For many years now, IT organizations have been moving away from traditional cybersecurity models to more advanced and sophisticated models. The perimeter-based “castle and moat” or “M&M” model – whichever you prefer – has been on the way out for quite a while, mainly because the network perimeter itself has been disappearing.
Companies large and small have undergone tremendous digital transformations over the past several years, including briskly moving to next-generation XaaS platforms (expected to reach $278.3 billion in market revenue by 2021) and adopting more Bring Your Own Device (BYOD) and work-from-anywhere policies.
This transformation has turned any device into a “work” device and expanded the network to the internet itself. This was all well underway when the COVID-19 pandemic accelerated this transformation, forcing more organizations to adapt to ensure that their workforce and assets were protected and their infrastructure supported widescale remote working.
The new cybersecurity perimeter is now the employee – it’s wherever the work is being done. That means organizations must ensure secure connectivity from multiple devices located anywhere, to multiple dispersed resources located anywhere. For example: A user having the ability to access an accounting application on a virtual server in the company data center from a laptop at a local coffee shop or accessing a cloud-based CRM from the dining room table on a personal iPad.
There are endless combinations of users, data, locations and resources – and trying to protect all of this with the mindset of “inside the network” as opposed to “outside the network” simply doesn’t work anymore. The traditional perimeter model wasn’t designed to protect this type of environment and does not do so very well. Instead, companies should focus more on adopting a Zero Trust model and considering the identity as the new perimeter.
A user’s identity extends beyond the traditional perimeter and is their way of accessing resources, wherever those resources may live. Identity management is core to a Zero Trust model, along with asset management, threat intelligence, dynamic policy enforcement, micro-segmentation of resources, and encryption. Together, these steps comprise what the National Institute of Standards and Technology refers to as the Security Control Roadmap.
Being the initial building block of Zero Trust and the way in which users gain access to resources, identity management is much more than just a username and password. It’s the ability to verify and authenticate a user and ensure that they A) are who they say they are and B) should have access to the resource they are trying to access. This can and should include multifactor authentication as well as auditing to determine risk and to ensure that only the needed access is granted to an identity based upon their role.
This should go beyond just a simple inventory of all hardware and application/software assets to include a risk assessment and classification for each asset. Assets should also be checked for compliance and should have policies applied based on their classification.
Threat intelligence covers a wide range, but in general, it’s the ability to take data from multiple sources and analyze it to turn it into actionable intelligence that can allow you to discover and prevent attacks.
This data can include log and packet capture data from disparate internal systems, security bulletins and white papers about hardware and services, external internet-wide threat trends, and many other sources. Threat intelligence is typically some combination of a system collecting this data, a service or application processing and analyzing the data to turn it into intelligence and reviewing the intelligence to adjust configurations and policies based on the intelligence.
Increasingly, this is being done more with machine learning and automated systems that can act in reviewing the intelligence and stopping threats much quicker. Most modern firewall platforms, for example, have some sort of automated threat intelligence built into them.
Policy enforcement should be a dynamic application or rules engine that can look at the asset and the identity that is trying to access it and decide to either allow the access or not based on risk, classification and existing policies. Policy enforcement can also include data from threat intelligence to determine risks in almost real time. Policy enforcement should cover data as well as identities and assets, and should also provide both governance and reporting.
Micro-segmentation is taking the applications and workloads, as well as the networks, and splitting them up into segments based upon their purpose and who needs to interact with them. Physical security assets should be on their own network and separated from other workloads. Cloud-based applications should be locked down to only the users that need access to them and only from permitted devices. Micro-segmentation allows more granular control over resources and can dramatically decrease the fallout of an attack or breach.
All data should be encrypted when in transit and when at rest. Encryption protocols should be enforced for any user or device accessing data across the public or private network.
Among the many other challenges they’re currently facing, organizations must now take a harder look at their cybersecurity vulnerabilities – and their defense against them. With many workforces still operating remotely (at least in part), companies face more cyber risks than ever before. Understanding these risks is a good first step, but taking action to defend against them can help companies minimize their risks and better protect their workforce and assets.
Defend your cybersecurity perimeter with a network protection solution that helps keep your networks, devices and data safe from daily cyber attacks. Click the button below to explore the solution.