sb-as logo
Story image

How ‘thinking small’ can alleviate big security headaches

04 Jan 2019

Article by Illumio vice president of Asia Pacific, Rob van Es.

Security professionals focus is on preventing threats and breaches, which has always been the case. But as companies and organisations shift more and more of their data and operations into cloud environments, and cyber threat adapt to these changes and become more complex, many of us feel that it’s a battle that can’t be won.

In fact, a recent report from Ovum and Juniper Networks looked at APAC countries and found that Australia ranks as one of the lowest in terms of successful cloud adoption and centralising security management. There are several reasons why this could be the case – legacy infrastructure, complexity and a siloed approach are a culprit, while daily threat alerts that have inundated organisations are simply becoming unmanageable. This has all led to complacency, which has fueled this vicious cycle to repeat itself over and over again.

So what can organisations do to break this pattern? How can they proactively deal with security threats while still being able to focus on their digital transformation? It’s no easy task but if history has taught us anything, it’s that if ‘nothing changes, nothing changes’. In other words, there needs to be a fundamental shift in how organisations think about – and approach – these challenges. And guess what? The technology exists out there that can help us all get there.    Security threats are more complex than ever

In the past, companies were consumed with protecting the front gates and the outer wall of their network, never realising their adversaries were finding ways in by going to the neighbour’s yard and jumping the back fence.

The fact is, when intruders breach your (ever-expanding and changing) perimeter, they most often enter through a low-value asset or environment. This can be your development environment, a contractor’s network, a low-value application, an IoT device (e.g. smart light bulbs, HVACs, printers, etc.) or an unpatched piece of technology.    From a small foothold, attackers can move laterally through your environment. As we’ve all seen in the increasing number of attacks, intruders can often reach high-value targets once they’re inside your data centres and cloud environments. While we’re focused on securing the perimeter, we forget to close – and lock – the inside doors between areas. This means that if intruders find a way in, they often spend months (146 days on average) moving laterally inside data centres and cloud environments, undetected, until reaching their goal.

A new – and smarter way – to think about security 

But fear not, there is indeed a smarter way to secure your data and network than just the traditional ‘perimeter security’ method. By protecting the network from the inside out, you can ensure that the most critical assets are locked down - so even when a breach occurs, attackers can’t get at your most important assets. Say hello to micro-segmentation.

You’ve probably heard of it by now but micro-segmentation, by definition, is “a process that divides an entity into extremely small parts”. It’s the new ‘east-west’ frontier that looks at all of the network connections an intruder can use to move laterally through your environment – all while wreaking havoc (usually undetected) as they set their sights on the ultimate prize: complete and total access to your high-value assets. 

By moving laterally through a network, intruders have expanded what we view as the traditional ‘perimeter’. In doing so, they’ve not only changed the game, they’ve changed the field we play it on. Now, any and all minor threats need to be escalated and taken very seriously as they can quickly and easily turn into a major breach.   Micro-segmentation technology was developed as the only logical response to this relatively new – and rapidly expanding – type of threat. Think of it like a submarine: when the hull is damaged, watertight doors on either side of the section are sealed, and so the flow of water is limited. This lets the submarine continue moving, instead of sinking.   Through micro-segmentation, organisations can achieve the same effect to isolate a potential threat. There are several different use cases for micro-segmentation. Fundamentally, however, the strategies all work to compartmentalise the high-value areas of your network (the ‘crown jewels’) away from the low-value areas, which is where potential intruders would target first as an entry point.   Accept it, map it, and plan it

Like most things in our profession, what is easy to describe using analogies is orders of magnitude more difficult to deliver in the reality of complex business-critical environments. It’s important to map out your network and identify exactly which areas will be the high-value targets for intruders.   With the regulatory environment around the world calling for increasing levels of disclosure and security around personal data (such as the GDPR), the consequences of a successful breach are quickly multiplying from ‘embarrassing’ to ‘business threatening’.   The reality is that we need to assume breaches will continue to happen, but convincing organisations to plan and prepare for this requires a completely new mindset. When security professionals and organisations can think like their attackers, they’ll not only be better prepared to defend themselves, they’ll also be able to support business continuity and help achieve overarching organisational goals. 

And let me be clear, I’m certainly not saying that we’re giving up the lessons learned of securing the perimeter – that is, and will continue to be, critical to overall security strategies. However, just like the shift from fax to email, we need to quickly adapt to a new way of doing things. Whether we like it or not, this is our new reality.

Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
Zero trust is the way to secure the distributed workforce - Empired
Existing security solutions need to evolve to accommodate the new remote workforce.More
Story image
Misinformation on the rise, organisations consider how best to respond
The increase in misinformation and fake domains have left organisations perceiving the threat level to be ‘very significant’, with a third planning greater emphasis on their ability to respond in coming months.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More