Mohammad Jamal Tabbara, Senior Systems Engineer – UAE and Channel at Infoblox, says organisations should not be fooled into thinking there is a ‘silver bullet’ for preventing cyberattacks but instead look to implement a ‘unified defence’.
Enterprises of all sizes are falling victim to very determined malicious actors whose motivations range from financial gain to government sponsored campaigns. The threats are not limited to commercial enterprises but have significant impact on civilian and non-civilian government agencies.
The nature of what organisations must address has changed dramatically over the past decade. The threat surface has expanded significantly, the nature of the threats is evolving at an unprecedented rate and the complexity of what makes up an organisation has grown.
Organisations have migrated from having a tightly controlled network with endpoints and devices provided by the company to one where the very definition of an endpoint and device is changing, driven by the proliferation of the Internet of Things (IoT), organisational policies to allow employees to bring their own devices on the network (BYOD) and the adoption of private and public cloud deployments.
The definition of a network has changed too, it is no longer a walled garden but an amorphous structure where users can access organisational resources from anywhere, anytime and from almost any device.
To counter these factors, organisations have started implementing solutions to address security. However – this might be a disappointment to several of you but reflects reality – there is no silver bullet.
There is no single solution that can address all security issues. A ‘defence in depth’ approach did not come about by accident but is based on the determination that while you might need a thousand solutions in your network, you need solutions that address different aspects of security.
You are not alone. Your networks have changed significantly and you have multiple solutions. That establishes a baseline. The question is what can organisations do differently to be better prepared. Here are some suggested best practices.
This means understanding your capabilities and risks. Just understanding the impact of being breached in terms of cost, downtime and reputation of the brand will help you prioritise what actions to take.
Develop a clear picture of the key assets you have, where they are located, who has access to them, identify the most critical assets. In the digital age, data is king so knowing which devices have access to your data is key. Note that data is not just the domain of the large enterprise but a reality for every size and type of organisation. This assessment will lead you to the determination of what makes up your organisation.
Examine your architecture
With the proliferation of IoT, adoption of BYOD, growth in use of virtualised environments and adoption of public and private cloud infrastructures – all require that you step back and examine how you architected your core network. Focus on the outcomes you desire while you examine the architecture – is your network architected to maximise availability and ensure continuity even if it is under attack, have you secured your data paths to make sure you are protecting every known avenue that can be used to steal that data, does your protection extend to the physical and virtual elements in your network.
Do a process inventory
Technology is a key element to addressing security challenges but technology is part of the solution. People and processes play an equally important role in maintaining a robust security posture. Developing an understanding of how sensitive information is handled, who has access to sensitive information, your internal policies on how you treat sensitive data, policy enforcement mechanisms and ongoing training of personnel handling sensitive data must be part of the overall solution.
Start by addressing the basics
Often organisations invest in the latest and greatest technology and buzz word driven solutions. Sometimes there is a perceived correlation between ‘high end solution’ and impact. But there is a difference between perception and reality. Organisations must start with the basics.
Institute best practices
Like I said above, people and process are a critical component of addressing your security posture. Make sure you have instituted best practices around passwords, patching your systems with the latest updates and keeping up to date with your hardware and software.
Address the core of your network
Organisations that have adopted a defence in depth approach have done so for several critical applications like e-mail, web traffic and endpoints. Often, they ignore the core of their network – the basic systems that allow access to applications and services on their network. In other words, core elements like DNS, DHCP and IP address management, often referred to as DDI.
Too often organisations rely on internal expertise but budget constraints and the availability of trained security experts constrain their ability to have the extensive coverage they need. Help comes in many forms, technology and external expertise. Augmenting the team’s skill sets with the latest development in technology that allows automation and leverages machine learning to drive better insight into threats is key. Relying on security expertise from organisations that specialise in security is often underutilised.
Unify your approach
Make sure that all the elements of your defence in depth approach work in unison. This means that when one system sees a vulnerability that information should be shared with the other parts of the infrastructure. Whether that information is an indicator of compromise or threat intelligence – the information should be shared.
For example, if your DDI infrastructure identifies a new device on the network, that information should be shared with a vulnerability scanner so it can scan the device to ensure its integrity. While the information in isolation is useful (a new device on the network) it is becomes actionable and has more impact when it is shared with other parts of your infrastructure. Of course, this requires that the vendors you select have an open approach and have built their products with the ability to share information with other parts of your infrastructure.