A layered approach to keeping up with the threat landscapeBy Phil Smith,
Many organisations have built up a suite of multi-vendor security products, layering best-of-breed solutions on top of each other in an attempt to prevent the latest threat. Too often however these products do not talk to each other, and you can unknowingly create gaps through which advanced persistent threats can slip unnoticed. Additionally, many organisations are not getting the most out of their existing investments, simply through lack of knowledge on exactly how to tune the products to their needs.
How many vendors?
According to the IDC Security Operations survey conducted in July 2017, 52% of all organisations are using more than 10 different security products, and 56% of large enterprises actually work with more than 20 security vendors. In fact, 18% of respondents said that they work with more than 50 different products.
Furthermore, as networks evolve and customer needs are constantly changing; the game has changed. The next generation of networks will need to meet unprecedented challenges, handling more data. To cope with the massive increase in data and the migration to cloud based services, more and more businesses will increase their use of local internet breakout. Agile, flexible networks will make it easy for organisations to turn up the bandwidth, add new sites and prioritise traffic and core applications.
How ‘software-defined’ redefines security policies
The move to software defined networks will also require security analysts to understand how applications work across these networks and outside the perimeter (cloud embedded, for example) and potential new vulnerabilities. BT considers that the following layered security approach is critical to developing a comprehensive security policy.
Secure the network
The Internet is by definition an untrusted network, which is evident given the steady stream of media reports of security breaches on an almost daily basis. The model of 'zero trust' means that from end to end, the security of data must be assured in terms of confidentiality, integrity and availability – the ‘security triad'.
Secure the data
In practice this means that encryption of data in transit and at rest as well as authenticating every device, user and application are paramount concerns. Regulations such as GDPR explicitly mention encryption as a means to safeguard personally identifiable data for example.
Secure the identity
‘Identity is the new perimeter'. So this means we have to effectively manage identities of users, applications and devices ('things') in order to make accurate decisions on who has access to what and when. Strong, multi-factor authentication ensures that the person or thing is who they say they are, and authorisation determines whether they are allowed to have access to the resources they have requested. A subset of Identity Access Management (IAM) is Privileged Access Management (PAM), which specifically manages access to critical business systems for system administrators and other privileged users.
Secure the device
As the number of devices continues to proliferate, ensuring that these are authenticated and do not contain malware is essential. Decisions in terms of access need to be taken on the basis of the device itself, its build (including anti-virus status) and its context. Is access being made from corporate wi-fi or high street cafe (i.e. a public environment), for example?
Automate and orchestrate
Managing the increasing diversity of the network landscape in a coherent fashion is beyond command line management and manual control. Policy based management or orchestration allows policies to be defined centrally and then implemented consistently. The advantage is that this provides the basis for consistency and rigour but the policy control itself must be secure.
By reducing the number of security products and vendors and working with strategic partners such as BT Security, organisations can focus their scarce resource on the core skills that they need within the business.
The ‘what next?’
Read our CISO and CIO's guide to securing networks, and contact a BT expert to hear how partnering with us can help you secure your business.