Next Step Security – How to Defend Against Perimeter Breaches

Written by

IT security has traditionally focused on developing perimeter defenses to stop threats from actually entering the network. It’s a bit like a country estate with lots of valuable possessions inside; the owner installs alarms, motion detectors and decoys and adopts a risk-based approach that starts with security at the road gate, even if it’s two miles from the house. 

From the outside, it may look like robust, rigorous and even daunting defenses are in place but if an intruder can get into the building, they’re free to loot, slash and burn. In today’s world of cybersecurity, this perimeter approach to defense is rapidly becoming redundant as the threat landscape evolves and hackers devise increasingly devious methods to breach the perimeter. 

Advanced Persistent Threats

?Advanced persistent threats are becoming more common and defined by sophistication, and they can take months to plan. These threats often use a new breed of malware that lays dormant until activated by remote control. An even more dangerous threat vector is the rise in smart connected devices. Gartner estimates that there will be 20 billion connected devices by 2020, many of which present security threats. 

Protecting at the Micro Level

The threat landscape is evolving at a rapid pace, but the next step in cybersecurity that addresses this, is network micro-segmentation at the workload level. The approach is based on a micro-granular security model in which security is essentially tied to individual workloads, while also providing the agility to automatically use provision security policies.
In a traditional security model, if a laptop belonging to an IT administrator is compromised, the hacker can log onto servers and move around the entire network. The network micro-segmentation model doesn’t allow this to happen. 

It’s built upon network virtualization at the hypervisor level. Network hypervisors enable the creation of virtual networks that are decoupled and independent from the underlying physical network. Importantly, a network hypervisor in a virtualized environment is uniquely positioned to see all traffic moving across the network, even down to the level of individual virtual machine workloads. 

Guarding the Routes

This level of visibility enables network micro-segmentation based on the attributes of each workload and also on the understanding of the specific purpose of each individual workload. 

Administrators can base security policies on the type of workload, whether a web application or database; what the workload is used for, such as development or production; and the type of data workload handles, such as mission critical financial information or personal identification information.

This enables administrators to set and guard the routes for data travelling across the network and to detect any aberrations in terms of workloads. 

Stymieing the Hacker’s Objective

A hacker that gains access to the network would use this as a starting point to develop a footprint of the network. The hacker will look for a wide range of information such as exposed applications, operating systems and application version information and the structure of the applications and back-end servers. When they have garnered this and other information they can identify vulnerabilities which are then exploited. 

However, this requires a lot of movement across the network. Network segmentation, however, limits an attacker’s movement within the network even if the perimeter has been breached. Organizations can divide their datacenter into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment. It even guards against sleeping malware that has been planted with the aim of activating it at a later date.

New Technology, New Defenses

Network micro-segmentation is a necessary next step in security. It is not only being driven by the evolving threat landscape, but also driven by the move from traditional hardware-centric data centers to software-defined data centers and network virtualization. You can liken it to the security in a hotel. An attacker may be able to get into a building but once inside they’ve still got a big job on their hands to navigate undetected, while attempting to break into locked doors within the hotel. If we’re to guard against the increasing number of cyber-attacks this level of security is absolutely essential. 

What’s hot on Infosecurity Magazine?