Security Scope and the Threat Continuum. What CISOs Need to Know.

Security scope and threat continuum. What CISOs need to know.

By Martin Roesch, CEO

The pandemic sparked a rapid evolution of networks, which have now become composites of multi-cloud, hybrid-cloud and on-premises infrastructures, with mobile and remote workers accessing data and applications spanning these complex and diverse changing computing environment are scattered. We refer to this development as the atomization of networks and the impact on network security is enormous. Organizations struggle to defend their network because it is so ephemeral and elastic that they are blind to its composition and entire attack categories. It’s a compelling feature that prompts security leaders to take a closer look at two key underlying security principles – scope and threat continuum.

DevOps Experience 2022

scope of security
For years, organizations have used a “defense-in-depth” approach, layering multiple tools to arrive at a set of capabilities intended to fully secure their network. But the truth is that defense in depth doesn’t really exist. It’s a misnomer. What we’re dealing with most of the time is defending in the adjacent area. A simple example: an NGFW does not deal with malware and EDR does not deal with network-based threats encoded in network protocols. Each of these tools, and for the most part the various security technologies we use, each have their own scope and responsibilities. Aside from the feature/function race between vendors within product categories, there is very little real overlap. In general, network-based tools are designed for different types of attacks than endpoint-based tools.

threat continuum
We also have different periods of time when security occurs: before an attack, during an attack, and after we’ve been compromised. At each stage of this threat continuum, there are different tasks to be done and different network and endpoint tools that we use to get them done. But the actual time within each phase to get the job done is not the same.

READ:  Tech in Travel: Hotel security, preparing for Japanese travel, bye-bye Misterfly, and More

Before attacking, we have “almost infinite” time to set up defenses and make it hard to even get attacked. We use tools like Cloud Security Posture Management (CSPM), Attack Surface Management (ASM), Firewalls and Zero Trust Network Architecture (ZTNA). We also implement compliance policies and perform vulnerability management and patching. We spend a lot of time discovering, configuring, and hardening the environment, making it difficult to get into at all. But if an attacker gets through and all goes well, we’ve mitigated the damage an attacker can do. At least that is ZTNA Promise.

At the point of attack, we typically have milliseconds to detect and prevent an attack using EDR, an IPS, or an NGFW. For example, if a potential remote code execution exploit is transmitted over the network or traverses a device, we need to detect in real time and decide whether or not to block it. If we recognize and make the right decision, then we are in good shape. If we don’t do this, our “during” tech will have no way of detecting and doing anything about this attack unless it’s specifically designed to provide a continuous ability beyond the point of attack in the post-phase, and most are not.

READ:  New Biden Executive Order Aims to Set Focus of Future CFIUS National Security Reviews | Jones Day

After an attack, we again have “almost infinite” time to find out we’ve been compromised and then using tools like cloud detection and response (CDR), log management, SIEM, scope, containment and remediation. SOAR and NDR. In reality, we need to do this as quickly as possible because the implication of this is that attackers also have near-infinite dwell times and the longer they have access to a compromised network, the more damage they can do. They can, and often will, go undetected for months or even years, and the damage can escalate exponentially.

The security perimeter and threat continuum are core principles around which the security industry was built, and that drive the network and endpoint security capabilities we use to protect enterprise networks. But now we need to rethink our approach to network security.

Rethinking Security for the Atomized Network
NGFW, IPS and NDR – the technologies designed and responsible for network security during and after an attack – are disappearing. These Deep Packet Inspection (DPI) technologies, primarily deployed on appliance-based architectures, are being rendered obsolete by the twin trends of encryption and atomization. And nothing has replaced her.

We thought we’d built a better mousetrap with Zero Trust and moving to the cloud, but that comes at a price. and 66% of companies don’t see ever moving fully to the cloud. Zero Trust and SaaS have accelerated the widespread adoption of encryption. So when access-based permissions models are abused to gain access to the network, compromises with existing network technologies are incredibly difficult to prevent. EDR is obviously valuable and offers a unique insight into local processes and system activities. However, it has an adjacent scope and its detection and containment capabilities are limited if the attacker uses techniques outside of its scope. And many endpoints and connected devices cannot support an EDR agent which means network security is even more important.

READ:  Know in Detail about The Merchant Embedded Computing Market

We must reinvigorate network security visibility and control with a new architecture designed for this atomized, encrypted world we now find ourselves in. Netography has the solution with ours SaaS-based universal platform that deploys seamlessly to deliver capabilities instantly, when and where they’re needed–Multi-cloud, hybrid and on-prem. It is unaffected by network encryption because it lives off the land Rely on network flows and metadata, not packets, to provide full cloud-scale network visibility. Detect and respond to attacks in real time from a single portal arise, which offers the possibility of a quick reaction so that attackers cannot use their access to the network.

Netography was designed to quickly replace the network-based security features that were being eroded by atomization and encryption. And we can do this with a broader spectrum for broader coverage of the threat continuum.

The Post Security Sphere and the Threat Continuum. What CISOs need to know. appeared first on Netography.

*** This is a syndicated blog from Netography’s Security Bloggers Network, written by Martin Roesch. Read the original post at:

Source link