Network perimeter security in a perimeterless world
This Security School is a free multimedia learning guide designed to help you understand and address the strategic and tactical implications of this topic.
SECURITY SCHOOL SECTIONS
Cybersecurity borrows many concepts and ideas from the military, intelligence, medical and physical security worlds....
Many times these concepts can help, but sometimes they mislead. The concept of the enterprise perimeter is a case in point.
Originally, security architectures were predicated on the notion that network perimeter security could be established on the "inside" (private circuits, servers, routers and devices residing on a user's premise that security professionals control) and protected against threats from the "outside" (public networks and off-premises devices). The demarcation between inside and outside is, of course, the enterprise perimeter. Specifically, network perimeter security was enforced by the line of firewalls and other protective devices that physically insulated a company's presumably secure infrastructure from potentially insecure public devices and services.
But these days no such separation exists between inside and outside an enterprise perimeter. Users are increasingly located off-premises, connecting via the public Internet or mobile devices and services. Corporate data and applications often reside in the cloud. And, most of all, it's no longer appropriate to assume that those on the inside are protected by traditional network perimeter security: Insiders perpetuate many hacks on their own organizations, either wittingly or as unwitting mules carrying sophisticated malware.
What's needed is perimeterless protection: an architecture that protects users, applications and assets wherever they reside, without reference to an enterprise perimeter. This protection must hold against long-term, multifaceted attacks like advanced persistent threats (APT).
There are a number of key building blocks required in this architecture.
Produce effective network perimeter security
- Data loss prevention (DLP)
DLP products and applications, the first of the key building blocks, are available as hardware appliances, software applications and cloud-based services. They monitor structured data (databases, spreadsheets) as well as unstructured data (email, Word documents, multimedia files) to ensure that only individuals with the appropriate access rights view or modify this information. Had Sony pictures put an effective DLP system in place, the devastating hack could have been avoided. DLP product vendors include: Blue Coat Systems Inc., Cisco, Code Green Networks, GTB Technologies, McAfee, Sophos, Symantec, Trend Micro, Digital Guardian and Websense. Key functions to look for in DLP products include real-time performance, comprehensive support for a variety of file formats, protocols, languages (not all documents are in English!), ease of management and configuration, and effective integration with policies.
- Secure Web gateways
Like DLP products, secure Web gateways (SWGs) are available as hardware appliances, software applications and cloud-based services. The difference between DLP and SWG is that while DLP offerings monitor a company's assets to protect against inappropriate viewing, modification or sharing, SWGs monitor traffic to protect against the introduction of malware. SWGs are available from such vendors as Barracuda, Blue Coat, Cisco, McAfee, iSheriff, Sophos, Symantec, Trend Micro, Websense and Zscaler. Key features to look for in these products include real-time performance, range of protocols supported (IPSec and SSL are table stakes), sandboxing, integration with social media and support for mobile devices.
- Security analytics products and frameworks
Analytics tools are an outgrowth of the security information and event management (SIEM) product market. Like SIEM tools, security analytics products aim to uncover security events as they occur, ideally in real time. Unlike these tools, modern security analytics tools are often based on contemporary big data technologies, such as Hadoop. They typically integrate with a range of devices and products to provide ongoing analysis of an organization's security status. Vendors of security analytics products include Agiliance, Blue Coat, Damballa, FireEye, Guidance Software, HP Arcsight, IBM, Lastline, LogRhythm, McAfee and Splunk. Key features to consider with such products include real-time integration with online data sources (a critical way to stay up-to-date), real-time performance and alerting, and remediation capabilities.
The bottom line
The enterprise perimeter has vanished. And the emergence of a perimeterless world means that security professionals need to rethink their security architectures, removing the assumption of network perimeter security. This, in turn, means assessing new products and frameworks, and focusing attention on how to seamlessly integrate them.
See how strategies for wielding data loss prevention systems can help protect sensitive data
Learn how to evaluate and implement secure web gateways
Find out more about six key criteria for evaluating security analytics software