igor - Fotolia
What's your opinion of the new Unisys appliance, which supposedly offers an "invisibility cloak" to hide sensitive network traffic using encryption to avoid man-in-the-middle attacks? Is it just marketing hype? What types of enterprises would most benefit from it?
I think the Unisys Stealth invisibility cloak technology is very intriguing -- what better way to keep prying eyes off of your sensitive information? Malicious insiders, external hackers attacking via the malware they've installed on your network, and government spies wouldn't stand a chance and they know that.
The technology works by encrypting and then dispersing the communications stream before it's transmitted to its destination. The source and destination are hidden, and presumably no one will be able to capture all parts of the network session. Pretty ingenious. However, there's another side to this story -- so let me tell you what I really think.
On any given network there are countless security basics -- proven wins -- that have yet to be addressed, including:
- Weak passwords
- Missing patches
- Open network shares
- Mobile devices with zero protection
- Weak wireless network encryption
- Cloud services being used without IT's consent
- No system monitoring or event correlation
These are the things criminal hackers, rogue employees and government spies are going after to exploit network communications and access sensitive information.
Sure, there are plenty of organizations (such as government contractors and manufacturing and software development companies) that could benefit from the Unisys technology. Yet only after organizations have shored up all of their own low-hanging fruit (such as third-party patching and penetration testing of all critical Web applications) does it make sense to implement such a technology. In other words, criminal hackers both outside and inside your network can still find and exploit these flaws regardless of how secure any network communication sessions are.
Everyone has their own opinion on this. Many people wouldn't dare believe that fixing the basics would possibly offer any great benefit toward minimizing information risks, but based on what I see in my work and what I've read in the breach databases, I beg to differ.
So what is the secret to ensuring secure network traffic? Rather than chasing the fascinating minutiae, why not fix the fixable that's causing the problems? Well, the 80/20 rule was developed and is followed by successful businesses for a reason. I say fix the fixable, then chase down the minutiae once everything else is near perfect and you have nothing else going on.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your question now via email! (All questions are anonymous.)
Read Kevin's advice on defending the enterprise from password hacking
Watch Kevin's video on vulnerability assessments
Learn how to monitor user activity with network analyzers
Dig Deeper on Real-time network monitoring and forensics
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading