Stop vulnerabilities in your network: why 229 days is an unacceptably long to give hackers access to your network

Minimizing an overlooked attack vector: interior networks

By: Dwight Koop, COO at Cohesive Networks

The most frightening part of big-story data breaches has been how long it takes to detect malicious traffic or a network breach. In Sony’s case it was never detected; the hackers posted threatening messages and leaked the data publicly. The Experian/T-Mobile breach lasted over 2 years.

Mandiant’s 2014 Threat Report found the average time for a company to detect breaches is 229 days; 4 percent slower than reported in 2012. Ponemon reports that it takes IT security teams in financial services an average of 98 days to detect intrusion, and an average of 197 days in retail.

These trends beg 2 questions: 1, how can organizations minimize the their attack vectors while benefitting from cloud? Two, can network security measures make network intrusion significantly less fruitful for hackers?

With greater network sprawl, we should assume internal networks are as dangerous as public internet.

So how can we protect applications, servers, systems inside a network? Segmentation.

Most applications (ie, the set of servers that perform a business function) in a network can be made “invisible” to each other (from a network perspective). Even with only basic interior firewall rules, an organization can protect themselves from a Sony-style data exploit.

Segmenting by application or function, some call it micro-segmentation, can achieve greater security and granular control by making cloud or data center resources invisible and undetectable to each other.

Savvy IT teams build security into every aspect of application architecture. By assuming all networks are dangerous, teams can better secure critical data as it travels across networks or resides in shared environments. By using segmentation at the application level, critical application can limit their network interactions to only essential traffic. Most app servers should be invisible to each other as well, allowing app teams to focus app needs, not blanket policies.

Make sure to also read:

• Chicago School of Cybersecurity: How the NIST Cybersecurity Framework Can Apply to All IT Organizations (Part 1) — the history and implications of the NIST Framework
• “Putting the NIST Cybersecurity Framework to Work” a use case for applying the Framework to an IT organization

Subscribe to the Cybersecurity War Stories publication on Medium to get more from me and other IT security professionals in the trenches.