| |||||||||
| |||||||||
Current Filter: >>>>>> The cloaked network Editorial Type: Opinion Date: 05-2016 Views: 1283 | |||
| Jason Garbis, VP of Products at Cryptzone, claims that traditional network security is failing, and that it is time to take a new approach Cybercrime has changed. Traditionally, skilful hackers would monetise the information they stole but now cybercrime is a full-blown money making industry. Intelligent and talented people are recruited with hierarchy, R&D, talent acquisition and infrastructure. Cybercrime is not going away, it's getting more sophisticated - and that means increased threats. Staying ahead of hackers is essential, but all too often traditional network security tools like VPNs, next generation firewalls and network access control solutions fail. While these tools can perform an adequate job of authenticating users and providing them with access to authorised network resources, they fall short because they operate at a segment level, controlling user access to an entire network segment exposes hundreds of hosts, in an all-or-nothing fashion. Organisations often attempt to address these issues by deploying multiple security tools resulting in a patchwork of silos, each one only solving a minor part of the broader challenge. This in turn creates increasing levels of administrative overhead that require extensive manual activity, and typically these tools only provide coarse-grained security, doing nothing to prevent malicious or insider actors from accessing unauthorised resources, stealing credentials or conducting successful phishing campaigns. It's time to take a different approach. To combat today's threats in our 'connected-everywhere from anything' world, a new security model is needed. This new model must focus on securing the entire path from the user to application, device to service, on a one-to-one basis.
ELIMINATE IMPLICIT TRUST It's not difficult to understand how studying context and behaviour can improve network security. If a user authenticates from an unknown device in Russia or the Far East when they normally connect to the network from a PC in the US office, it should be fairly obvious that the risk profile has changed significantly. Meanwhile, and regardless of circumstances, any attempt to open a confidential document or carry out a high-value transaction should face more scrutiny than more routine types of activity.
SECURE NETWORKS BY CREATING A SEGMENT OF ONE If, for example, a user is connecting to uncontrolled data on a public web server, then the system may simply require single-factor authentication to grant access. However, obtaining administrative access to a key customer database may require much stronger validation, such as ensuring that the user is logging in from a company-managed device on the corporate network, has passed a multi-factor authentication challenge and has proper client-based anti-malware software running. Using this approach, IT teams can dynamically create a segment of one between the user and the network resources that they are entitled to access. Thus, network access is proportional to the security context the user presents. The more valid context they can offer, such as physical presence on a company network, one-time-passwords, or certificates, the more network resources they will be able to access. Essentially the network is made invisible by cloaking the full network and only granting visibility and access to the applications and services that users need for their work. As a result, this new approach ensures that each user' network access entitlements are dynamically altered based on who they are, the network, and the application service context. NC | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |