Censys: The World of Attack Surface Management
Jade Kahn, CMO at AlgoSec, shares five things that CSOs and network security personnel should focus on in 2021
In January 2020, no-one could have predicted how unpredictable the coming year would be. But despite the seismic changes to the way we work, the biggest security threats to organizations were mostly the same old threats we’ve been facing for the past five years. Yet even the largest enterprises with the most advanced, next-generation security are still getting breached. Why? Because all too often, the fundamentals of effective security management are being neglected, meaning security processes are inefficient – which in turn leads to vulnerabilities.
To address this problem, let’s take a look at five security management fundamentals that will help to keep your organization, users and customers safe in 2021.
Don’t fly blind - visibility is key
The challenge of visibility comes back to this; you cannot protect what you cannot see. So, the first thing you need to understand is what you have in your network, which means building a complete repository of all your network and security devices.
Having comprehensive visibility across your network environments, whether this is on-premise or in the cloud, is fundamental to establishing and maintaining a robust security and compliance posture. In-depth visibility shows which business applications and underlying connectivity flows will be impacted by security rule changes, or planned server and device downtime. This is critical to understanding the impact on key applications when migrating or decommissioning servers or troubleshooting problems, and to avoiding costly outages.
Without real-time, accurate and relevant information on exactly what vulnerabilities and issues may be impacting critical business applications, effective risk management cannot be truly achieved. With holistic visibility of security across both cloud and on-premise networks, in a single pane of glass, IT and security teams can easily link vulnerabilities and cyber incidents to specific business applications – and prioritize their decisions and actions based on strategic, business-driven needs.
Once you have gained visibility of your network and its related connections, how do you generate documentation of application connectivity? The obvious choice is to employ a solution that automatically maps the various network traffic flows, servers, and firewall rules for each application.
During a conversation with one of the top US airlines, we discovered that they needed to manage 56,000 rules; that is an enormous amount of information. Manually checking each of these rules, which are often poorly documented, is incredibly time consuming and prone to errors, leading to misconfigurations and potential security holes. Verizon’s 2020 Data Breach Investigations Report stated that over 40% of all breaches it investigated resulted from misconfiguration errors.
Automation eliminates these manual mistakes. Achieving true Zero-Touch automation in the network security domain is not an easy task but over time, you can let your automation solution run handsfree, as you conduct more changes and gain trust through increasing automation levels step by step. Soon, you will have reached the automation ideal of full, Zero-Touch network change processes – eliminating the network ‘grunt work’ and the risk of costly mistakes which result from human error. Zero Touch also ensures that the balancing act between security and business continuity is maintained, reducing risks while enhancing the organization’s overall speed and agility.
Segment for security
Hackers are never going to give up targeting large corporations, and ransomware attacks will never be eradicated. So if organizations are under constant attack, how should they mitigate the risks of a successful breach and stop the hackers being able to move freely across their networks?
Micro-segmentation minimizes the damage that hackers can do if they gain access, by isolating servers and systems into separate zones to contain intruders or malware as well as insider threats – much like the watertight compartments of large ships.
Moving to virtualized data centers with Software-Defined Networking (SDN) enables more advanced, granular zoning, allowing networks to be divided into hundreds of micro-segments. But virtualization does not eliminate all the stumbling blocks involved. Enforcing security policies and firewall configurations on all systems and across different IT environments would still have to be done manually, which is an enormous task for the IT security department.
Automated network management makes it much easier for companies to define and enforce their micro-segmentation strategy. It also ensures that critical business services are not blocked due to misconfigurations and that compliance requirements are met. The right choice of automation solution detects changes in the network that collide with the current micro-segmentation setting, immediately suggests policy changes based on this information and, if desired, automatically validates and enforces them – ensuring strong security and continuous compliance without the need for complex, manual support.
Automated auditing and compliance
With ever-tightening regulations governing information processing and security, organizations must meet much stricter audits of security policies and controls to maintain their compliance posture. While regulatory and internal audits cover a broad range of security checks, the firewall is featured prominently since it is the first and main line of defense.
Ensuring and proving compliance typically requires significant organizational resources and budget and with the growing litany of regulations, the cost and time involved is increasing rapidly. Manual audit work takes a significant amount of time to product a report for each firewall in the network and as networks grow in complexity, auditing quickly becomes a colossal task. Automating the firewall audit process is crucial as compliance must be continuous, not simply at a point in time. Network security management solutions automatically document all firewall and policy changes, and produce audit-ready reports – saving time and effort.
Making cloud migration a success
According to the latest Gartner research, 90% of its customers are using cloud services. It is a multi-billion-dollar revenue generator and one of the fastest growing market segments. But too often security seems to fall down the list of priorities during the migration process, causing damaging problems in the long run. A recent cloud security survey found that 75% of organizations stated they were ‘very concerned’ or ‘extremely concerned’ about it. 68% said they used two or more different cloud providers, which meant that security teams often have to use multiple native security tools and management consoles to try and enforce security and compliance across the different environments.
To ensure successful cloud migrations, organizations need to take a considered and gradual approach, understanding that the responsibility to manage the security and compliance of their cloud deployments still lies firmly at their door. This demands a deeper understanding of cloud security controls and how they connect and interact with to on-premise security devices – which in turn demands holistic visibility across both cloud and on-premise environments, and automation of network security management processes.
In the shadow of a challenging year, now is a good time to take stock of your network security processes, and ensure that you implement these best security practices for 2021.