COMPLEX NETWORKS GETTING HARDER TO SECURE
Complexity is unavoidable in the 21st century. The goal isn't to regress back to on-premises, centralized systems. It is to manage complexities in a way that doesn't inhibit global expansion or increase risk. James Tarala outlined the problem in his simulcast for SANS security institute, Implementing and Auditing the Critical Security Controls - In-Depth. Real world attack surfaces will be found somewhere within the relationship between three components: network, software, and human beings. Examples include: • Outward-facing servers with open ports • Service availability within the firewall perimeter • Vulnerable code that processes XML, incoming data, email, and other office documents • Social engineering 5 steps toward improving complex network security In order to minimize risk, you have to limit opportunities for malicious activity. Here's how. 1) Eliminate the complexity: This doesn't involve reducing your network or reach.
It simply means to get rid of unnecessary complexity within your system regardless of its scope. Even the most intelligently designed networks include elements of redundancy or can be managed badly by untrained or inexperienced personnel. This can lead to: • Incomplete or duplicate information • Obsolete or invalid rules • Overly permissive policies that allow access to those who don't need it Performing a security and training audit can limit the possibility of human error that leads to data leaks and breaches. Evaluate current policies periodically to eliminate those that promote network insecurity. A good example would be the growing popularity of a virtual private network (VPN) as a way to guard against DDoS attacks (among other benefits).
Companies and their CISOs would be wise to educate employees about threats associated with not using a VPN or firewall, and subsequently requiring employees to use both when they access the internet through the company network. Or the organization could simply install a VPN on the network router, taking the decision out of the employees’ hands. Virtual private networks need not be enterprise level software; most of the best VPN services today for consumers use the same VPN protocols and cryptographic security, and are fine for small to medium-sized businesses. When informed about the dangers of unencrypted internet browsing, employees should always connect through the encrypted protection of a VPN without having to remember to turn it on. Symanetec’s 2019 Threat Report shows a trend of SMEs adopting and mandating VPN usage for employees, both in and outside the office. By doing so, they’ve just eliminated a bit of complexity and enhanced security.
Rinse and repeat. 2) Visually evaluate your vulnerabilities: Threat detection often involves system scanning and monitoring. What's often left out of the equation is vulnerability visualization. This makes it easier to overlook how an attack can occur. When you set up a real-world model of methods as well as possible points of entry, you connect the two and create a more comprehensive approach to attack prevention. Best practices recommend these three methodologies: • Attack surface modelling that includes network assets, likely targets, potential pathways, and overly permissive policies. • Attack simulation that demonstrates potential paths and modes of attack. • Patch simulation to determine which fixes will have a greater impact on security. 3) Maintain control over endpoints:
This is a two-part process that involves continual network endpoint monitoring and controlling what endpoints are actually allowed to do. For example, drawing a visual perimeter around network endpoints that ensures security compliance with communication between network components and instituting a protocol that initiates automatically to curb exposure. 4) Segment and separate networks: You wouldn't put all of your investments into the same stock, so why would you keep all of your connections and devices on one network? Segmentation allows you to reduce exploitable assets. It also drills security controls down to a single machine, partition, or workload, and minimizes the amount of time a hacker is able spend undetected on your network by slowing his or her progress. Think of it as trapping a burglar in a corridor of various locked doors. 5) Prioritize attack surface analytics: The final step is to perform a little network security triage.
Performing testing that analyzes configuration assessments, quantitative risk, and traffic flow will provide you with insight into risk levels and help you reduce your overall attack surface regardless of your network size or complexity. Final thoughts Complex networks are the new reality. They've erased old perimeters and reinforced the importance of refocusing on network security requirements. The goal of any cyber security professional should be to redefine those perimeters and protect them. Following the steps outlined above should go a long way toward meeting the security challenges of our new, complex networking capabilities. The use of artificial intelligence and complex, interconnected networks is part of the problem. But, it can also become part of the solution. However, AI doesn't just enhance security. It also contributes to better UI/UX. Improving customer outcomes and satisfaction is the ultimate goal of any enterprise.