Stop vulnerabilities in your network
Why 229 days is an unacceptably long to give hackers access to your network
Patrick Kerpan, CEO at Cohesive Networks
Whether data breaches are due to internal errors or external threats, the complexity of managing risks has stalled cybersecurity efforts for scores of corporate enterprises. Even more frightening, the Mandiant 2014 Threat Report states most corporations are unaware that it takes more than 229 days on average for IT teams to detect a data breach now that their data is traveling beyond traditional security controls. Enterprises are using more third party owned and controlled area, meaning corporate networks and critical enterprise data are moving outside of the data center and IT silo.
Traditionally data center security has focused on keeping data physically isolated via the perimeter or “demilitarized zone” (DMZ). But with nearly 80% of all security spending focused on the perimeter, just 20% is left for all other monitoring and prevention.
The weaknesses of perimeter-based security focus were on display when hackers accessed critical data inside the networks at Sony, Target, and Home Depot. In the 2014 Sony data breach, former employees breached the perimeter using their old logins. Once inside, they were able to freely jump from payroll data to employee emails, then to music albums and contract documents.
The most frightening part of these hacks? Even with tools and talent they can be incredibly hard to detect, in Sony’s case it was not detected. Employees only discovered the breach when the hackers posted threatening messages and leaked corporate data.
This begs two questions: one, can we shrink the time-to-detection, and two, can we make the time-to-detection significantly less fruitful for the hackers? The former has received significant attention, the latter has been somewhat ignored. Due to the advent of ubiquitous virtualization and automation it is a rich area for improvement. Why not defend the network interior? Can we defend the interior?
At Cohesive Networks we believe protecting the application edge is key. Not only should your data center have a hard edge, each of your applications should as well. First, throw out the concept of “a” perimeter. As an example, Google has launched its “BeyondCorp” initiative to secure corporate applications by treating them all as “if” they are on the public Internet. In doing so, Google is doing for Google, what Cohesive Networks has been advising customers for years: delivering application security regardless of network context.
By assuming the internal network is as dangerous as public internet, organizations of all sizes must rethink how to secure critical data. Using application segmentation, most applications (the set of servers that perform a business function) in a data center can be made “invisible” to each other (from a network perspective). Add to this, that enterprise applications hardly need to talk to each other, and if they do it is via well known junctures. Considering most servers within an enterprise application do not need talk to each other either, most application servers should be invisible to each other as well.
When segmentation strategies were based on physical cables, keeping servers invisible was impossible. When segmentation strategy was re-programming the VLANs, this was not practical. With virtual infrastructure like VMware and Xen it became possible, and with the advent of DevOps and containers, it becomes pretty close to “easy”.
Exterior-focused models only protect the data center edge. Organizations must add application-specific security including application encryption and application firewalls. So while rapid time-to-detection is needed, we need to make the value of a penetration to hackers dramatically lower. Application-centric network security, using virtualized security devices, can achieve this by making most of the devices in your data center or cloud invisible and undetectable to each other.