Partner Perspectives  Connecting marketers to our tech communities.
12/7/2015
01:58 PM
Michael Sentonas
Michael Sentonas
Partner Perspectives
100%
0%

Perimeter Inversion: Turning Digital Security Inside Out

We need security solutions that are designed from the ground up to operate in today's dynamic environment.

The idea of a network perimeter is quickly morphing into something more complicated. We work outside of the corporate network on our own devices, storing and moving things through clouds of applications, storage, and service providers. How will security change in the next few years to adapt to this new reality?

Almost since its inception, digital security has followed a perimeter model, which may seem like the Maginot Line of cybersecurity. We are spending more and more time outside the firewall, so we need to think beyond it. At the same time, attackers are finding new vulnerabilities to get under the walls, developing new techniques to get around them, and finding softer targets with valuable assets to compromise. With the wide scale adoption of server virtualization and cloud computing, the concept of an enterprise data center has evolved into private and hybrid clouds that span on-premises and cloud-hosted servers in a seamless fashion.

The new security model needs to follow the data and users, as well as their devices and services. This does not mean that security will be completely cloud-based, with no on-premises component. Cloud computing and storage will still incorporate a perimeter and access approach, as will the data center. The data center needs to shift focus from servers to applications and data, which move in a dynamic manner with decreasing emphasis on location or ownership of hardware. But it will have to augment this with multiple vantage points of traffic flows, analytics, and collaborative intelligence. Encrypted communications make it difficult for firewalls to inspect individual traffic flows, increasing the importance of multiple perspectives.

This is strikingly similar to the physical security world we find around us. Attackers are not defined by physical borders, so defenses need a much higher level of collaboration, large volumes of intelligence, and powerful analytics to pull insight out of the noise and chatter.

Real-Time Security

The key to successful security operations in the new data center is real-time dynamic provisioning and orchestration. Security must follow the data, follow the application, and follow the user. One approach is a dynamic perimeter that forms around every flow. The network is no longer static or deterministic; it has become fluid, and security needs to be agile. This means implementing cloud security solutions that can redirect flows between endpoint devices and applications for inspection, analysis, and prediction. These solutions need to ask, “Is this normal activity between this device/location/user/application?”

With mobile users and IoT devices connecting directly to the cloud, the new model means securing the channel between endpoints and applications, not just with encryption but by watching out for attacker redirection and man-in-the-middle attacks that could disrupt devices or data enough to affect your operations. Encryption and tokenization become critical when corporate data is stored on shared resources in hybrid or public clouds. Data must be secured both at rest and at all points of the flow to protect it from hardware or virtualization exploits. Identity and policy management will become extremely important in such a dynamic environment, defining and enforcing policies that prevent sensitive information such as personally identifiable data or health details from straying outside of secure locations and devices.

Another approach of real-time dynamic provisioning and orchestration is shrinking the perimeter around each individual device, forcing the devices to protect themselves. Many devices will not have the compute power necessary to do this, requiring a mix of hardware-enabled trust and cloud-based processing.

Perhaps the most important part of this new security model is the analytics necessary to put together multiple observations from different agents at varying points in the cloud into a cohesive picture that can differentiate signal from noise, without an overwhelming number of false positives.

An interesting analogy to this method is how airplane flight control systems were developed. Different developers in different locations using different languages and algorithms running on different hardware developed systems for the same set of controls. In operation, only when multiple systems were within tolerance would the airplane actually take action. In security, this approach not only reduces false positives, it makes it far more difficult for attackers to develop threats that can evade the detection algorithms because multiple are in use at any time.

We need to build security solutions that are designed from the ground up to operate in this new dynamic environment: Multiple perimeters, hardware-based trust, and cloud-scale analytics fuelled by large volumes of shared threat intelligence must enable local and cloud-based agents to detect and disrupt attacks at machine speeds. 

Michael Sentonas is the Chief Technology and Strategy Officer, APAC for Intel Security. Michael has been with the company for fifteen years, previously holding leadership roles such as VP and Chief Technology Officer of Security Connected, VP and CTO for Asia Pacific and, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RobertQ007
50%
50%
RobertQ007,
User Rank: Apprentice
12/15/2015 | 4:29:15 PM
Time for the cloud-DMZ?
The concept of a dynamic cloud perimeter is very appealing when faced with mobility and hybrid cloud.  Create the cloud-DMZ once and have all access go through it regardless of where the users, enterprise apps and data lie.  Better yet if the "on-prem" components can effectively take the enterprise infrastructure off the Internet completely and the cloud-DMZ becomes the new LAN.

Unfortunately, the idea that enterprises can "extend-the-perimeter" by establishing trust with user and devices doesn't work in the new outside-in world where all users are accessing internal company data and application from the Internet.  With exploits like the recent StageFright, the reality is we can never be sure that trust, once established, has not been compromised.
hojtfredrik
50%
50%
hojtfredrik,
User Rank: Apprentice
12/10/2015 | 7:58:32 AM
Distributed networks
The future will be even more complicated. There is no one single model for applications and no more private networks. Depending upon the application you will need to communicate with clouds, data centers, devices, mobiles, IoT. etc. Roaming between different access networks with different Quality of Service. With bandwidth becoming a very limited resources with billions of new connected devices. And many devices, IoT and applications will communicate directly peer-2-peer without any cloud connection. Why should a key app to your car have to communicate with a cloud somewhere? It would only open for Man-in-the-Middle attacks, DDoS failures, etc.  as well as require unnecessary bandwidth usage.

Security can no longer be peripheral as pointed out here. It must be application, user and situation dependent. And asynchronous to provide reliable transport mechanisms. 

This all means new architectures and methods, that will vary between application types. And yet it has to be simple to develop, implement and maintain, otherwise it will not be used. An open field for innovation and startups like apptimate.io.

 
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.