In-brief: In a world where billions of devices, users and applications can come and go freely, how do you make sure that the threat protection defenses you have in place are working properly to protect your environment?
Modern networks now go beyond traditional walls to include data centers, endpoints, virtual, mobile and the cloud. These extended networks and their components constantly evolve and span new attack vectors including: mobile devices, web- enabled and mobile applications, hypervisors, social media, web browsers, home computers, and even vehicles.
The barriers that have traditionally separated “trusted” from “untrusted” and “inside” from “outside” have disappeared. Security professionals today must face the dual challenge of defending a dynamic extended network and establishing defenses to a myriad of new points of vulnerability. In a world where billions of devices, users, applications, etc. can come and go freely, how do you make sure that the threat protection defenses you have in place are working properly to protect your environment?
Defending your infrastructure begins with visibility of what’s in the environment. Having the ability to see in real-time and identify what needs to be protected is crucial in enabling security professionals to gain the intelligence necessary to take informed actions.
[Read more of Scott’s writing on security here.]
In previous posts, I’ve discussed both the essentials for visibility-driven security as well as the need for different dimensions of visibility across the attack continuum. With visibility, defenders can understand how attackers think and what is required to secure our infrastructure.
Increasingly, users are working from anywhere, anytime and on a range of device types. As a result, data now exists in the cloud and is passed back and forth, creating significant implications for how to apply proper policies that allow users to work remotely in a secure fashion. With these new models becoming commonplace, you must re-think what is required to protect your infrastructure.
We are now dealing with a world of new and unforeseen scenarios where data and information travels outside the sphere of enterprise analysis. Users are accessing cloud-based applications and services to store and access sensitive information. If a user receives a file, stores it in a cloud-based service, and then shares it with someone, as it moves from application to application, how do you protect that data? As data travels across the enterprise to these new applications, how do you spot suspicious behavior that can be indicative of a threat such as a user uploading more data than the daily average? Productivity and file sharing applications will keep a copy of the file, creating new dilemmas for security professionals who need to know where the data they need to protect resides across the extended network.
Addressing the challenges that cloud-based applications and devices requires additional layers of visibility and intelligence that can provide context about how these applications are used. Extending your domain of control to mobile users requires the right strategy for access and authorization, including the ability to connect users just to the network resources that are appropriate for their role, enforcing policies to block users from valuable resources they do not need to perform their job. Modern networks also require robust network segmentation that minimizes access to applications, servers and data, making it more challenging for an attacker to locate and gain access to valuable information.
What can we take away from this? Clearly, the growing reliance on cloud-based applications presents new opportunities for business efficiency and agility. But it also changes the way that data is stored, moved and accessed. That agility and ease also creates opportunities for internal and external attackers that must be addressed.
Now is the time to begin evaluating the defenses necessary to address these new requirements. Defending your infrastructure begins with a foundation of excellent visibility within your traditional network environment. But you can’t stop there. Modern networks require you to extend visibility beyond the traditional boundaries of your IT environment, capturing cloud-based and mobile IT assets that store and transmit sensitive data. Beyond that, you have to enable strong and uniform policies to critical assets in your traditional and extended networks.
As organizations continue to adopt new devices and applications, greater enterprise-wise visibility and control is needed to ensure you understand your environment and then can take the appropriate security actions when needed.