Continuous Protection Against Breaches
Enterprise data breaches were more common in the first quarter of 2016 compared to last year, and companies are also taking longer to detect breaches when they occur. Those are the somewhat sobering takeaways from this Wall Street Journal article, which references studies by both the US Identity Data Theft Resource Center and Verizon’s latest Data Breach Investigations Report.
The most important information security question is no longer ‘will a data breach happen to my organization?’ but ‘when will it happen to me, and how will I identify it?’ The good news is that businesses are still in a position to minimize breaches, fight attacks when they do occur and reduce the costs of repairing the damage. It is all about achieving complete, real-time, 360-degree visibility of their entire organizational infrastructure, to help them defend against attacks, and minimize the potential impact of breaches. Here are three steps that enterprises can take to improve their network visibility and security, leading to more efficient and effective operations:
- Test Your Security Strength
This stage is all about exploring how proposed network architectures operate in real-life scenarios. What traffic patterns can your network cope with? How does it scale and contract? Crucially – how do your network and applications respond to mutations of known malware, which can be easily and cheaply tweaked by malicious hackers to create a slightly new form? It is vital that your network is subjected to realistic emulations of benign and malicious traffic before being set live. Only then can you be confident of its robustness in the face of real operational demands, and real malicious attacks.
- Enable Your Security
Technology is only one half of the information security picture. Your employees also need to be able to cover every stage of the security lifecycle. This starts with network design and stress testing configurations before rollout, ongoing monitoring during day-to-day operations, and finally incident response and repair when the worst does happen. You have a responsibility to ensure that your information security function is properly resourced and trained, and also that your wider workforce is educated as to appropriate behaviors, for example to reduce the risk of social engineering attacks.
Beyond this, it is also helping optimize and distribute the right traffic to your security tools – whether inline or out-of-band. For inline tools, it involves architecting your network with failsafe mechanisms like bypass switches so that serial inline security tools do not bring down your network should they fail.
- Activate Your Security Fabric
Beyond testing and enabling your security tools, your network architecture needs to fully activate your security fabric. This is the underlying fabric that sits beyond a visibility layer, beyond the traffic, and requires visibility intelligence to activate. This security fabric ensures that your security and monitoring tools are fully resilient, highly available and that your network design is self-healing. This is the only way to assure that both network and security are always up. Once your security fabric is in place, you can use its intelligence to maximize the efficiency of all your security, monitoring, and analytics tools. The embedded intelligence in your security fabric helps filter and direct the necessary traffic to the right tool. In addition, it ensures that SSL encrypted traffic is decrypted for monitoring and security tools to view to ensure no malware creeps in. As Ixia regularly warns, you cannot secure what you cannot see and putting in place a security fabric as shown below becomes very important in the fight against cybercriminals.
Resilient Security Fabric
Another way to increase your security tool performance is to prevent unwanted and unnecessary traffic from even reaching your network in the first place. This not only reduces risk in itself; it also reduces the burden on your IT security personnel and technologies, reduces false positives and human error, and minimizes the work cycles spent responding to attacks. If your company does no business in a particular geographical area and has no plans to expand there, why not simply filter out all traffic originating from those IP addresses? It just makes sense to lock out any place you do not do business or is known to be malicious.
Collectively, these principles form a truly comprehensive, beginning-to-end, 360-degree approach to network visibility and security – helping to create continuous protection against ever-evolving cyber security threats.