From Hacker to Human Error, Multi-Layer Protection from Data Breaches

I was recently reading a Wikipedia entry which documents a number of key security breaches that have occurred, along with an indication of why each one happened (with associated links to various sources of detail). While this is obviously not a definitive list, it does provide a useful insight into the range of incidents and how they were carried out.

Security breaches and data leaks will happen. The ease with which an attack can now be launched via a subscription on the dark web has been facilitated by hackers who provide an actual service, complete with SLAs and guarantees. These services are looking to exploit zero day and existing vulnerabilities as well as human errors and weaknesses.

In order to reduce the risk of an attack, a multi-layered approach to security is needed which takes a broader view than the traditional areas of focus.

Perimeters

In the past, perimeter protection meant a firewall of some sort. While this is still the case, defining your organisation’s perimeter now usually includes both traditional network edges and the cloud.

SaaS platforms must be properly controlled and protected to mitigate against data leakage and ensure that users can securely connect to the information easily using two factor authentication.

Public cloud platforms need to be secured effectively by ensuring that the security models in place extend into the public cloud providers. This should include both provision of firewall services and systems to ensure that public cloud environment activity is monitored. By monitoring the deployments of services against best practices, you can ensure that entries into your network are not created by human error.

Traditional firewalls are still needed, but must be more than basic rules covering what is and isn’t allowed based on simple destinations and traffic types. Instead, they need to be able to assess the content of this traffic to ensure that it isn’t malicious.

Within Your Network

What is actually happening in your network? Who is talking to who? What traffic is traversing your networks? A full understanding of all your normal traffic flows allows you to easily spot the unusual, which enables faster identification of zero day threats. This can be delivered using a combination of advanced endpoint solutions and monitoring the actual traffic travelling across your LAN.

The Human Problem

As I have discussed before, humans are the weakest link in the security chain.

The network needs to be protected from errors generated by misconfiguration. Where possible, repeatable tasks should be automated, utilising software defined networks for automatic self-configuration and tuning.

Systems should be deployed that monitor the configuration of cloud platforms to ensure data is not left unencrypted and public access is not left open, and robust release mechanisms should be in place for in-house developed platforms to ensure vulnerabilities are not introduced by poor coding.

End users need continual education on the issues of cyber security. This should also be tested to ensure that users are not succumbing to targeted social engineering attacks.

Monitoring Credentials

It’s widely known that the dark web is a source of credentials. Are your users credentials available for sale? Monitors should be used that look at what is available and if it is relevant to your environments.

Monitor and Tune Your Security

All of the above will generate a lot of noise. Ensure you have the ability to filter out this noise with a robust SIEM platform that intelligently highlights what is important, and integrate these platforms to self-tune based on threats.

Enabling you to respond much quicker to both targeted attacks and unintentional errors, a multi-layered approach to security is the most reliable way to save your organisation from the financial and reputational cost of a data breach.


Webinar recording - The future of securing your business

The unprecedent situation that organisations in the UK have faced in June 2020 meant many of them are starting to reimagine how they will conduct their operations in the future.

This was going to impact IT departments who would have to rethink their plans and reprioritise their budgets.  This webinar took a look at one of those impacted areas – information security.

This webinar was for IT/IS directors and managers looking to gain an insight into how this was going to shortly impact their working lives as;

Justin Harling, CEO at CAE Technology Services shared the key insights from discussions he has had with CAE customers around how their operations would evolve in the future and the impact this would have on how they go about securing their business.

Greg Day from Palo Alto Networks has found himself central to many businesses discussions around how they can still secure their business as they start to evolve.  Greg shared some of the key challenges that he sees customers having and how to overcome them.

 

You can listen to the 30 minute recording here


Secure, adaptable IT in an unpredictable world - the rise of software defined

The Rise of Software Defined

Secure, adaptable IT in an unpredictable world

The world is changing. Along with an unpredictable political landscape, the business world faces GDPR compliance, multi-generational workforces, new business models, security challenges and even state sponsored cyber-attacks.

IT has always had to adapt to changes. Flexibility was introduced 10-15 years ago through virtualisation – itself not a new concept. The introduction and mainstream adoption of cloud services allowed businesses to adapt to the changing business models, flexing capacity where required. However, the constant that didn’t change was the network, both inside the Data Centre, at the edge and the WAN.

This is now also changing with a shift to Software Defined Networking (SDN). The physical network is being abstracted from the logical – policies control how the network is configured based on the particular requirements at that point in time, not based on a fixed ruleset that was entered into a switch at the point of installation.

Going software defined presents a number of advantages to an organisation.

This new form of network is:

Programmable – Allowing the network to be programmed via API, applications can reconfigure the network automatically based on requirements.

When a developer needs a new software stack in an organisation’s cloud environment, typically it would require a change request to the networking team to configure VLANs, open ports on firewalls etc. In a Software Defined Networking environment, the orchestration tools or the application will tell the network what needs to be done, removing the human input and speeding up the delivery time.

Adaptable – The network can review what is using capacity and change how it operates, which is useful in a number of scenarios.

In the Data Centre, the network will identify the type of server (physical or virtual) being connected and the application deployed. Pre-configured policies will automatically control how and with what the server communicates. This removes the need for firewalls between layers within the Data Centre, and more importantly, the need for manual intervention to reconfigure switch ports and firewall rulesets.

Software Defined WAN enables organisations to be flexible in the carriers they utilise. Traffic can be routed over the best link dependent on the traffic type. Highly sensitive traffic can be sent over the high cost MPLS or point to point link, while less critical or less sensitive traffic is sent over Internet based connections. Sites can be added quickly and efficiently, with policies being consistently applied both in the LAN and out onto the WAN.

Simple – Once the SDN has been implemented, the complexities of traditional networks with long configurations, rulesets, VLANs etc. are removed. Network reconfigurations and manual intervention are only required when something totally new is introduced, and that again would be configured once and then propagated across the organisation. In a traditional environment, each switch may need configuration changes, and each firewall a ruleset change.

Secure – Humans are the weakest link – we make mistakes. Removing as much human interaction as possible with the day to day changes of the network removes the ability for mistakes to be introduced. Old unused firewall rules that allowed inbound open ports to a particular IP address will not exist, as rules will only be in place when the service is there that needs it. When a new server is added to the network with a reused IP address, a security hole will not be introduced. In the same manner, connectivity between two servers or a client’s server will only exist while those devices are on the network.

Assured – Because the networks are now API driven and APIs are often two way, more information is readily available on how the environments are performing. It is now possible to prove the network is delivering as intended, and where problems do exist it is quick and easy to identify what and where those problems are and remediate.

Cloud Ready – Extending the software defined environment into both the private and public clouds ensures that an organisation can truly operate in a multi cloud world, defining policies that will apply in their own private cloud or data centre as they will in a public cloud such as Azure, AWS or Google.

Software Defined Networking is not only a suitable platform for large enterprises. A true software defined architecture provides flexibility, control and simplicity, which makes it a valuable and beneficial solution for any organisation ready to embrace change.