Early in my high-tech profession, Solar Microsystems was considered a computing visionary. Solar coined an intriguing firm’s tag line early on: “The community is the pc.” What did that imply? It meant IT infrastructure was linked collectively in a loosely-coupled structure, tied collectively through networking applied sciences equivalent to Ethernet cables and the TCP/IP protocol. Thus, it was vital to engineer the community appropriately to maximise community availability, efficiency, and enterprise advantages.
Sure, issues have modified because the early 1990s. Some networks dwell within the cloud, some are digital, and a few depend on application-to-application connections, however networks nonetheless join IT techniques collectively in a method or one other.
Trendy community safety
Amidst this transformation, community safety has needed to change with the instances. In my humble opinion, fashionable community safety should assist:
- Finish-to-end protection. Perimeter safety inspecting ingress/egress site visitors is not sufficient. Trendy community safety controls should be instrumented into all community segments for inspection of east/west site visitors, community communications within the cloud, and community communications from distant employees to software program as a service (SaaS) functions the place the site visitors by no means touches the company community. In different phrases, all community site visitors must be inspected.
- Encryption/decryption capabilities all through. In response to ESG analysis, 50 to 60% of all community site visitors is encrypted immediately, and this can solely enhance sooner or later. (Notice: I’m an ESG worker.) Meaning a complete community safety structure should embrace the flexibility to decrypt and examine site visitors at a large number of management factors. Trendy community safety applied sciences also needs to be capable of detect suspicious site visitors with out the necessity for decryption in all instances. This functionality is already included in choices equivalent to Cisco Encrypted Site visitors Analytics (ETA) and stand-alone options from distributors equivalent to Barac.io.
- Enterprise-centric segmentation. Lowering the assault floor must be a main requirement for all fashionable community safety applied sciences. This equates to 2 capabilities: 1) Segmenting east/west site visitors between utility tiers, and a couple of) Implementing software-defined perimeter community segmentation guidelines between customers/units and network-based companies. These capabilities are sometimes vaguely known as “zero-trust.”
- A central management aircraft and distributed enforcement. This one is a “must-have.” All community safety controls (i.e. bodily, digital, cloud-based) should report into a typical management aircraft for administration actions (i.e. configuration administration, coverage administration, change administration, and many others.). The central management aircraft will possible be cloud-based, so CISOs ought to put together risk-averse auditors and enterprise managers for this alteration. Armed with directions from central command and management, community safety techniques should be instrumented to dam malicious site visitors and implement insurance policies no matter their location or kind issue. Notice that whereas each community safety vendor will pitch its personal central administration service, third-party software program suppliers equivalent to FireMon, Skybox, and Tufin might play a job right here.
- Complete monitoring and analytics. Because the outdated safety adage goes, “the community doesn’t lie.” Since all cyber assaults use community communications as a part of their kill chain, safety analysts should have entry to end-to-end community site visitors evaluation (NTA) up and down all layers of the OSI stack. The perfect NTA instruments will complement fundamental site visitors monitoring with detection guidelines, heuristics, scripting languages, and machine studying that may assist analysts detect unknown threats and map malicious actions into the MITRE ATT&CK framework. CISOs should forged a large internet, as there are many sturdy options to select from pure-play startups (i.e. Bricata, Corelight, DarkTrace, IronNet, Vectra Networks, and many others.), networking consultants (i.e. Cisco, ExtraHop, NETSCOUT, and many others.), and community safety distributors (i.e. Fidelis, FireEye, Lastline, HPE, and many others.). Caveat Emptor!
Community safety applied sciences should assist granular insurance policies and guidelines, topic to speedy alteration primarily based upon modifications in issues equivalent to consumer location, community configuration, or newly found threats/vulnerabilities. Organizations should have the flexibility to spin up/spin down or change community safety companies at any time when and wherever they’re wanted. Trendy community safety controls should be capable of accommodate web of issues (IoT) units and protocols with the identical kinds of sturdy insurance policies and enforcement as they provide for normal working techniques. Lastly, community safety architectures should be constructed round simply accessed APIs for speedy integration.
Solar Microsystems is lengthy gone (now a part of Oracle, by the best way) however networks are nonetheless critically essential no matter their kind issue. A contemporary community safety structure cannot solely shield all community site visitors but additionally assist organizations lower the assault floor, enhance risk detection/response, and assist mitigate cyber danger. That’s saying loads.
Copyright © 2019 IDG Communications, Inc.