Industry Trends

Turning Network Security Inside Out

By Ronen Shpirer | June 06, 2016

Over the years, network security solutions and deployment has been built on the assumption that threats originate outside the enterprise network – trust was put in the internal network, while security was mostly deployed at the perimeter to provide protection from the outside threats and hackers.  While security infrastructure has evolved to reflect the evolution of threats and technology, its deployment remained focus around the perimeter. However, breach analysis information shows that a significant number of threats have been entirely overlooked. According to the Verizon 2016 Data Breech Investigations Report, internal threats account for nearly 20 percent of enterprise attacks. And other industry sources indicate even higher rates, depending on the definition of internally originated attacks. It could be the result of employees “lending” their log-on credentials to visiting guests, bringing infected USBs into the workplace, receiving compromised data from a partner or vendor, or disgruntled employees. 

Until recently, many companies have been relatively blind to what’s going on inside their network. By adopting an inside-out perspective, organizations can ensure security is a holistic, end-to-end solution. 

Take a big-picture view: The first step is to understand the source—the many different ways an internal threat can originate. We operate in a business environment that is much more fluid and mobile. The impact of BYOD is exponential as employees may use a smartphone, tablet, desktop, and laptop at any time to access their corporate network, applications and data. Add to that the number of applications, which may or may not be secure, on each of those devices. Then factor in the number of partners and vendors you share data with, and the vulnerabilities of their networks due to the same issues of devices and applications. Whether intentional or not, the sources of internal threats are extensive. To tackle these issues, companies need clear security visibility across the entire network to view and detect threats and abnormalities in the flow of information. 

Develop user-profile security policies: While your view of the threat landscape is at the 30,000-foot level, your policy needs to be granular, at the user level. Develop security policies that account for different profiles of user groups: who they are, what they regularly need access to, where they are physically located, what device are they using to access the network, and what applications they need to access. For example, your finance teams will likely need different information and applications than your sales teams. By creating and enforcing these detailed user profiles by your security infrastructure, you can limit hacker’s access to resources and the damage that could result from the misuse of legitimate credentials to access unauthorized information.  

Create trust zones: Within the network, companies can security segment physical segments that create secure areas for users and sources to interact.  In these designated areas, people can share certain types of information and access certain applications and data. Any communication between these trust zone will be segmented by a firewall, enforcing the user-profile security policies and deploying a range of advanced security services to detect and protect against threats and hackers.  Deploying these internal segmentation firewalls provides visibility into the internal network traffic – which can be used to enhance zero day attack mitigation and overall security posture.  

Consider a security “blanket:” End-to-end security solutions offer a variety of benefits that protect companies from unintended gaps in security. These fabric-based solutions enable the various elements to share information and detect threats from inside or outside the network. For example, the internal segmentation firewall can integrate with sandbox to provide a rapid and sophisticated advanced threat protection. Another benefit is the ability to run a single, consolidated reporting view across the breadth and depth of the network so that you have intelligent, actionable information. 

To adopt this inside-out approach, you don’t have to entirely redesign your network. What was once complex and costly can now be achieved in a seamless, cost-effective, strategic approach. For more information, please join me at Infosecurity Europe on 8 June at Olympia London.