Current Filter: Security>>>>>Masterclass>

   

It's an unfortunate fact and one that modern organisations need to come to terms with: data breaches are inevitable. Cyber security simply isn't working anymore, and organisations must recognise that breach detection and protection alone aren't enough to keep the hackers at bay.

The attention now has moved to breach containment, a strategy that focuses on blocking lateral hacker movement and limiting breach scope. This requires organisations to think altogether differently about their security architecture design. Instead of concentrating solely on building walls to keep people out, the focus needs to be on containing the breach and minimising the extent of it by building walls between different parts of the infrastructure.

This, in turn, will combat the 'data breach blindspot', which represents a common attack vector used in all the recent major data breaches. Universally, hackers compromise a single enterprise user and are then able to get past firewalls and hop from internal system to internal system, undeterred by threat prevention or detection systems.

Many organisations currently don't have the necessary security strategies in place to stop this from happening, creating a vulnerability caused in part by the following:

• User behaviours and the proliferation of new smart devices, which involves users regularly bringing personal devices and applications into the enterprise environment, outside the control or awareness of the traditional IT department (Shadow IT)
• Business relationships that no longer recognise or respect the traditional enterprise perimeter, such as supply chain members, contractors and professional services firms having access to applications within the firewalled perimeter as a way to streamline interactions, collaboration and routine business processes.

SOFTWARE-DEFINED SEGMENTATION
For most IT experts, the logical approach to creating micro-segments would start at the network layer. However, putting aside the proven frailty of the network infrastructure, the main limitation lies in the rigidity of the strategy; each time a change is made to an access control list, IP address or subnet, there is a risk of opening the door and enabling hackers to bypass the firewall. Instead, the focus should be on users and applications, and users only be given access to the data needed to do their job. Building on the existing policies for user access and identity management, organisations can use cryptographic segmentation to ensure only authorised users have access to the applications they need to do their jobs.

LIMITING THE SCOPE
With this software-defined security approach, it is possible for organisations to narrow the scope of a breach to a small, contained area, rather than creating a system wide disaster, and, essentially, remove the need to build new security policies into the network infrastructure.

Additionally, as and when a breach is detected, the segmentation policy means an organisation has immediate visibility into the extent of the breach - enabling a targeted, rather than system-wide, lockdown, and allowing a far more confident and measured response to media, shareholders and customers.

When research reveals that financial services companies can take up to 98 days to detect intrusion on their networks, and 197 days for retail companies, it's clearly time for organisations to make a change. What's worse, an estimated 95% of breaches occur as a result of a user being compromised (2015 Verizon Data Breach Investigation Report). It is only by deploying an effective breach containment strategy, following a software-defined segmentation approach, that organisations can truly keep a breach under control.

Learn more at CertesNetworks.com