Thursday , 27 July 2017
Home » NEWS » THIS WEEK’S GURUS » Visibility, context and control: The three blind mice of application security
Keiron Shepherd, Senior Security Specialist, F5 Networks
Visibility, context and control: The three blind mice of application security

Visibility, context and control: The three blind mice of application security

In today’s world, not being able to see potential threats to applications is fatal for business where data is king. As the digital economy grows, business intelligence relies on three crucial areas: visibility, context and control.

Did you ever see such a thing in your life?

Today, there is no rhyme or reason why companies should not focus on implementing robust application security solutions to protect customer data. With rapidly increasing encrypted traffic, being able to visualise potential threats is vital to avoid both exfiltration of data and infiltration of malware.

A Gartner report published in 2016 stated that only 27% of top 1 million websites use HTTPS (+11%), but more than 38% (+5%) of Google Chrome browsing is done in HTTPS (63% if we include fragment changes and history browsing). However, analysts predict it will soon be 100% across the board and become the new standard for web browsers. Encryption is a growing problem for many companies because the inadequate security solutions they have implemented are not able to decrypt traffic or their ineffective tools could degrade performance by up to 85% compared to normal service. Hackers know this and hide malware within their encrypted communications, which is why data theft continues to be a serious challenge for many firms. It is like breaking into the castle and abducting the king.

Cybercriminals are malicious pests that are sadly spawning across the globe, intent on stealing vital information. In fact, 28% of today’s attacks target user identities and 44% target applications, which are the gateway to your data. Weak or duplicate passwords for multiple applications used by people daily give hackers a rudimentary way to access sensitive information, which they can sell for high profits on the black market.

See how they run.

Now it is time to re-think the approach to security. To be a leader in data compliance and best practice, firms must secure applications wherever they are and ensure that users can access them securely from any device or location. The three essential elements that determine best security practice are as follows:

  • Visibility:

A fundamental principle of security is protecting what you do not see or know. Effective architecture provides complete visibility into all application traffic to help secure vital data. This should include identification of the user, the type and health of device in use, along with its location, user behaviour patterns, the type of network connection, availability of the application and the nature of data. Solutions like SSL Interception provides visibility and allows customers to offload all SSL traffic duties.

  • Context:

Visibility alone is insufficient. Context helps to understand all the characteristics of the applications that need to be protected and the external forces that threaten them. With context comes greater insight as multiple data points provide an additional level of intelligence that enables firms to assess risk and make informed decisions about the policies to create. Context also delivers accuracy to apply the correct controls (e.g. deciding whether to grant or deny a user access to an application based on their current situation).

  • Control:

With context, it is essential to have the ability to apply the right security controls. Without control, visibility or context become redundant. By having a single point of control to authenticate users, firms can easily improve application security and integrate existing infrastructure. Delivering consistent security policies is vital to apps applied across the data centre or in the public and private cloud. Once the blind spots are eliminated, companies have better control of identity and access management to protect all applications from DDoS attacks, web fraud and much more.

Cut off their tails with a carving knife.

In the nursery rhyme ‘Three Blind Mice’, the vermin eventually succumb to having their tails removed by a carving knife. Similarly, cutting out weaknesses in application security and curtailing hackers much faster will help to limit serious data breaches.

Visibility into network traffic makes security far more effective and simplifies overall management. Rigorous application access controls mitigate risk by authenticating and authorising the right people. Ultimately, securing the application – the king of the castle – protects against data theft and ensures that apps run faster whether in the data centre or in the cloud.

By Keiron Shepherd, Senior Security Specialist, F5 Networks

About Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email - dean@itsecurityguru.org