These days, it seems like child’s play for anyone to get inside your network and see what you’re doing, what data you’re using and collect all your personal information. And it’s not only the Americans doing it.
Hi-Tech Security Solutions wants to know what the current best practices are when it comes to securing your IT infrastructure. It’s not only data and users that are at risk; in an IP world, your network infrastructure carries security data as well, which can be intercepted and used against you. So what do organisations do to secure their infrastructure?
We spoke to two experts in the field, Andy Robb, chief technology officer at Duxbury Networking, and Greg Griessel, consulting systems engineer – security, Cisco South Africa, and asked them to enlighten us.
Hi-Tech Security Solutions: What are the greatest threats to your IT infrastructure?
Andy Robb: Threats to the corporate IT infrastructure are boundless; they come from both within and outside the organisation. Perhaps unsurprisingly, unauthorised employee access has become the number one concern for enterprises today. This is because malicious intent and the resultant loss of confidential data can lead to significant financial losses.
Paradoxically, in this light, the greatest threat to the corporate IT infrastructure and its data assets often comes from the owners of the infrastructure themselves. Through their oversights, appropriate security procedures may not be implemented. They allow disparities in system configurations and ignore proper authorisation and authentication processes, which leave their organisations vulnerable and open to attack.
They also tend to display ignorance when it comes to the existing security tools already built into network components and elements. These tools are readily available to secure the infrastructure, requiring only to be enabled and integrated into a security strategy.
Greg Griessel: The enterprise network today no longer sits within the castle walls. Employees and new business models today demand access to enterprise resources via more mediums and from differing places than ever before – by personal laptop from home networks, by tablets, and by smartphones from public Wi-Fi and service provider networks. CIOs have found themselves in a particularly challenging position thanks to an array of technology innovations flooding the modern workplace.
The influx of such technology innovations has resulted in a notable shift in employee attitudes. The modern worker has become so accustomed to the ease-of-use of their own personal devices that they see no reason why they can’t use these tools for work as well as for play. In allowing workers to bring their personal devices into the workplace, the term ‘bring-your-own-device’ (referred to as ‘BYOD’) has come to inspire a new debate occurring in various industries.
Traditional security solutions are often distributed and deployed in larger numbers across the entire enterprise network – from wired to wireless to remote access. This is unsustainable. Maintaining network security and operational efficiency in today’s distributed enterprise networks demands new technology that takes a holistic approach to network access security. Threats and vulnerabilities are as likely to come from within the organisation as much as from the outside.
Now also consider that the threat landscape is changing. Just 10 years ago, we were focused on less sophisticated attacks like Blaster and Slammer and simple phishing emails. Today we have agile actors who are increasingly well funded, and who are consistently improving their approaches for attacking us. But today, think about how much more sophisticated the attackers are they are going on to social media sites, they are studying very detailed information about companies and their employees and then sending targeted emails to people to click on a malicious link.
What is required is required is a multi-layered architecture that provides pervasive security across the entire attack surface.
Hi-Tech Security Solutions: In this world of NSA intrusions and Web or mobile access to everything, is it realistically possible to protect your infrastructure from unwanted visitors?
Andy Robb: It is possible is to take great strides towards tightly securing the corporate infrastructure if security is approached from an architectural perspective. This entails having onion layers of protection. There is no silver bullet.
A firewall, for example, represents a single layer of protection. The same can be said of a unified threat management (UTM) solution. Both are primary gateway defences.
However, as excellent as they may be, they need to be complemented by more sophisticated approaches such as proper authentication and authorisation on systems linked to the internal network. For example, encryption should be used for data entering and exiting the network – and even for internal data if this is deemed to be a requirement.
Physical security is also key, particularly in the data centre. Ensure it is ramped up to prevent employees and outsiders – anyone - from gaining access to removable media.
From a technical point of view, the data traffic management plane on the network should be separated from the operational plane. This can be achieved by using appropriate software systems which can also interface with systems able to capture network data and content and then analyse, correlate and report on it. This enables better decision-making, particularly when it comes to security.
