Adoption of cloud based technology and the proliferation of remote working is driving a new approach to security that needs to be omnipresent providing the highest practical levels of cyber security for the user, the network and the data.
We reviewed some of the features that were needed for this new security approach and the risks/challenges that needed to be addressed. Security analysts such as Gartner and IDC have a new security term that is relevant to this emerging security environment and have coined it the Security Internet Gateway. The principle function of the Secure Internet Gateway is to secure the cloud environment in the same way that we secure the on-premises environment.
Implementing a security platform in the cloud will break the limitations and constraints of centralised solutions. The security must be flexible in line with user access, virtualised to deliver security wherever it is needed and extend beyond just securing web protocols such as http and https. Most security vendors now offer cloud based security solutions and in many instances what they have done is taken a conventional security component such as Anti-Virus or Web Proxy services and deployed it in the cloud. While this may be a good start, a range of other technologies need also to be included in the security stack deployed to protect users and data.
When users connect to the web they must immediately undergo inspection and policy enforcement to ensure their connection is being done in a secure manner. These may include but not limited to;
- Visibility and enforcement of policy on or off VPN
- Security against threats from all ports and protocols
- Inspection of web traffic and file inspection including behavioural sandboxing
- Live threat intelligence from global internet activity with near real time updates
- Visibility and control of SaaS applications
Clearly no single solution can provide all of these components, but a Secure Internet Gateway correctly specified could go a long way to providing many of these security measures. Secure DNS must be a major component of the functionality of Secure gateway because of its ability to stop a large swathe of attacks before they reach the user or the data.
We have outlined in previous blogs the pivotal role that DNS plays in almost all web based communications, yet DNS is not understood by most users. DNS is involved but not necessarily exploited in 92% of cyber attacks and therefore it can be used in a secured manner to block most attacks. Some examples are that 100% of organisations interact with known malware sites. If these are known to the DNS servers, they could block access with no impact on the user or performance.
Once a device is infected with ransomware it will need to make a command and control call to get the key needed to encrypt data. Again secure DNS could prevent this connection and thus block the attack in its track until the key is downloaded, the data cannot be encrypted. Deploying a cloud security solution that includes secure DNS is a quick way of effectively managing the risk of ransomware and stopping the execution of malware once a device is infected.
In our next episode, we will provide more details about how secure DNS works and how some of the other Secure Internet Gateway features can be implemented and employed.
If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it?
We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.
Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.
It takes no time to install and you don’t have to provide any payment details (or even have a phone call).
So what have you got to lose?