU. His rationale was to expose the loopholes in security systems - even amateur hackers such as him could access or steal confidential data from the corporate network.
This is not an isolated case and many 'ethical' hackers worldwide have revealed the various vulnerabilities that exist within corporate networks. As a result, organizations need to proactively develop strategies to maintain business continuity, provide infrastructure wide threat visibility and protection, and simplify day-to-day network management. The entire security infrastructure-network, systems, and management-must work in unison to proactively defend against a wide array of threats, and reduce the mean time to respond and mitigate them in case of an event.
Entering a transformed threat landscape
Organizations are now in a threat era which has advanced dramatically. Earlier, hackers were enticed by fame and recognition but now systems are increasingly exploited for financial gain. Hackers are adapting faster and posing serious threats even before software and operating system vendors can develop patches and workarounds. Threats have also assumed a global nature. There were news reports which stated that Sony Playstation Network underwent a security breach, which compromised the personal data of a staggering 77 million accounts. The company executives eventually apologized and admitted that they had not taken the requisite safety measures to prevent such an intrusion. Other incidents include the LinkedIn password breach and Skype which was compromised by a malicious spam. This indicated that in addition to broad-scale worm and virus outbreaks, IT organizations need to protect against network threats that are specifically designed to avoid detection and can bypass traditional defences.
Employees knowingly or unknowingly put organizations at risk by regularly flouting IT policies. Cisco's Connected World Technology Report revealed startling attitudes toward IT policies and growing security threats posed by the next generation of employees entering the workforce - a demographic that grew up with the Internet and has an increasingly on-demand lifestyle that mixes personal and business activity in the workplace. According to the report:
- About 87% of employees in India are aware of security issues when accessing corporate networks from remote locations. However, about 40% respondents confirmed lack of concern for privacy.
- About 79% of employees surveyed in India flout the company's IT policy all the time - highest in all regions surveyed
Next Gen Network Security
The need for next - gen security is but obvious. However, the "Next generation firewall" is the most commonly misinterpreted terms for next - gen network security, which might not be the right answer. Such firewalls are still relatively restricted, providing only application and user ID awareness and are unable to offer insights about the activity which takes place within an organization's network. For instance, IT can easily decipher which employees actively surf social networking sites such as Twitter, Youtube, Pinterest. However,knowing that the majority of their network traffic is result of playing games on Facebook and setting up a mechanism to curb that, is a different challenge altogether. Next Gen firewalls are also unable to offer the level of granularity required in such cases as the entire application is either completely allowed or disallowed. This also means saying no to new devices and applications.
So, it is vital to adopt a framework which allows IT to deploy a security mechanism which provides for an end-to-end network intelligence and includes information about the local network, near-real-time global threat information and helps create effective security policies.
Four mantras for creating a robust architecture
Most organizations have tools in place that can be used as a starting point to develop a robust threat prevention architecture. Technology can be introduced in phases as and when the security strategy for the company gets revised.
- Maximize the efficacy of existing security infrastructure - Most organizations have already deployed firewalls and antivirus solutions. These products help act as both the first and last lines of defence and can provide invaluable information to administrators regarding the status of the network at any given time.
- Fortify the remote sites of the organization - Remote sites; including branch and satellite offices, partner locations, and remote users, increase the chances of threats being introduced into an organization. Wireless networks, proper access control (including into the facilities), and unmanaged devices can pose challenges when trying to protect critical information and end systems. So it is critical to fortify the remote end points so as to minimise damage.
- Day-Zero Protection and enhanced Threat Visibility - Server, system, and application infrastructure protection should be fortified to protect against day-zero exploits and assure conformance to governance policies and regulations. Incremental changes to an organization's existing security technology can dramatically improve the security posture of the organization.
- Self Hacking - Self-hacking means penetration testing, security auditing, compliance testing, mock security drills etc. The testing can be against physical assets, information assets, or both. Whatever it's is called, whatever is the target, it is imperative to practice incident response.
From viruses to phishing to hijacking to intrusions, the evolution and complexity of threats must be addressed in a way that helps IT departments to make quick decisions based on the intelligence available across the entire IT infrastructure. It is important to have a network which provides accurate, detailed threat analysis, prevents, detects, and mitigate threats to help ease the burden of information overload. This helps the IT department to respond and remediate in a much lesser time span. Governance is also critical to the success of a wholesome security practice. Without formal governance, companies cannot define a clear path for moving the organization successfully and strategically from a managed world to an unmanaged or "borderless" world, where the security perimeter is no longer defined and IT does not manage every technology asset in use in the organization.