We are witnessing an onslaught of attacks coming in from highly organized cybercriminals. It is so bad, in fact, that the situation was recently described by U.S. Secretary of State, John Kerry as, “…pretty much the wild west…”.
If cybercrime is highly organized, then we, in turn, need to be highly organized to counter the threats. The ‘wild west’ needs to be well and truly controlled by consolidating our infrastructure security. But what exactly does this entail?
Why Consolidate – The Drivers
Many organizations have found themselves in a situation that has, over the years created an infrastructure security profile that is nebulous. This is often the result of bringing in point solutions to deal with specific threats and building up a disconnected arsenal as issues evolve. Like many areas across an enterprise, management of a multitude of approaches and tools can be onerous. Coupled with this is the organic nature of the evolution of security policies as the threat landscape changes and as we open our perimeter into the cloud. The result often ends up in a fire-fighting situation with inefficient use of resources; we end up with a reactive rather than proactive security strategy.
There are a number of reasons why infrastructure security consolidation is a good idea. The concept of pulling your resources together and understanding what you have at your disposal is, in general, a good thing to do, after all, knowledge is power in the fight against cyber security threats. However, external forces such as compliance and regulation are also driving the need to be more streamlined and efficient, making management of the compliance process a seamless and less stressful operation.
Consolidation: Knowledge is Power and Simplicity is your Friend
The first step in consolidating your infrastructure security is to understand what you already have and where that falls short. Recognition of the threat landscape and advances in dealing with it, are also a vital first step in understanding your security requirements.
Whilst going through this exercise, one watchword should be at the forefront of everything you do, simplicity. The acronym KISS that stands for ‘keep it simple, stupid’, is one that can inform correct choices. In security, anything that is overly complex results in multiple points of failure, poor uptake and human error.
But security infrastructure is complex I hear you say. This is true, the complexity is increasing, especially with game changers like Bring Your own Device (BYOD), and the highly disruptive Internet of Things (IoT); these new kids on the block are adding layers of security problems that didn’t exist before. The issue arises when older technology comes up against the new. This is where knowledge can create simplicity.
A key area that a knowledge-based approach can improve efficiency is to create a more cost effective security infrastructure. The amounts spent on cyber security preventative measures are massive. Analyst firm Gartner are expecting enterprises to spend $101 billion on cyber security in 2018. This is confirmed by PWC who in theirGlobal State of Information Security Survey 2015 stated that the budgets for information security have doubled over that of general IT budgets since 2013. These runaway costs need to be stopped and consolidation is a way of doing that.
Consolidating your Lot
Our older technologies, particularly point solutions, have been used with moderate success over the last decade or more; they were our security mainstay across the enterprise. But times have changed. Cyber threats are now more sophisticated and multi-faceted, as our technology emerges, so do the threats. We find ourselves in a situation with our point solutions of having ‘too many cooks spoiling the broth’. The entangled mesh of products that we rely on, are our downfall. The administration and update of the products alone, is a management nightmare. Every time a new point solution enters our extended infrastructure, our costs of ownership of that product in term of management, training and staff awareness, increases. And more point solutions means more points of failure – more areas that can allow a cyber threat to become a breach.
And point solutions are also failing to deal with cyber threats. Much anti-virus software, for example, cannot keep up with the new threat landscape. Definition updates can be way behind the threat curve. Imperva looked at a number of AV software solutions and found that 75% of their definitions were out of date by almost a month.
Consolidation requires modernization and the time is now.
A modern approach is to use holistic technologies, capable of managing the highly distributed and diverse infrastructure of today’s enterprise. Consolidation is something that can bring your extended network and Internet application resources together, rather than keeping them as separate entities as end point products do.
From the knowledge base you created at the outset of consolidation, you will understand the type of security tools that can impart a more holistic approach to your security infrastructure.
In the first instance, a good supporting architecture is the foundation of your infrastructure – using a reverse proxy architecture can give you many security benefits, including being able to more efficiently handle HTTPS traffic.
A Web Application Firewall (WAF) and especially the use of smart web application protection, is a highly effective modern method of preventing attacks at the application layer and into the extended web service layer. WAF’s with Security as A Service (SaaS) features are especially useful as they offer centralized management, monitoring and event audit – monitoring and threat analysis are becoming increasingly useful against changing cybercrime landscape where new vectors (such as malvertising) are becoming commonplace.
Another area ripe for consolidation is your authentication policies. Single Sign On (SSO) across enterprise and web applications is one way to cut down on resource greedy user account management issues. It also makes employees more productive and can help manage BYOD. But other authentication options such as the use of two-factor authentication should also be applied where needed and can be part of an SSO system.
Centralizing your security strategy, through virtualization is another possible coping mechanism, which can reduce costs and make security a more manageable asset.
The best way to consolidate your security infrastructure is to see it as a process of change – taking your deep understanding of your enterprise extended architecture and data flows and applying a modern holistic approach, using new security 2.0. tools, to create a modern and strategic security infrastructure.
A Consolidated Future
The modern enterprise is made up of fuzzy, ever extending layers. Our approach to securing our infrastructure needs to be one that can handle a very complex and often changing environment. Flexibility and simplicity need to be at the heart of our approach to security infrastructure management. With the extension of the enterprise touch points, into cloud environments and with emerging disruptive technologies like the Internet of Things, we have to create a new paradigm of thinking when it comes to perfecting our security infrastructure. Consolidation of what already exists within that infrastructure using security 2.0 thinking will allow us to build the type of robust enterprise that is prepared for the onslaught of threats that we see on a daily basis. We need to prepare ourselves for both insider as well as outside threats, by using knowledge and applied intelligence; intelligence from our own personal experience as well as that of security 2.0 tools like those in the smart web application protection camp. We have to create enough flexibility in our infrastructure to cope with a threat landscape that changes, this requires creative security to build a streamlined, robust and reliable infrastructure security model.
Michael Liebi ist Gründer und nun als Board Member bei United Security Providers tätig.