The Bad Guys are Already In: 5 Steps to Defend against Cybercriminals
Author(s): Tom Patterson, Posted on September 14th, 2015
Today’s cyber efforts are largely spent either trying to keep people out of networks or trying to watch all of the billions of “events” occurring within organizations – relying on those two security staples of walls and watching to stay secure. And while budgets, time and resources keep growing in these two areas, they are constantly overwhelmed by the deadly duo of the volume and tenacity of today’s attacks.
One can no longer build a wall high enough, since today’s network environments encompass such a complex array of data centers, networks, mobile devices, clouds, partners and even supply chains. In fact, the entire concept of a wall is obsolete and must be retired.
One can no longer afford to simply watch unfolding cyber events, usually a step too slow to do more than figure out what just happened. There are never enough skilled analysts, sensors around the world, or budget to get ahead of the problem this way.
Instead, we need to embrace a new way of defending ourselves – by assuming the bad guys already are inside of our organizations. I recommend the following five steps:
- Micro-segment everything, with precision. Using government-approved cryptography, you can restrict even approved users (and all hackers) to access only the data and services for which they are authorized. So even if someone allowed their password to get out, adversaries could only access that tiny micro-segment of your enterprise. With today’s technology, micro-segmentation can be used protect your valuable data, servers, endpoints, mobile devices and even entire data centers!
- Run identity-based (not device-based) security to allow scale. Rather than come up with rule after rule of device-centric information, manage your micro-segments using the same user identities already in place, including common access cards, advanced biometrics, or simple passwords.
- Build and run security that works across all parts of your eco-system, not just your networks. Since your eco-system now includes suppliers, personal devices, partners, and clouds, your new security design must address all of these.
- When rethinking your security, don’t forget your Industrial Control Systems and SCADA devices that turn on your lights, control your power and transportation, and even open and close your doors. Deploy micro-segmentation systems that run as effectively on an old and unsupported Windows XP machine as it does on the most modern of controller.
- Design your security to be operationally efficient in terms of costs, skills and transparency. By focusing on items like affordability, staff and the ability of your user community to operate it without becoming security experts, you are building your new security to succeed.
Basic network defenses including firewalls, anti-virus, and security information and event management (SIEM) still have their place. But by rethinking your security concept and leveraging the most modern defensive micro-segmentation techniques, you can save real money, dramatically improve your defenses, better leverage advanced technology like clouds and mobility, and make better use of your staff.
The bad guys are getting better. We need to keep ahead, and with micro-segmentation—we can.
This post was first published in The Fort Gordon Signal at http://www.ftgordonsignal.com/news/2015-09-11/Viewpoint/Transitioning_yesterdays_security_failures.html