Upwards of two-thirds of UK adults are set to work remotely for the remainder of this year. The pandemic is creating a larger attack surface and increasing opportunities for cybercriminals. In effect, the enterprise perimeter has not only expanded, but it has also become much more distributed.
Likewise, modern cyber-attacks are not just limited to network intrusion from the outside. Internal threat actors can often be found at the centre of sophisticated attacks. Today, threats come from both inside and outside the organisation, via the business partner and supplier ecosystem, and through employees working remotely.
It means we need to re-assess and re-think the way we defend our networks, users and data. For example, organisations will need more support around connecting and managing BYOD devices on the home network, including sharing of policies and tools around sensitive data, which could be accessed via insecure Wi-Fi. Additionally, with ransomware, phishing and DDoS attacks growing exponentially, they will also be looking for technologies that enable them to protect networks from cyber-attacks, especially those that threaten network availability.
Defending your network against a Trojan Horse
In the past, defending yourself and your sensitive assets was simple – you had a general idea who your enemies were, from where they might attack, and what weapons they might use. It is the equivalent of putting all your key assets inside a castle, building strong walls and moats around them, and defending the barriers with all available resources. Defensive strategies were built around this concept for centuries.
Throughout history, we have seen that such defences failed whenever there was sabotage from within, made possible by “insiders” with malicious intent. However, there have also been instances where attacks and breaches were made possible by insiders who weren’t necessarily aware of the threats. They were unwittingly bringing in, as in the example of ancient Troy, the Trojan Horse that was used to invade the city.
Today, attackers are always evolving their methods; always looking for weak points in network defences and coming up with novel ways to infiltrate the perimeter. Zones, perimeters and network segments placing all the protected assets “inside” the secured network perimeter doesn’t work anymore. We also need to realise that the “castle and moat” approach to our network defences was mostly effective against threats that resided outside the network.
Businesses face twin challenges. Threats on the inside and modern attacks, working on multiple levels, to try to bring the networks down. How do we protect our networks from people who have legitimate access to all its resources? Add to these challenges regulations like GDPR, and the rising fines, and you will appreciate that having your networks attacked and data breached is one of the worst things that can happen to a company.
Adopting the Zero-Trust model
To combat both internal and external threats, many organisations are adopting a Zero-Trust approach. The Zero-Trust model is based on the simple principle of “trust nobody”. It defines rules enhancing the security of networks against attacks, whether they are initiated from the outside or within. The Zero-Trust model dictates that networks are redesigned in a way that traffic and access can be restricted.
That incident detection and response is improved using comprehensive analytics and automation solutions, as well as centralised management and visibility into the network, data, workloads, users and devices. And that access is restricted as much as possible, limiting excessive privileges for all users. In multi-vendor networks, the Zero-Trust model decrees that all solutions should integrate and work together seamlessly, enabling compliance and unified security.
Combatting blind spots in our network defences
That said, with the rise of encryption of internet traffic, it is becoming increasingly difficult to implement the Zero-Trust model effectively. That’s because with encryption comes the creation of a “blind spot” in our network defences as most of the security devices we use are not designed to decrypt and inspect traffic. The Zero-Trust model is not immune to this problem as visibility is considered as one of the key elements to its successful implementation. Without complete encrypted traffic visibility, the model will fail, introducing vulnerabilities that can be exploited by both insiders and hackers.
Therefore, a centralised and dedicated decryption solution must be placed at the centre of the Zero-Trust mode. It should be included as one of the essential components of your security strategy. Many security vendors will make claims of the ability to decrypt their own traffic, working independently of a centralised decryption solution. However, this “distributed decryption” approach can introduce problems of its own, including inferior performance and network bottlenecks, and fixing these could require costly upgrades.
A10 Networks (NYSE: ATEN) provides Reliable Security Always™, with a range of high-performance application networking solutions that help organisations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide.