Related
Third-party risks: does your supplier comply?
Alexey Parfentiev 19 Dec 2019
Is 2019 half empty or half full?
26 Jul 2019
PAM vs. PUM
9 May 2019
Simon Campbell-Young, CEO of Phoenix Distribution, says today, because a businesses' employees are as likely to be inside the wall as outside of it, perimeter security is no longer effective. "Network security traditionally made use of intrusion detection and firewalls to keep undesirable elements out. Intrusion detection would pick up attacks or malware, and blacklist their sources to prevent them from being used again."
Unfortunately, he says this sort of security is a catch-up game, with the threat actors always one step ahead. "Cyber criminals are innovating and designing new threats faster than the info sec community can hope to keep up with. They are extremely clever and are writing new threats, with cunning algorithms that make attacks highly difficult to identify and mitigate against."
According to Campbell-Young, even signature-based security is failing. "Malware is rarely used more than once, so a signature that is created by a security vendor aimed at protecting individuals against an exploit that has been detected, is pretty much redundant once it's been issued. In addition, malware authors are known to tweak their samples to make sure they slip through the net and evade detection."
Along with the degradation of the perimeter, BYOD, mobility and the cloud have undermined control of security itself. "Too many of today's solutions are disparate and fragmented, each providing control and visibility of their tiny chunk of the network, but without a single, consolidated view of what is actually happening on the network and with Internet traffic itself."
He says this is leading to endpoints outside the perimeter being sitting ducks, unprotected, and potentially leading to a cataclysmic disaster if something is not done to protect them.
Today's businesses need to rethink security, and adopt an approach that is proactive and agile, he says. "This method needs several basic capabilities. Firstly, it has to be able to recognise any activity or anomalous behaviour that might be heralding a potential attack, even if the attack is of an unknown variety, and it must be able to pinpoint the type of behaviour that is indicative of an impending attack."
In addition, he says the solution must protect the company network by blocking threats on all endpoints, and not only the ones within the perimeter, but the ones outside too. "What is needed here is good enforcement at the Internet layer, blocking all threat requests regardless of port, protocol, and application."
Finally, the solution must be flexible, scalable and capable of evolving to meet the changing security needs. "It must be intuitive enough to adapt to changes in a threat actor's approach, vectors and methods. Updates must be instant, and automated, taking the pain out of downloading and applying patches."
Ultimately, Campbell-Young says companies that are looking to the future can no longer afford to play catch up, and realise that a defensive approach is inadequate. "They need to have the proper tools in their arsenal, and security that is designed with mobility and cloud in mind."