3 Reasons Why Your Network Perimeter is Flawed, Not Gone
I was recently talking with EMA’s David Monahan about how enterprises secure and protect their network. He said that the traditional perimeter is flawed and no longer provides adequate protection. We discussed why this is true and how companies should rethink their security strategy to focus on detecting threats that may have already breached the perimeter as well as stopping them from entering. Our discussion ultimately became part of a white paper EMA wrote on Security Fabric.
If you think I am flawed for writing that the network perimeter is flawed, I am not describing the boundary concept in technical terms (i.e. the boundary between the private and provider network). I am writing about the theoretical aspect of a boundary that highlights where data, employees, and devices are. For instance, if a company-issued laptop connects to airport WiFi, where is the network perimeter?
So, where is the network perimeter in the modern enterprise network? Most likely, you cannot draw a line around it. Some people have dubbed the concept a vanishing or disappearing perimeter. Some have labeled the modern enterprise network as perimeterless. Gartner points out in The Myth of the Disappearing Perimeter that the perimeter is simply where people connect to the business. And if you subscribe to Gartner’s definition like I do, then the perimeter is not gone. Even if you disagree with Gartner on the state of the network perimeter, we can probably all agree that the perimeter is getting harder and harder to define and make sense of. And a unilateral plan to only protect the traditional network perimeter will expose you to greater risk than it did in the past.
Here are three reasons why your network perimeter is flawed and requires a multi-pronged approach to security beyond simply protecting the perimeter.
- More remote workers
Modern employees are no longer tethered to the office. They work in airports, coffee shops, and at home. Some remote workers still use VPNs to connect back to headquarters, but many rarely connect to the corporate network at all. Yet, they are accessing and storing company data on their machines. Employee-used devices need protection and the corporate network needs interior security monitoring in case the laptop picks up a threat and it’s walked back into the office by the employee.
- Data is everywhere
What was once sitting inside the company’s data center, now may be running on Amazon Web Services (AWS). So much data is fleeing the enterprise data center and headed to the cloud. Software is moving there too. Sometimes it’s a cloud-based application replacing a desktop app. Sometimes it’s the same application that was once running inside the data center, but is now a workload running on infrastructure-as-a-service (IaaS). Protecting company data in the cloud is now the dual responsibility of you and the provider. But ultimately, today’s threats have more ways to enter, move around, and exit your network.
- Mobile devices are bypassing traditional security defenses
The mobile employee is no longer tethered to the office. They use an array of mobile devices for both personal and professional purposes, blurring the line between home and work. And the mobile employee is downloading untrusted applications and running them on the same device with trusted applications and trusted network access. An Android device running a new malware variant called Gooligan, which can pilfer files, location data, contacts, and WiFi information as well as take screenshots and act as a key logger, might be on your network right now.
The increased sophistication of attacks has made it easier to penetrate an ever-porous network perimeter. The network perimeter is not gone, it’s just flawed. And as a result, the historical strategy of protecting the perimeter is also flawed and requires new thinking.
Look for ways not only to defend against attacks at the perimeter, but also to monitor network traffic moving inside. To help you get started, we have put together a model for deploying and integrating network security and monitoring tools to jumpstart a new approach to protection and detection.