Enterprise Security; New Realities, New Challenges
Authored by MD - INDIA & SAARC, Radware, Nikhil Taneja
Organisations need Integrated Hybrid solutions tofight complex attack campaigns and emerging threats at multi locations
Until recently, everything enterprises needed to protect; be it the data centers or applications, databases, were nestled inside the perimeter. The basic rule was to secure an organization’s perimeter and its assets
Today, the perimeter walls no longer exist, as enterprise applications have moved to the cloud. In short, assets are everywhere. In this scenario, how can an organization protect all enterprise assets—no matter where they reside?
In many organizations, Data centers operate in multiple locations, while a growing portion of the infrastructure lives in the cloud. Dispersing the IT infrastructure while having its benefits also throws up many challenges. With the safe borders of the perimeter no longer protecting all enterprise assets, existing security measures need to be re-evaluated.
While enterprise security is evolving, so are cybercriminals and attacks. Attackers and tactics are becoming increasingly sophisticated. It has become common knowledge that there is no way to prevent attacks—but there is a very strong need to mitigate them.
If an organization’s security strategy does not take all of that into consideration, the organization and its users are at risk.
Recent developments in information technologies and user mobility have transformed the IT infrastructure into a strong enabler for business agility and efficiency—while also introducing new security challenges to IT/security managers and enterprises.. The following are some of the scenarios that prevail in today’s times-
• The network perimeter is disappearing. As enterprises haveextended IT infrastructure to the public cloud, deploying new applications in the cloud or using it for disaster recovery, they now face the need to protect applications in the cloud as well as private data centers. In such a case, traditional security technologies become inadequate and enterprises must build multiple skill sets and maintain a new set of management tools.
• The Content Delivery Network market is expanding. Content delivery network (CDN) solutions present new vulnerabilities, with hackers asking for dynamic content to overcome the powerful cache offloading mechanism that is the core of CDN solutions. Using this method, sophisticated attackers can build attack tools that go below the CDN radar and manage to saturate the application servers in the data center.
• Data center virtualization is driving vulnerability to availability-based attacks. While private cloud technologies protect the confidentiality and integrity of application data, they lack the ability to protect the physical infrastructure against availability-based attacks. Attacks targeting external applications impact the availability of internal critical applications—and an attack on a single application may endanger other applications on a shared infrastructure.
According to Gartner, enterprises are overly dependent on the “blocking and prevention mechanism” that are increasingly ineffective against advanced attacks. Recognizing that security tools typically act as “islands of knowledge,” attackers are launching complex attack campaigns that exploit the lack of integration. Organizations that invest in security information and event management (SIEM) solutions often become overwhelmed by the data generated from each tool, which in turn, only distracts operators, thus further prolonging attack mitigation.
Considering all aspects, the only holistic solution would be a distributed solution. To fight complex attack campaigns and emerging threats, the distributed nature of a current IT infrastructure should be the core influence on the design of the security architecture.
In other words, if assets are dispersed in and accessed from multiple locations and devices, detection and mitigation tools should also be distributed. Detection coverage should be expanded to exist across all enterprise resources. More endpoints mean more types of detection tools, detection tools in different locations and, very possibly, tools from various vendors. Of course, having multiple detection tools would still require a staff to manage and maintain them—and decide when, where and how to mitigate detected attacks.
It is inevitable that going forward, detection and mitigation solutions will evolve to become faster, more accurate and more automated—though they will still need to be managed and maintained. Organizations will need a better understanding of the processes and improved visibility into attacks, before, during and after they occur.