Published on September 8th, 2016 | by Edward Amoroso
Time for a Defensive Change in Cyber
Today’s post was written by Dr. Edward G. Amoroso, Former SVP and CSO of AT&T, Present CEO, TAG Cyber
One of the conundrums facing the modern enterprise security team involves what to do about the ineffectiveness of the perimeter. Everyone agrees that unauthorized entry through open ports or advertised services in a leaky firewall has become child’s play. Hardly a day passes when the public does not hear about some enterprise falling prey to a northbound break-in, east west traversal, and southbound exfiltration. And the intruder accomplishes this in broad daylight, through a presumed defensive construct that compliance and regulatory managers would refer to as a primary control – namely, the perimeter.
Three Steps Toward a Better Security Architecture
It is my belief that three enterprise security initiatives must be introduced to change the defense to halt this enterprise problem. These three initiatives are quite simple to describe and are easy to understand. But they are admittedly much more challenging to implement. Once accomplished, however, they represent excellent news for the virtualization, mobility, cloud, and software communities, albeit somewhat more challenging news for the hardware and legacy communities. Here are the steps:
- First, the enterprise security team must break up and distribute the existing applications, endpoints, systems, networks, and infrastructure into smaller, more digestible pieces than the elephant currently sitting inside the firewall. Computer scientists might refer to this as decomposing a complex system; virtualization enthusiasts might refer to this as creating micro-segments or micro-services; and non-technical observers might refer to this as exploding the enterprise. While such imagery might be a tad violent, given the jailbreak of cyber security threats we’ve all experienced recently, perhaps such an approach is justified.
- Second, the enterprise security team must virtualize and embed the digestible chunks of enterprise infrastructure into more secure hosting and operating environments, usually involving cloud operating systems. IT administrators might refer to this as outsourcing the infrastructure; cloud experts might refer to this as adopting so-called “as-a-service” for a majority of enterprise; and non-technical observers would refer to this as offloading the segments. Amidst all the hype about avoiding the cloud, I would offer that given the broken nature of the perimeter, perhaps the hype should be shifted toward avoiding a firewall-protected enterprise!
- And third, the enterprise security team must replace any stale legacy security tools with newer and more innovative security technologies. This has already started with better PC anti-malware tools, but it must be extended to all systems, applications, and endpoints – including mobiles. Mobile security, in particular, represents an important new attack vector, as business people shift their habits from tapping on a computer keyboard to fingering a glass iPhone screen. Security tools for mobile will need to shift from simple anti-virus checks to more advanced solutions such as the predictive analytics. Observers would refer to this process of upgrading the protections as reloading the security, and its proper implementation requires proper investment of time and expertise.
Taken together these three steps: Exploding the infrastructure, offloading the segments, and reloading the security – provide context in which the enterprise security team can finally begin to move toward a more effective security architecture. And the three steps, if followed carefully, can hopefully shift the balance away from the offense and back to the defensive, where it belongs.