Securing a corporate computing environment is challenging, to say the least. The last few years have shown that even with a robust security infrastructure in place, many corporate networks fall prey to determined and persistent cybercriminals. In fact, the attackers’ malware typically does its damage for weeks or months before losses are detected.
One dirty secret of corporate hacking episodes is that the adversary’s code can be nearly impossible to remove—even after it’s discovered. The hack may have made headlines a month ago, but without next-generation cybersecurity, there’s a good chance the hackers are still in there and capable of wreaking havoc. Clearly, new approaches and solutions are necessary.
Two Secret Weapons For Cybersecurity
Organisations are beginning to discover two little-known but very effective security defences. The first is network visibility—a way to see who is on your network every minute, map their locations and know everything they are accessing. When corporate security managers have a real-time view of every connected device, every user, every application and every malware link clicked on by the careless or unwary, they have a far better chance of pinpointing the small minority of highly damaging incoming threats.
The second secret weapon is speed, and speedy remediation is a function of visibility. The faster you see a tear in your safety net and close it up, the faster the net can effectively do its job. What’s more, repairing a breach with speed and confidence limits damage done to public trust.
From a realist’s perspective, we may not be able to stop cybercriminals every time, but we can make it extremely difficult for them to get away with anything useful. We can make it so difficult, in fact, that most attackers will give up and go looking for a softer target. Which should suit cyberdefenders just fine.
Centralised Coordination Of Security Events
The best-practice solution to harden networks is the installation of a centralised response centre. This makes sense because many enterprises have plenty of security solutions for each individual problem. But too many security solutions running parallel at the same time, without exchanging information, will not be able to reach a sustainable level of protection.
A recent survey by SC Magazine asked 350 corporate executives and consultants in the information security industry about their current set-up regarding security tools. Respondents indicated that 52 percent of their companies use more than 13 security solutions. Fully 78 percent of respondents would like to see these tools linked in order to increase their effectiveness.
While traditional tools are still necessary, IT professionals increasingly realise the need for innovative network monitoring solutions. In a recent survey of senior IT managers by research firm Frost & Sullivan, 75 percent of respondents thought the best tool to improve security in networks is network monitoring.
The findings of the Frost & Sullivan survey showed that companies are looking for security architectures that operate on the network level and can exchange information with other solutions. IT also needs an automated incident response centre that allows full insight. The interaction with other tools, for instance, through the use of application programming interfaces (APIs), allows bi-directional integration so that information from existing security investments can be shared.
For example, information from antivirus, SIEM or intrusion prevention systems can be channelled into a centralised response framework that is able to integrate the other security solutions and combine their capabilities. With this guidance, intelligent responses can be automated and enforced in real-time.
Network access control (NAC) solutions have been on the market for a while now, but with Next Generation NAC, the technology has taken a significant step toward a new age in IT security. Besides being capable of the previously mentioned integration,
Next Generation NAC does not need to have agents (also called supplicants or clients) installed on network endpoints. These NACs are compatible with all common operating systems and support employer-provided, BYOD or company-owned, personally enabled (COPE) approaches.
Flexibility is important. Enterprises need solutions that do not rely solely on the 802.1X standard and can deal with virtual infrastructures, more expansive network environments (comprised of multiple subnets), and remote and transient devices. The support of alternative authentication methods allows the management of both employer- and user-provided endpoints. Even small-footprint Internet of Things (IoT) devices can be embraced. Depending on the level of trust associated with a device, location and position, a “fingerprint” at the port of entry can be taken to understand the status of each user individually.
To keep pace and minimise the harm cybercriminals can do, businesses must not only invest more and adopt a visibility-and-speed strategy, but also must push for IT systems that talk to one another. That way, when a threat is detected, it is rapidly shared and recognisable to multiple defence systems. It would be overly pessimistic to call the cybersecurity battle unwinnable. But for businesses to gain the upper hand, they must adopt the creative and collaborative skills of cybercriminals who are out to get them. Acknowledging that cybersecurity defences occasionally will fail is not accepting defeat. It’s a stepping stone to more effective corporate security strategy.