Hyperconnected Digital Environments Are Raising the Stakes for Security Teams Even Higher
We are all aware of how rapidly networks are expanding, and the impact that this is having on the attack surface. Anyone paying close attention to digital transformation, however, has also seen that networks aren’t just expanding. They are also converging. And the challenge from a security standpoint is that the vast majority of the security solutions we have in place were simply never designed to meet the security requirements of a hyperconverged network. And for the most part, it’s our fault.
Business drivers are forcing rapid network evolution. The majority of organizations now have a multi-cloud solution in place, often with more than one IaaS provider in addition to multiple SaaS providers. They are replacing their traditional WAN connections with SD-WAN solutions that runs over public networks. Billions of IoT devices are being added at a breakneck pace. 5G and edge networking is about to completely decentralize and redistribute things like data centers. And remote users using mobile devices that combine business and private data are now the rule rather than the exception. And this doesn’t even include things like Shadow IT.
Network ecosystems are converging
But rather than networks being comprised of a disparate and distributed set of individual networking components, they are being woven together into a single, hypermeshed fabric. 5G, SD-WAN, Edge computing, the cloud, and IoT devices are now being blended together to allow workflows, applications, and other transactions to flow through and between each of these ecosystems.
Complicating the issue further, these complex private IT networks are being blended with other networks, such as OT, public infrastructures, and even competing/complementary entities in order to accelerate response time and to deliver a complete solution to customers. This emerging hyperconnected digital environment raises the stakes for security teams even higher.
Security needs to address speed and interconnectivity
Securing these new digital business demands revolve around two foundational requirements: speed and interconnectivity. Unfortunately for many organizations, many of these new networking environments have been secured using separate security solutions that cannot address either of these new requirements. This has happened for a number of reasons:
• Existing security tools or essential functionalities are not available on every platform, thereby limiting interconnectivity
• Traditional perimeter security tools cannot meet the speed or complex networking requirements of today’s digital business
• Poor planning prevented the security team from implementing a holistic strategy
– Lines of business are designing and even deploying new environments, and security teams are not consulted until the end
– Cloud SecOps and DevOps are not part of the central IT/Security team
– Each new area was handled piecemeal, as an individual project rather than as part of a larger security strategy
One of the biggest barriers to having an effective security framework in place is that security leadership failed to recognize that these different environments would begin to converge, or they missed the implications that this would have on their security infrastructure
Traditional security solutions need to be replaced
Complicating matters further, most of traditional security tools and platforms that organizations have in place—or that are still being offered by the vast majority of security vendors—operate in isolation. They have a limited span of control and a shockingly primitive inability to share and correlate intelligence with, or especially, coordinate a systemic response to any detected threat with other devices or platforms—especially those from other vendors. And with the emergence of multi-vector malware, even if a security system is able to identify a new threat and shut it down in one part of the network, it may still be able to break through and wreak havoc in another.
We are building security gaps into our networks
One result of using a fragmented security strategy to secure a complex and evolving network is that threats slip through the gaps, giving them more time to engage in malicious activity. One recent threat report shows that in Q4 of 2018, botnets that were able to penetrate perimeter defenses have been able to extend their dwell time by 15%, which means they now enjoy nearly 12 uninterrupted days to scout for other devices to infect, compromise systems, and exfiltrate data back to their C2 servers.
As a result, 6 of the top 12 exploits identified by researchers in Q4 were IoT related, with 4 of the top 12 related to IP-enabled cameras. Access to IoT IP cameras could allow cybercriminals to snoop on private interactions, initiate malicious onsite activities, and gain entry into cyber systems where they can access launch DDoS attacks, steal proprietary information, initiate a ransomware attack, and more. This is a direct result of the convergence between physical and cyber security that has not only created an expanded attack surface, but that has introduced critical gaps in our security deployments.
Six things you can do about it
Securing today’s increasingly meshed and interconnected networks requires a similar security strategy. You need to protect a fabric with a fabric. This requires you to do the following:
1. Replace isolated security tools with ones that can see and share information with others. This means more than deploying several devices or platforms from a single vendor. Different tools—from NGFWs and IPS systems to WAFs and email to anti-virus, anti-malware, and Advanced Threat Protection—need to be able to collaborate and coordinate to respond to threats. This includes leveraging Open APIs and open standards to communicate between solutions from different vendors.
2. Tools need to operate consistently and natively in every environment in which they are deployed. This means that if your vendor doesn’t have an equivalent solution for physical, virtual, and a variety of cloud environments, it’s time to look for a new vendor.
3. Security needs to be connected together using a common set of threat intelligence and a centralized management and orchestration tool to analyze data, push consistent policies out to every networked domain, and ensure consistent policy enforcement.
4. Segmentation is not only essential, it also needs to be able to extend across multiple domains in order to provide real-time protection for workflows, applications, and transactions that move between a variety of connected resources.
5. This integrated and collaborative solution also needs to perform a digital speed in every single place they are deployed.
6. And finally, they need to be able to dynamically adapt to changes to the network as well as to the threat landscape. This requires tools that can not only be highly automated, but that leverage AI and machine learning to improve security processes, reduce false positives, respond to and even anticipate threats, and be mapped to specific automation protocols in place inside the network.
While many organizations are struggling to secure their diverse, complex, and rapidly expanding networks, they are now facing a new challenge created by convergence. Organizations that fail to begin now to rethink and retool their security solutions and strategies will not survive the next wave of digital transformation just around the corner.