Today’s threats are designed to target multiple attack vectors, expose vulnerabilities, select a compromise from an updatable toolkit of exploits, burrow deep into the network, and then hide their tracks. From there they can move laterally across the environment looking for data to exploit or resources to hijack – all while evading detection.
The reason such attacks are successful is because unlike the IT teams in the organizations being targeted, cyber-criminals aren’t constrained by lines of business, siloed technology teams, or carefully guarded network domains.
Instead, they look at an organization’s network as a single entity, which means they may have better visibility into network operations and architecture than the organization itself.
As organizations’ potential attack surface expands and attack volumes increase, it is imperative to track the most popular and successful strategies of cyber-criminals to stay ahead of their malicious intentions. As a result, facing up to current security challenges requires enterprises to think outside of the box.
The challenge of fragmented network environments
Many organizations have deployed siloed security solutions in different areas of the networked ecosystem that require individual management, rather than solutions integrated together through a common set of security services. As a result, threat intelligence is isolated, so detecting sophisticated threats requires a manual process that most organizations simply do not have the resources to support.
Often, this has the added challenge that while workflows and data move freely between one network ecosystem and the next, the institutional culture building these systems still has hard lines drawn between domains and lines of responsibility, and they protect zones of personal control that have developed over time. In such environments, establishing consistent visibility, management, and security protocols that span the network can be next to impossible to fund, resource, and deploy.
Organizations with institutionalized controls and rigid hierarchies that isolate personnel and restrict resources to teams with specific siloes of responsibility tend to be more vulnerable to today’s sophisticated attack strategies. The resulting fractured infrastructure allows attackers to hide in the gaps between control systems.
Similarly, malware that can mimic legitimate traffic is especially difficult to detect when the team responsible for security has no control over the data or resources being consumed or delivered by another team.
Best practices for stronger security
If organizations want to get ahead of the criminal community that wants to steal, hijack, or ransom their data, they will have to rethink their approach to security. Here are a few steps they can follow to help bridge the gap between traditionally isolated security devices:
- Implement a unified security strategy: All solutions should operate using the same set of policies, protocols, and intelligence. Adding a common threat intelligence service to a fabric-based security strategy ensures that different security tools deployed across the infrastructure are on the same page when it comes to looking for and discovering new threats.
- Integrate technologies: An organization’s security solutions should work as a unified system to find and respond to the fastest and most stealthy attacks. Building a fabric-based security framework around open APIs and a common OS enables those security technologies to span the distributed network as a single, integrated security solution. By weaving together different security technologies so that they use a common framework and set of security services, organizations can replace traditionally isolated devices with integrated solutions. They can then enable their security infrastructure to effectively correlate threat intelligence, and collaborate in order to adapt and respond to threats regardless of where in the network they have been deployed in or which team owns and manages them.
- Apply a uniform set of security services across the ecosystem of networks: Services such as sandboxing, intrusion prevention, virus outbreak prevention, or application controls allow disparate security solutions to use a common set of intelligence and techniques to better identify, correlate, and respond to threats regardless of where a threat is detected or where security resources are located.
- Automate processes: As the time between a breach and the compromise of data or resources continues to shorten, delays caused by waiting for a human response to thwarting attacks can have a serious impact on data and resources. To address this growing challenge, security vendors need to develop and deploy decision-making and analysis engines that take humans out of the loop. Leveraging AI engines and automation to perform certain decisions and analysis at speed and scale would not only close the gap on threat impact, but also allow humans to reallocate resources to focus on the decisions, where human cognition and intervention are really required.
Given the complexity of today’s hyper-connected, highly distributed networks, managing and securing them requires ever more time and effort. In addition, managing non-integrated legacy systems is a daily challenge.
To effectively protect the organization, IT teams to change their security strategy from one based on a collection of discrete, isolated solutions to an integrated framework that is able to work as a system to see and respond to threats.
Extensive knowledge of the threat landscape, combined with the ability to respond quickly at multiple levels, is the foundation for providing this level of security. Having a common set of threat intelligence and other security services will ensure consistent enforcement and security effectiveness, even across the most complicated network environments.