The “castle and moat” approach to IT security is ineffective in an era where threats are likely already within the enterprise, and the real risk lies in what leaves the enterprise, not what gets in, writes Fortinet security consultant Jonas Thulin.
Back in the days when all data resided within the enterprise and the only IT threats were malware designed to shut down systems, perimeter protection was enough. But today, cloud-based computing, the mobile enterprise and a staggering array of attack models have turned IT security on its head. Now, cyber criminals are intent on stealing data, using a multitude of methods, and in many cases, their malware has already breached enterprise systems although the enterprises are not aware of it. It’s not about infiltration anymore, but about exfiltration of data.
In the face of ever-increasing, multi-vector attacks, enterprises need an array of next generation firewalls and security tools that are not just effective, they should also not degrade network performance. They need to rearchitect their systems to enable ongoing security and performance monitoring across all layers, and they need to have granular visibility and control across the network at all times. Most importantly – they need a plan.
Treating IT security as a checkbox exercise is no longer effective. Organisations need to begin with a full risk analysis, identifying what assets they need to protect, what the risks are around those assets, and the cost to the company of the loss or exposure of the assets. Based on this priority assessment, the organisation needs to generate a multi-layered security plan that encompasses all systems, networks and applications, going so far as to address access permissions based on who enters the network using what device. In many cases, achieving this level of control may require rearchitecting entire systems.
We see organisations requiring extreme levels of customer data protection even looking to segment their data all the way through to the data centre, so that any breach has a limited scope. Multi-Layered Defense tools with key security features such as Web filtering/IP reputation, whitelisting/blacklisting, application control based on users and devices, DLP, IPS/IDS, cloud-based sandboxing and endpoint control or AV are essential to stop potentially malicious applications and malware, and prevent sensitive information from leaving the network.
An effective IT security plan also needs to include visibility and control across the network, allowing administrators get to the root cause of a breach or attack in real time. Administrators must also have the ability to conduct real-time and historic attack analysis for in-depth forensics; and a detailed response plan should outline the procedures and priorities for conducting this analysis. It is also crucial to educate employees on cyber threats and the proper use of social media. Employees with access to sensitive information need to be specially trained, and two-factor authentication might be introduced for remote users or those accessing sensitive information.
