CIO upfront: A war on two fronts - tackling the security threats within your network
- 12 October, 2017 06:30
CIOs are trusted first and foremost with keeping their organisation’s networks secure. While the task has always been an onerous one, at least we could rely on the knowledge that these threats were coming from one place – outside the network.
Traditionally, network security necessitates strong perimeter defence. Firewalls rose to fame with the promise of protecting the network perimeter and keeping the bad guys out. They sat at the boundary of the network, monitoring requests to enter, while everything on the inside of the network was trusted. That’s no longer enough.
With the rise of the Internet of Things (IoT), CIOs and CISOs are now finding themselves in the unenviable position of fighting fires from both outside and within the network.
Network, meet IoT
Before year’s end, Gartner estimates there will be 8.4 billion IoT devices in the world – exceeding the total human population for the first time ever. This figure is expected to exceed 20.4 billion by 2020.
Allured by the productivity and mobility gains offered by the IoT, many organisations are jumping headfirst and leaving security by the wayside. They’re failing to consider the huge impact that fleets of connected devices will have on maintaining a secure and reliable network.
In fact, recent Nemertes research found that less than 12 per cent of IT decision makers count IoT among their top security concerns. This is alarming when we consider the series of high-profile IoT breaches that have made headlines in the last 12 months – the most notable being the Dyn botnet attack. By infecting tens of millions of IoT devices including cameras, the botnet went on to launch a Denial of Service attack and take down global brands Twitter, PayPal and Amazon.
The ease and speed at which huge volumes of devices were infected in this instance, illustrates another, more acute threat for CIOs; attacks from within the network. The potential for attackers to not only bypass the most sophisticated perimeter security and use IoT devices to carry malware into a network, but then (once inside), infect critical systems and gain access to confidential information.
The danger is in underestimating the impact of one IoT device in a connected, network environment. Whether it is a well-meaning employee unknowingly bringing an infected personal device into your network, or a hacker breaching an unsecured device like a smart thermostat or conferencing system, your perimeter is no longer a deterrence. It should go without saying, then, that relying solely on perimeter security is now obsolete.
Still, investment in this approach is showing little sign of slowing. Gemalto found that 94 per cent of IT executives today still believe perimeter security is quite effective at keeping unauthorised users out of their network. If this is the case, it is only a matter of time before New Zealand businesses are hit with the next major security breach.
The good news is that as the rate of innovation in connected devices and IoT-related security threats has accelerated, so too has innovation in network security. As it has become near-impossible for CIOs to manually monitor and respond, they have the ability to call upon a new breed of automated security to fill the void.
The danger is in underestimating the impact of one IoT device in a connected, network environment.
Leave it to automation
Until now, security policy changes and upgrades in the typical network operations environment was done manually, taking days or even weeks to execute and allowing more than enough time for sensitive data to be breached.
For years, network automation has allowed businesses to control and manage repetitive processes by automating the configuration, management, testing, deployment, and operations of physical and virtual devices within a network. To the relief of today’s CIOs, this capability is now being extended to security and compliance.
But before anything, the first challenge is to gain a solid vantage point over what devices (sanctioned and unsanctioned) exist on your network, how they are being used, and by whom. After all, it is impossible to protect what you can’t see. To do this, an organisation’s security systems must be capable of mining data from each and every node and device in the network.
When you’ve understood what data is flowing in and out of your network, automation allows known and unknown threats to be detected faster, as they evolve, by leveraging threat intelligence from multiple sources including third-party feeds, and tapping into the power of the cloud. Network security can adapt to real-time threat information so that security policies are enforced consistently across every device in the network, even in a global enterprise, and without requiring a system administrator to approve and neutralise the threat.
Once discovered, network automation offers the added protection of quarantining a compromised device from the broader ecosystem to prevent the malware from spreading. In a world where bad actors constantly seek out weaknesses to exploit, this is a welcome innovation.
So, for the businesses not yet taking IoT security seriously, it is time to ask: do I have visibility over how IoT devices are running on my network? Is my network capable of quickly and automatically quarantining threats at the device level? And if not, why am I leaving my network’s security to chance?
Ash Halford is director of systems engineering at Juniper Networks Australia and New Zealand.
Send news tips and comments to firstname.lastname@example.org
Follow CIO New Zealand on Twitter:@cio_nz