Every organization, in every vertical market today is under relentless, systematic attack from an increasingly sophisticated, if renegade, community of professional hackers.
Cisco estimates the global cybercrime market is worth somewhere between $450 billion and $1 trillion. One thing is certain: You will get hacked.
These statistics from Cisco tell the story:
Endpoints, networks, email, virtual environments, clouds and data centers. Every device and every interface in your IT environment is an access point for attack. The prospect of the Internet of Things scattering millions of hackable devices across the IT landscape adds a whole new dimension to the security threat.
The only effective approach to security is a holistic, risk-management based approach that is manageable, adaptable, resilient and responsive.
Within that context, Logicalis has identified four often-overlooked security considerations that deserve your attention. Three of them involve defending vulnerabilities that too many organizations today leave unprotected. The fourth consideration involves an opportunity to tap security data for business enablement. The four security considerations are:
Legitimate users have reasons for accessing data on your corporate networks. Employees need to get their work done, customers need to research your offerings and interact with your brand, and partners need to share relevant data so they can work efficiently with your organization. Not everyone needs access to all your data, however. And that’s the key to network segmentation.
The first step in implementing network segmentation is identifying the assets and data that are critical to running your business and then isolating them on separate networks so only people with the correct authority, and best intentions, can access them. By properly segregating the networks, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it.
This is such an obvious vulnerability that it is amazing, if not disturbing how many organizations ignore it. The much reported hack of a large retailer, for example, was made possible because HVAC contractors had access to the same network within the retailer’s environment that contained its point-of-sale systems.
In conjunction with segregating front-end customer focused networks from back-end critical networks, you need to critically review who needs to have access to which networks.
A useful rule of thumb in network segmentation is the “Rule of Least Privileged” which stipulates only giving a user privileges essential to that user’s work. Organizations that apply this rule diligently, stand a better chance of keeping their brand off the walk of shame on national news for losing customer data.
A good approach to authorizing users access to specific systems is to deny privileges unless there is a specific need for access. It may even be appropriate to block users from whole geographic regions from access to specific networks. When in doubt, deny access until convinced otherwise.
Network segmentation is a simple concept, but it would be misleading not to acknowledge that accomplishing it often involves dozens of firewalls, switches and routers and hundreds of security rules. It can be overwhelming for an IT department, even with a well-staffed network team, to segregate networks effectively while they are focusing on upgrading, patching and putting out fires.
Don’t put off closing these vulnerabilities until it’s too late, however. A security breach can start fires in your IT environment that will burn your organization all the way to the Wall Street Journal.
Your corporate networks are your organization’s nervous system. Trends like bring your own device (BYOD) and the use of public and hybrid clouds can extend your nervous system and effectively your presence throughout your marketplace. The prospect of the Internet of Things (IoT) promises to carry your network even further from the relative security of your data center. As your network expands, virtually nothing happens in your world that doesn’t touch your network at some point.
Your network as a sensor
Conventional networks were just conduits of data. They had limited awareness of the types of data they transported or the types of users who accessed them.
Network sensor technology available today can enable your networks to become aware of how they are being used and by whom. From a security perspective, this kind of intelligent visibility into your network traffic serves as a valuable tool to identify anomalous traffic from the furthest branch office down to the traffic in the data center.
Implementing network sensor technologies turns your network into an integrated web of ever-vigilant digital sentries that can detect malware, identify user access policy violations and obtain broad visibility into all network traffic so the appropriate action can be taken to protect the network against threats.
Your network as an enforcer
Once your network has been given the intelligence to recognize how it is being used, it can be used to dynamically enforce security policy through software-defined network segmentation to isolate critical systems. It can also be used to contain attacks by preventing the lateral movement of threats across the network, as well as minimize the time needed to isolate threats when detected. Armed with the authority of your security policies, your network can automatically act on your behalf to quarantine threats, segment network traffic and provide the policy engine for making changes to enforce new policy based on detected threats over time.
A daunting assortment of tools and technologies are available to outfit your network with sensory intelligence and the authority to enforce your security policy. Trying to pick the best of the breed—or cheaper technologies for specific components of your network runs the risk of creating a tower of Babel with technologies that don’t speak the same language. A better choice is to go with a set of tools that are designed to work together.
Many organizations have learned the hard way that implementing a security monitoring platform that is not tightly integrated with an effective service management toolset can overwhelm an IT department with a continuous swarm of alerts as threats are identified.
Here’s a common series of events that occurs when an IT staff decides to implement a monitoring tool for themselves: After dutifully following all the procedures for implementation, when they see alarms start showing up on the monitor, they pat themselves on the back and say, “Awesome. It works. This wasn’t so hard.”
An hour later they are holding their collective heads in their hands saying, “OMG! What have we done?” as hundreds of alarms swarm at them, each one seemingly demanding immediate attention.
The onboarding process of top tier managed services providers (MSPs) essentially loads data about your systems into their ITSM toolset providing a range of functions including incident and change management, a service catalog and a configuration management data base. By integrating the service management tool with the monitoring platform, MSPs can separate the informational alerts from actionable ones and act as a first responder to decide what’s a real threat and what is not.
Managed security services extends this capability to monitor, evaluate and respond to security threats to your critical business systems. Services can include:
Monitoring and managing critical systems for security threats is a 24/7 undertaking that needs to able to learn and evolve as rapidly as hackers vary and update their attacks. Just because you were able to thwart an attack today, doesn’t mean you will be safe tomorrow. For IT departments that don’t have the staff or expertise to outsmart hackers 24 hours a day, managed security services can provide unblinking vigilance to keep your data safe and your corporate brand out of the newspapers.
When people hear the word “security,” they almost certainly think about breaches, firewalls or governance policies that strictly allow or deny access to business information. Protection and prevention is, after all, its primary role.
But modern security tools can do a lot more than protect. Used strategically, they can also provide valuable insight – a deep visibility into a company’s IT infrastructure, a better understanding of how corporate computing resources are used, even insight to power targeted advertising.
Often overlooked, here are five business-enabling benefits that advanced security solutions can provide:
If you have been diligent about implementing security technology and procedures, don’t forget to take advantage of these benefits from your investments to save money and support business objectives.
If you haven’t been diligent, now is a good time to start.