Wily and financially motivated adversaries are regularly bypassing security safeguards of even well-funded IT organizations and exfiltrating sensitive information. Executive leadership is taking notice, with an astounding 66% of boards expressing a lack of confidence in their companies’ security, according to a recent survey undertaken by Veracode and the NYSE.
It is simply too easy for the bad guys to get in with phishing attacks or through vulnerable DMZ servers.
Many security vendors, including all the name brands, are heavily focused on building and selling “detect and contain” systems, which historically was a sideline business. This is fueled by a growing sentiment that it isn’t feasible to adequately protect the key systems that house sensitive data. Mitigating risk by containing threats when they are in progress is a critical component of an effective security strategy – however, implementing more effective protection measures should still be the top priority for every organization.
IT and Information Security need new and better tools so they can protect their key data, applications and servers. The tools must allow them to implement:
- “Man-to-Man” Defense. While network firewalls provide good zone-defense, they are incapable of tightly protecting specific applications and enforcing white-list communication and trust policies. Implementing per-application firewalls and application-based segregation is a must these days, at least for mission-critical systems. The firewalls need to work both ways – protecting the application and also preventing the app from conducting covert communications such as data exfiltration.
- Fewer and Faster Patches. The time it takes to scan and identify a vulnerability in an operating system or application is nearly instantaneous – but the time to fix, to verify nothing broke, and then install patches across a fleet of servers is slow. Patching server infrastructure should be rare, effortless, and risk-free. The per-application firewalls need to stop and block attacks against vulnerable applications. Applications should abstract key security functions, such as cryptographic and authentication libraries, so they can be patched separately.
- Known Good Verification. While grab-and-go attacks are popular, increasing numbers of aggressors are now burrowing and hiding. They gather intel and exfiltrate data slowly, below the radar. The big problem is it is too easy to compromise the operating system of a server, install rootkits or malware, and remain undetected. IT needs reliable ways to easily confirm if a server has been compromised.
- Vertical Tooling. Cars used to require a lot of after-market modifications – stereos, cup holders, navigation systems, emergency service lifelines… Nowadays, cars have all this stuff built-in so no assembly is required. Securing servers needs to go the same route. The number of parts an organization should have to assemble on its own needs to be greatly reduced from what it is today.
Imagine the day when these tools are available and widely deployed. Attackers will have a much harder time finding a system to target and installing attack tools that go unnoticed. IT can spend less effort assembling and operating secure systems and get off the painful patching treadmill. The threat landscape will fundamentally change and, this time, in favor of the good guys.
SDxCentral DemoFriday ALERT: Register now for the Skyport DemoFriday: SkySecure — A First Look at a Cloud-Managed Secure Server. Join SDxCentral and Skyport Systems on Friday, August 28th to experience how Skyport’s SkySecure will change how you protect your most important assets.