Greg Griessel: The complexity of attacks is increasing therefore CIOs and CSOs really have no choice but to become more agile in deploying the most up-to-date countermeasures and working with appropriate parties to respond to attacks. In addition, today, security solutions need to be built to react rapidly. That said, technology can protect organisations in the new era of the increased attack surface, but policy and management will be equally critical in ensuring effective security. As well as deploying robust security solutions, organisations must ensure they also have strong policies and processes designed to protect the privacy of both company and interconnected information from other networks.
Hi-Tech Security Solutions: What do companies need to do to ascertain where their vulnerabilities lie and how to protect them? Should you even bother when employees are able to access just about anything from a smartphone – the same device into which they download personal apps?
Andy Robb: The first step towards putting a good security system in place is to identify your vulnerabilities. This entails identifying sensitive data, ascertaining its value and understanding where it is stored.
If there is a BYOD (bring your own device) scenario within an organisation, data vulnerability is heightened. Another onion layer in the form of a BYOD security strategy needs to be implemented incorporating mobile device management. This should allow BYOD users to gain access only to a virtual desktop, permitting them to work with corporate data but not allowing the data to leave the organisation via the device in question.
Greg Griessel: An integrated and cohesive approach to security will relieve the burden on the security team when reacting to Indicators of Compromise in the network and providing greater visibility into the context of device.
Take for example the system sees that it is behaving rather differently to its normal behaviour. Very often, the security team would see an alarm and an IP address of the device exhibiting issues. Signalling this to a policy management and control platform for wired, wireless, and remote access such as the Cisco Identity Services Engine (ISE), we can now very easily determine:
* Who the user is,
* What type of device they are using,
* What operating system,
* Where they are in the network, and
* How they are connecting.
All of which provides a fast start to remediate the possible issue. This is particularly useful when you consider the number of devices coming into the network and the burden on the security team.
Hi-Tech Security Solutions: Is protecting your infrastructure a matter of buying a bunch of products or is there a solution that does it all? Or is it more a matter of changing your business procedures to limit your vulnerability?
Andy Robb: Back in the day, before the advent of virtualisation and cloud computing technologies, security was far simpler. Access to data was limited to those within the network firewall and denied to those outside it. Today this boundary is not nearly as clearly defined. In fact, it does not exist anymore. Boundaries are blurred, which is why different levels of protection – via the onion layer method – are so important.
Today, vulnerabilities lie in many aspects of the corporate infrastructure. This is evident by the increasing incidents of phishing and the activities of botnets – networks of compromised computers that can be remotely controlled by an attacker used to initiate denial of service attacks and launch barrages of spam e-mails.
As a result, protecting the corporate infrastructure now involves a combination of products and solutions. It begins with an in-depth understanding of business processes and then evolves into the application of these processes to the point where they are in line with the requirements of the latest security solutions. Compromises may have to be made. For example, if it is determined that it is too risky to allow remote users to access the network, perhaps there is a business process that can be adopted as an alternative. Such as the establishment of branch office data repositories in which data is more easily secured on behalf of remote users.
Greg Griessel: Yes, there are single solutions. For example, Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security and streamline their service operations. The unique architecture of Cisco ISE allows enterprises to gather real-time contextual information from networks, users and devices. The administrator can then use that information to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways and data.
ISE offers a centralised control point for comprehensive policy management and enforcement in a single RADIUS-based product from Cisco. It starts with rigorous identity enforcement that includes the industry-first automatic device feed service to keep the profiling engine up to date with the latest smartphones, tablets, laptops and even specialised network-enabled devices used in retail, healthcare and manufacturing industries.
ISE helps IT professionals conquer enterprise mobility challenges and secure the evolving network – now and in the future. It is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless and VPN connectivity. It offers an easy on-boarding experience for BYOD and guest workers, so that personal devices can be secured and granted access via a simple self-service portal and meet security policies.
For comprehensive device security, ISE offers a seamless integration with market-leading Mobile Device Management (MDM) platforms for policy compliance. Even better, ISE can be provisioned to give workers the option to provision MDM on their devices for full company access or refuse MDM and receive only Internet access. Cisco ISE is primarily used to provide secure access and guest access, support BYOD initiatives, and enforce usage policies in conjunction with Cisco TrustSec.
