As the cloud becomes the backbone of the digitisation era we review what this means in terms of securing this emerging complex puzzle of users, data and applications. The interconnected world where access to business IT is expected anytime from anywhere poses different challenges than those previously faced by business leaders and technical teams.
While the changing compliance regimes, with regulations such as GDPR, have meant that your organisation is compelled to take a more comprehensive approach to all aspects of cyber security implementation, monitoring and reporting. Simply put new threats need new approaches because what was being done yesterday won’t protect you from today’s threats.
What are the most common and emerging threats you need to protect against?
- Unknown or day zero threats – new threats that have not been seen before
- Use of stolen credentials in the cloud – illegal access to data
- Data theft – stealing sensitive data
- Ransomware – encrypting data and demanding ransom payment to decrypt
- Internal breaches (malicious and non-malicious)
- IoT compromise – using IoT device to breach the network
- Phishing attacks – bogus emails appearing to be from trusted sources
- Website hijacking and drive-by attack – planting malware code on insecure websites
- Password attack – guessing the password to gain users access
- Malware attack – malicious software is installed on a computer
A number of technology approaches have emerged which are needed to counter the threats posed by the evolving cyber security threat landscape. Some of these are briefly discussed in the following section.
The endpoint along with your user is the most common points of security compromise or breach. Adequately protecting the endpoint will go a long way to mitigating potential threats. The approach, however, needs to be a proactive form of protection rather than reactive prevention that is associated with anti-virus type endpoint protection.
The next generation of endpoint protection typically must have some or all of the following features;
- Zero-day threat protection
- AV and anti-malware protection
- Protection against rootkit attacks
- Central policy control and alerting
- Real-time threat analysis from intelligence feeds
- Multiple detection measures
- File and device trajectory
- API support
- Continuous analysis and retrospective detection
- Offline support
Next Generation Firewall
Network-wide protection at the perimeter as well as against lateral spread between domains is now an essential component of the new threat defence landscape. Next-generation firewalls have a major role to play in this respect. Just simply having a firewall with stateful packet inspection is like having a leaky bucket in the face of emerging attacks.
With the growth of IoT devices from industrial sensors to thermostats to light bulbs, IoT while presenting a huge opportunity for analytics and automation of businesses processes, IoT presents a real security risk.
Networks now need to be segmented by a next-generation firewall which can then implement some of the following protection measures.
- Application visibility and control – view the potential thousands of applications on your network and control what is or isn’t allowed and how many resources they can have
- Malware protection – discover and block network-based malware
- Advanced Intrusion Prevention – detect and block the latest intrusion attempts
- URL Filtering – block undesirable content and dodgy websites that may be hosting malware
With the proliferation of cloud, more than 60% of business workloads are now cloud-based. Cloud security is at the forefront of consideration throughout the lifecycle of IT applications.
Given that workloads are accessed from anywhere the security that was formerly provided on network premises is no longer sufficient and now needs to be pervasive and advanced to meet the new reality. The new generation of security must embrace the cloud topology and will include the following features.
- Block threats for users irrespective of where they connect from and irrespective of whether they are using VPN
- Prevent access to malware sites as well as hijacked domains
- Protect users and data against compromised accounts
- Enable secure and responsive cloud access while maintaining productivity
- Extensive reporting of how, when and what users are doing
Cloud security will feature a number of technologies configured to provide a layered security approach and should include; Secure DNS, Cloud Access Security Broker, Web Security, Email Security.
The new cyber security reality and the necessary protection is likely not as big a step as some of us imagine given that many of these services are available as cloud services.
In addition, most security devices have only a small subset of their features enabled. Arm with a good plan and the will to take the necessary steps, achieving a healthy level of cyber security protection is within reach of most organisations today as it not solely the domain of the big well-resourced businesses.