Subscribe
About

Getting a grip on security in a chaotic world

Cyber crime and hybrid working – with rapid changes come new security issues and challenges. In this decentralised world, security leaders must find ways to keep network access and valuable data out of the hands of criminals without hindering productivity. But how do you get a handle on security in this chaotic world?
Steven van Gysel, Manager, Solutions Architect Northern Europe at Infoblox
Steven van Gysel, Manager, Solutions Architect Northern Europe at Infoblox

It is no surprise that data breaches rank number one [info.infoblox.com] as the biggest concern of numerous organisations, given the lack of control of visibility into remote access on the corporate network. At the same time, there is an increasing reliance on cloud-based applications that carry increased risk if vendors fall short on security and/or fall victim to attacks themselves.

According to recent research by Infoblox [info.infoblox.com], there are especially many concerns among security professionals around the lack of transparency about what security tools remote employees and vendors with network access are using. Moreover, according to the research, it is currently far from certain that internal systems are resilient enough to recover from attacks by state actors. But that's not all.

Working from home + poorly secured WiFi = a big problem

Internal threats (intentional or accidental) also remain a problem. Especially now, it sometimes seems just about impossible to control how employees handle corporate data. A consequence of the rapid and massive shift to working from home, combined with the proliferation of digital consumer services, is that the likelihood of data breaches has increased. One of the most successful attack methods remains phishing, but zero-day vulnerabilities are also the cause of many successful attacks.

A security breach can undermine confidence in internal knowledge and strain relationships with vendors, especially if the breach was facilitated through a third party. Consider, for example, the Kaseya attack [blogs.infoblox.com] in 2021. Still, scepticism doesn't help. After all, it only becomes more difficult to maintain a good defence if the defenders lack confidence in their own abilities!

With visibility, you win the race

You can't defend against what you can't see. Especially in a world of decentralised networks, visibility is the key to sound defence. Boarding up is not realistic. As network edges are more porous, usage shifts to the cloud and mobile devices and attackers have better tools than ever, "defenders" must assume it is only a matter of time until an attacker will successfully penetrate the network at some point.

When that happens, you need to have as much visibility into your network as possible to stop the attack as early as possible in the kill chain. In doing so, it is advisable to pay attention to core services such as DNS, DHCP and IPAM (DDI). These services provide visibility into the network to help detect a potential threat. In addition, by combining security through the DNS resolution with other security services, you can reduce risk for all cloud, hybrid and on-premises assets.

Complementing this, the MITRE ATT&CK [attack.mitre.org] framework can also provide useful tools to then also get insight about the attack patterns of criminals. ATT&CK describes the activities of attackers and the step-by-step tactics and techniques they use. This allows companies to communicate clearly with others about the exact details of the threat. ATT&CK also provides a strong framework for describing current security controls and processes. At a basic level, MITRE ATT&CK enables SecOps staff to identify the nature of a threat, relate that threat back to the control mechanisms that should provide protection, and ultimately determine whether or not those mechanisms are effective.

In short, by prioritising visibility within networks and using models such as MITRE, organisations are able to better protect their decentralised networks. 

Share