Hi-Tech Security Solutions: What are the best practices when it comes to protecting your infrastructure?
Andy Robb: Simply adding hardware systems to bolster security on a piece-meal basis is not the answer. Throwing tin at problems will not resolve them. There has to be a foundation on which security systems can be built, using the architectural approach to protecting digital assets and the infrastructure going forward.
Enabling layer upon layer of security makes it exponentially more difficult for an intruder to enter the network. Soon the intruder may only be motivated by a risk versus reward consideration.
Unless we’re talking about a banking or similar institution, there may be too much risk involved in trying to bypass multiple layers of security for what is perceived to be too little reward.
Greg Griessel: As stated previously, technology can protect organisations in the new era of the increased attack surface, but policy and management will be equally critical in ensuring effective security. As well as deploying robust security solutions, organisations must ensure they also have strong policies and processes designed to protect the privacy of both company and interconnected information from other networks. Today’s enterprises will also need to undertake some important action items to ensure enterprise security:
1. Assess the totality of their network. Know where the IT infrastructure begins and ends. So many enterprises simply have no idea of the entirety of their network. Also, know what normal is so they can quickly identify and respond to a problem.
2. Re-evaluate acceptable use policy and business code of conduct. Get away from the laundry list approach with security policies. Focus only on the things the organisation knows it must and can enforce.
3. Determine what data must be protected. Companies cannot build an effective Data Loss Prevention (DLP) programme if they don’t know what information in the enterprise must be secured. They also must determine who in the enterprise is allowed to have access to that information, and how they are allowed to access it.
4. Know where the company’s data is and understand how (and if) it is being secured. Identify every third party that has permission to store the company’s data – from cloud providers to email marketers – and confirm that your information is being secured appropriately. Compliance requirements, and now the trend in cybercrime toward ‘hack one to hack them all,’ means enterprises must never assume their data is secure, even when they put it in the hands of those they trust.
5. Assess user education practices. Long seminars and handbooks aren’t effective. Younger employees will be more receptive to a targeted approach to user education, with shorter sessions and ‘just-in-time’ training. Peer training also works well in today’s collaborative work environment.
6. Prepare for the inevitability of BYOD. Organisations need to stop thinking about when they are going to move to a BYOD model and start thinking more about how.
7. Create an incident response plan. IT-related risk should be treated like any other business risk. This means enterprises need to have a clear plan in place to respond quickly and appropriately to any type of security event, whether it’s a data breach resulting from a targeted attack, a compliance violation due to an employee’s carelessness, or an incident of hacktivism.
Purview, by Extreme Networks
Purview from Extreme Networks, is a new software solution designed to enable better decision-making and improved business performance together with protection against malicious or unapproved system use.
Distributed in South Africa by Duxbury Networking, Purview captures network data and content and then is able to analyse, correlate and report on it. It is able to leverage technology to bridge the gap between IT network management, security and business intelligence through a single integrated view.
Purview ensures the integrity of corporate networks by integrating with network data that carries context relating to users, devices, locations and applications in use. It is designed to transform the corporate network from a medium for connecting users, applications and devices into a strategic business asset.
It achieves this by enabling the mining of network-based business events and strategic information. It performs its tasks from a centralised command centre, allowing users to optimise their networks for every application, enhance security for these applications and provide data for business analytics.
From a security perspective, Purview provides users with control over applications and websites – including related sub-websites – resident in all parts of the network, from the wired or wireless edge all the way through the core and data centre, as well as application traffic from the enterprise to private and public clouds or any other service on the Internet.
This deep level of insight provides visibility into application use across the network, and is geared to help organisations in four ways:
1. To improve the experience of connected users;
2. Enhance understanding of user engagement;
3. Optimise application performance; and
4. Provide security protection against unauthorised intrusion.
Tel: | +27 11 543 5800 |
Email: | [email protected] |
www: | www.technews.co.za |
Articles: | More information and articles about Technews Publishing |
© Technews Publishing (Pty) Ltd. | All Rights Reserved.