Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 29 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Security breaches are inevitable, so how are you going to contain them?

by The Gurus
January 7, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Security breaches are inevitable, so how are you going to contain them?
Cyber security isn’t working. Too many companies are being breached; and governments globally are recognising the need to invest heavily to protect vital services and infrastructure. However, today’s defence in depth security models are not completely flawed; they are, perhaps, naïve. When firewalls are being easily bypassed and it’s taking upwards of six months to detect a breach, the reliance on traditional access control, threat detection and threat protection is clearly inadequate. Organisations need to add another layer – breach containment. It is only by recognising that a breach has already occurred and containing that breach within a defined and secure segment that an organisation can avoid the damaging system wide events that are becoming a daily occurrence. 
Paul German, VP EMEA, Certes Networks, insists it is time to face up to the futility of breach detection and protection alone, and that organisations must make a change to avoid the fate of the organisations that have recently hit the hacking headlines. 
Security Agenda
When the most fiscally prudent Chancellor of the Exchequer in a generation stumps up an additional £1.9 billion to combat the cyber security threat, reality starts to bite – organisations of every size need to do more to safeguard operations. The threat landscape has evolved again and weaknesses are being laid bare on a near daily basis. The truth is that while the considerable investment in threat detection and threat prevention is essential to deter the vast majority of attempts to compromise or hack an organisation’s network, these technologies are not enough.
The defence in depth security model that encompasses firewalls and anti-virus, file integrity monitoring and access control is essential – without it, businesses would lose vital sensitive data and essential infrastructure would be compromised. However, from the recent events at TalkTalk onwards, it is clear that the model as it stands today is failing. Announcing a breach is bad enough; no CEO wants to admit to the media that the company has no idea whether a breach is catastrophic or insignificant; or that it has no idea how long the threat lay undetected.
Yet according to research conducted by the Ponemon Institute on behalf of Arbor Networks, once a data breach occurs it takes an average of 98 days for financial services companies to detect intrusion on their networks and 197 days in retail. That is upwards of six months for hackers to conduct surveillance and steal data undetected. The other problem is that the way in which cyber terrorists are gaining access to networks has changed. Today, an estimated 95% of breaches occur as a result of a user being compromised, (2015 Verizon Data Breach Investigation Report) usually through a phishing attack. When an attacker uses authenticated credentials to access the network, a firewall is useless.  It is only once the attacker attempts to elevate or escalate that user’s privileges to access sensitive or critical data, that an organisation has a chance of detecting the threat. Threat detection and protection technologies are clearly failing to deliver a complete cyber security solution. 
Segmented Model
Breaches are occurring all the time – and organisations need to accept that it is more than likely a breach has either already taken place or is currently underway within their environment and that this can and will happen without any notification. With that understanding comes a recognition that the objective is now to contain any breach whether known or unknown and minimise any risk of it becoming system wide. To achieve this breach containment model, companies need to think differently about security architecture design. The emphasis is no longer solely on building walls to keep people out but on containing that breach and minimise the extent of it by building (fire) doors between different parts of the infrastructure.
Having accepted the premise, the challenge now is to understand the best way to break down the infrastructure into manageable segments of risk. For most IT experts the logical approach to creating microsegments would appear to be at the network layer. But this has massive limitations – not least the proven frailty of the network infrastructure. Every time a change is made to an access control list, IP address or subnet, there is a real risk of opening the door to bypassing the firewall.  Furthermore, in a cloud and mobile enabled environment where networks are often outside an organisation’s control, it is simply not possible to deploy a robust end to end strategy.
Companies need to step back and look at this from a true business perspective and focus on users and applications. Who needs access to what data? Building on the existing policies for user access and identity management, organisations can use cryptographic segmentation to ensure only privileged users have access to privileged applications or information. Each cryptographic domain has its own encryption key, making it impossible for a hacker to move from one compromised domain or segment into another therefore preventing the lateral movement that leads to many breaches – it is simply not possible to escalate user privileges to access sensitive or critical data.
Taking this approach, an organisation can narrow the scope of a breach to a small, contained area rather than system wide and, critically, do so in a way that removes the need to build new security policies into the network infrastructure. Furthermore, as and when a breach is a detected, the segmentation policy means an organisation has immediate visibility into the extent of the breach – enabling both targeted rather than system wide lock down and a far more confident and measured response to media, shareholders and customers. 
New Mind-Set
This is without doubt a huge mind-set change. While organisations have worked hard on creating robust, defence in depth security strategies, with security experts globally now recommending a containment policy based on clearly defined infrastructure segments, it is clearly time to make a change.  However, those organisations simply opting to impose containment at the network level are failing to recognise the true threat landscape: a reliance on network based controls adds not mitigates risk. It is simply too easy to bypass these controls.
It is only by following a user and application based segmentation approach that an organisation can truly address the heart of the matter: the breach is contained within one specific segment.  The hacker cannot bypass the cryptographic key to escalate privileges and gain access to data that is only available to users within a different cryptographic segment. The organisation knows immediately the extent of the breach and the data/users/applications affected.
This latter point is key: no CEO wants to be in the position of Baroness Dido Harding, the CEO of TalkTalk who had to admit that the company did not know the extent of the breach, or the number of customers whose data had been compromised. An effective breach containment strategy both minimises the extent of the breach and provides immediate clarity of risk to shareholders and customers.
Adding another layer to an already complex defence in depth security strategy may seem onerous but, as George Osborne, Chancellor of the Exchequer, said, “Getting cyber security right requires new thinking.”
 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

2016 will be the year of game changing challengers in the banking sector says Anthemis

Next Post

More Google Play apps infected with Brain Test malware: Lookout

Recent News

Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023
Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information