Current Filter: >>>>>>

   

Cybercrime has changed. Traditionally, skilful hackers would monetise the information they stole but now cybercrime is a full-blown money making industry. Intelligent and talented people are recruited with hierarchy, R&D, talent acquisition and infrastructure. Cybercrime is not going away, it's getting more sophisticated - and that means increased threats.

Staying ahead of hackers is essential, but all too often traditional network security tools like VPNs, next generation firewalls and network access control solutions fail. While these tools can perform an adequate job of authenticating users and providing them with access to authorised network resources, they fall short because they operate at a segment level, controlling user access to an entire network segment exposes hundreds of hosts, in an all-or-nothing fashion.

Organisations often attempt to address these issues by deploying multiple security tools resulting in a patchwork of silos, each one only solving a minor part of the broader challenge. This in turn creates increasing levels of administrative overhead that require extensive manual activity, and typically these tools only provide coarse-grained security, doing nothing to prevent malicious or insider actors from accessing unauthorised resources, stealing credentials or conducting successful phishing campaigns.

It's time to take a different approach. To combat today's threats in our 'connected-everywhere from anything' world, a new security model is needed. This new model must focus on securing the entire path from the user to application, device to service, on a one-to-one basis.

ELIMINATE IMPLICIT TRUST
The first step is strong authentication, but context and behaviour is most important. Context such as the user location, device, OS, patch-level, time of day and virus protection among other factors, combined with behaviour while logged in, needs to be considered every time a user authenticates to the system.

It's not difficult to understand how studying context and behaviour can improve network security. If a user authenticates from an unknown device in Russia or the Far East when they normally connect to the network from a PC in the US office, it should be fairly obvious that the risk profile has changed significantly. Meanwhile, and regardless of circumstances, any attempt to open a confidential document or carry out a high-value transaction should face more scrutiny than more routine types of activity.

SECURE NETWORKS BY CREATING A SEGMENT OF ONE
Organisations must have the ability to hide everything on the network, including segments, hosts, services and applications, unless the user is specifically authorised to see them. And this authorisation must consider the user context as well as application service sensitivity.

If, for example, a user is connecting to uncontrolled data on a public web server, then the system may simply require single-factor authentication to grant access. However, obtaining administrative access to a key customer database may require much stronger validation, such as ensuring that the user is logging in from a company-managed device on the corporate network, has passed a multi-factor authentication challenge and has proper client-based anti-malware software running.

Using this approach, IT teams can dynamically create a segment of one between the user and the network resources that they are entitled to access. Thus, network access is proportional to the security context the user presents. The more valid context they can offer, such as physical presence on a company network, one-time-passwords, or certificates, the more network resources they will be able to access.

Essentially the network is made invisible by cloaking the full network and only granting visibility and access to the applications and services that users need for their work. As a result, this new approach ensures that each user' network access entitlements are dynamically altered based on who they are, the network, and the application service context. NC