by David Nagrosst, head of sales for Cyxtera Technologies in Asia Pacific, Australia and Japan
Recent developments in applications have rendered the firewall outdated and incapable of deciphering the good and trusted from the bad traffic. Without a doubt, the firewall era has come to an end.
The onset of death.
There are those who are still clinging on for dear life to firewalls by saying that there are renditions of next-generation features. It doesn’t, however, change the fact that firewalls are still only perimeter protection devices and are limited to applying security policies against visible packets that travel through them. Agile businesses have moved to the cloud because of its scalability, efficiency and reliability, amongst other benefits. As the cloud becomes increasingly common and the data deluge shows no signs of slowing down, the good old firewall is simply no longer sufficient for protecting the highly distributed assets of the enterprise.
In other words, firewalls are only about as good as traffic cops when a security threat requires a well-coordinated SWAT team these days. Yet another analogy is the current firewall is as antiquated as trenches, concrete fortification, barbed wires, and machine guns in modern warfare.
But as with any new adoption, the cloud is not without disadvantages, particularly when it comes to security. One of its biggest pros – accessibility at any time and from anywhere – is a double-edged sword as it is also one of the cloud’s biggest security loopholes.
The triple threat.
If your organization has chosen to jump on the cloud bandwagon, here are three of the biggest security breach risks that you should be aware of, and what you can do to mitigate them:
An increased reliance and sheer amount of internet facing applications and servers means there is a larger likelihood of a vulnerability occurring – all it takes is just one unpatched or misconfigured system. It comes as no surprise that common vulnerabilities are still an attractive attack vector for hackers to gain access to sensitive data. The severity of potential damage tends to depend on the sensitivity of the data exposed – something that Equifax customers recently found out about painfully first-hand. Breaches involving health information, trade secrets, and intellectual property can be devastating for the affected brand.
So what can organizations do? While cloud providers typically deploy security controls to protect their environments, organizations are still accountable for securing their own data in the cloud. One way to curb data breaches is to employ multi-factor authentication, encryption, and better protection between application and data tiers.
It just takes one employee to fall victim to a phishing or spear phishing attack for the entire company’s data to be breached. While account hijacking sounds so elementary, it is in its simplicity a huge concern in the era of the cloud. Lost or weak passwords, phishing, and the like, can easily lead to the exploitation of the loss of control over a user account and act as a base to compromise other systems from the inside. Malicious intruders with this control over user accounts can easily spy on or disrupt transactions, manipulate data, compromise systems further, provide false responses to customers, and redirect customers to a competitor’s site or inappropriate sites. The possibilities are endless and detrimental to one’s business.
It is advised that companies implement strong two-factor authentication techniques and stress the importance of security to employees through more effective security awareness training using gamification – making it fun and easy to remember best practices such as having strong passwords and changing them frequently, not sharing passwords or writing them down, tailgating violations to ensure physical security, to identifying and not falling victim to phishing attacks.
As almost every cloud service and application now offers APIs, the security and availability of cloud services – from authentication to encryption and activity monitoring – naturally depends on the security of the said API. The size of risk increases with third parties that rely on APIs and build on these interfaces, as this normally means the exposure of more services and credentials by companies.
As APIs tend to be the most exposed part of a system because of their accessibility from the open Internet, it is recommended that threat modelling applications and systems, including data flow and architecture/design, become important parts of the development lifecycle. Security-focused code reviews and rigorous penetration testing are also highly recommended. Of all the security threats mentioned here, this is probably the one that requires most due diligence and is the most difficult to identify.
Using a strong defense strategy to counter cyber threats and data breaches.
So you think you’re covered and safe from the above with your best practices? Think again. Every personal and business computer is connected to the internet these days, which puts people and companies in harm’s way for cyber attacks. The rule of thumb is: the larger the corporation, the more dangerous a threat can be. This is where several solutions need to be implemented and integrated together for a better defense strategy against much more sophisticated cyber warfare. Solutions such as:
Software Defined Perimeter: also known as “Black Cloud,” device posture and identity are verified before access to application infrastructure is granted on a ”need-to-know” basis. Applies principles of least privilege and encryption to significantly reduce the attack service and eliminating server scanning as well as sophisticated packet injection and man in the middle attacks.
Deception Technology: These camouflaged malware traps (a.k.a “honeypots”) are inserted into an organization’s systems or databases. This helps security systems easily identify attackers as no legitimate users will have a reason to engage with the honeypot. The unusual activity is immediately flagged and reported and the prevention system is alerted. The idea is to lead hackers to what appears to be important corporate information and away from the company’s actual assets. In other words, a decoy. By implementing them, companies gain an advantage through analysis and forensics of attacks that do occur, which can then be used to help defend against future attacks before they happen.
Incident Response: Cyber threats are identified and intelligence gathering is performed for thorough analysis. This is not to be confused with simple remediation, but rather, by using log collectors, machine learning, reduction of false positives, security experts can more effectively focus on high-value tasks. Outsourced managed security services can help provide small to medium-sized companies with a larger and deeper dense expertise and capabilities that would typically be too expensive to hire on their own with the added benefit of learning about and defending against attacks on many customers.
Red Team: Mock battles going beyond typical pen tests and code reviews, security awareness training, and third-party audits. We need to ensure our security teams defending the enterprise and data against attack are ready for battle and for that we should be assembling skilled teams or working with partners to develop a strategy long used by the military – mock warfare.
The proposed high-level strategy and the objectives:
Objective 1 – Reduce the attack surface and force the attacker towards a softer target which is a trap.
Objective 2 – Detect intruders faster to reduce or eliminate the cost of data breaches by implementing traps.
Objective 3 – Narrow the field and clear the noise for Incident Response, “observe and respond” operations to be more targeted and effective.
Objective 4– Leverage a Red Team and mock battles to identify weak points and improve the state of readiness.
To combat modern cyber warfare, we need to look at our defenses as part of a military strategy where our very existence is at stake and quite frankly that is exactly where Equifax, a company founded in 1899 is right now, fighting for its very survival after its massive breach leaves over half the US population exposed to identity theft and exposed itself to litigation, reputational damage, and lost business.
David Nagrosst – the head of sales for Cyxtera Technologies in Asia Pacific, Australia and Japan – is an CISSP Qualified IT Security Expert with 20 years+ demonstrable experience in business, sales and providing IT Security, Cloud, and Datacenter Solutions to Organizations from Start-up to Fortune 150. He provides strategic, operational, business (PNL) and sales leadership to high-performing teams in sales, pre-sales solutions, consulting, engagement and bid management, leading senior teams in Singapore, Hong Kong, China, India, Japan & Australia.