Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Ariel Zeitlin
Ariel Zeitlin
Connect Directly
E-Mail vvv

Breaches Are Inevitable, So Embrace the Chaos

Avoid sinking security with principles of shipbuilding known since the 15th century.

If you consider cybersecurity breaches to be the "new normal," you're in good company. A recent survey conducted by Kaspersky Lab revealed that 86% of 250 top security officials who participated believe that cybersecurity breaches are inevitable. The complexity of today's cyber environments guarantees that every company is on a path to a breach. Cloud adoption that leads to hybrid environments spread across different locations and teams, the use of containers, a permeable perimeter — all these factors broaden the attack surface and challenge our existing approach to managing threats.

Shipbuilders Expect Failure and Plan for It, and You Should Too
The security industry clearly could be doing more regarding breach management. Though we spend billions of dollars and likely prevent lots of bad stuff, the number of high-profile breaches causing devastating damage is constantly increasing and, with it, the exponential growth of exposed records and sensitive customer data. And why? Because unlike other industries, we fail to plan for failure.

Take shipbuilding, for example. Shipbuilders have engineered their systems for failure by, among other things, segmenting the hulls of their ships and limiting access to the ship's engine room to contain damage if a breach happens. It's been done this way since the 15th century, and it's still being done in today's modern vessels. The lessons learned from shipbuilders can be applied to modern IT security. Here are a few security principles that reflect this:

  1. Shipbuilders assume that at some point the ship will suffer a leak, and so they create hulls that prevent a single leak from sinking the entire ship. In the same way, assume a breach in your corporate environment and segment your network. This way, if there's malware in the testing environment, other sensitive environments such as development, production, and the DMZ won't be affected. Lack of segmentation allows attackers to move with ease to critical areas once they make it through the perimeter, much the same way water would flow throughout the entire ship if the hull wasn't segmented.
  2. Staff responsible for maintaining the ship's hull monitor for leaks or weak points patch regularly to keep precious cargo and crew safe. In the same way, modern security teams must be vigilant about monitoring and patching to prevent proverbial cracks in the perimeter and potentially bigger problems.
  3. The ship's most sensitive tools are hosted in the engine room. To protect your crown jewels, fence your critical IT assets to make sure they are not damaged in case of a network breach.
  4. Consider ships that staff their lookouts 24/7 in order to keep a watch on everything, and direct course correction if necessary. Similarly, think about maintaining complete visibility throughout the entire data center down to the application level. Gaining visibility of an increasingly complex and dynamic ecosystem is a must before you can "change course" or put any policy or controls into place.
  5. Keeping the crew from accessing the ship's bridge is an important safety measure. Likewise, in the cyber world we advise that you base your policy on user identity to ensure that your employees, contractors, and remote users access only what they're entitled to. The result is greater security for your business-critical applications that can be accessed only by authorized users.

In the past two years alone, there have been several examples that point to a lack of visibility and segmentation as the No. 1 cause for large-scale breaches. With a breach of the scale of Equifax — one of the largest cyberattacks of all time, affecting 148 million consumers in 2017 — the US House of Representatives Committee on Oversight and Government Reform report on the breach mentions "the company's failure to implement basic security protocols, including file integrity monitoring and network segmentation" as an insight into how Equifax "allowed attackers to access and remove large amounts of data."

Equifax's lack of a well-implemented segmentation strategy allowed attackers to gain access to dozens of databases that contained personally identifiable information in an attack that lasted over 75 days. WannaCry, the largest malware infection in history, could have also been better contained if companies had patched their systems against the MS10-010 vulnerability that allowed its exploitation. Recall, however, that with WannaCry, organizations didn't realize they had a vulnerability that needed patching or were unable to do so. Even without patching, had network segmentation been deployed, affected organizations would have been able to enforce security policies and prevent the worm from moving laterally across their environments. 

Anticipate the Breach. Patch. Segment.
With threats at the scale of Equifax and WannaCry, it would be easy to assume that the attackers used a complex attack pattern or took advantage of a new vulnerability that flew under the radar. Yet these attacks were made possible by unpatched systems and the lack of network segmentation. By embracing the chaos to come and anticipating attacks that can be stopped by network segmentation and better visibility into the data center, businesses are less likely to be sunk by a breach and can ensure the longevity of their company. 

Related Content:


Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'."

Ariel Zeitlin co-founded Guardicore after spending 11 years as a cybersecurity engineer and researcher at the Israeli Defense Forces (IDF), where he worked closely with co-founder Pavel Gurvich. In his last position at the IDF, Ariel led a team of 30 engineers and researchers ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
11/15/2019 | 10:34:34 AM
User and Network policies vs. Password and MFI
"... base your policy on user identity ... file integrity monitoring and network segmentation"

This is what I have been saying forever. Blaming user for not using passwords properly, especially incessant password changes, is a poor excuse for running an IT system. Without properly segmentation of systems and a bird's-eye-view monitoring of users' activities, no amount of password changes or multi-factor identification would secure the critical IT infrastructure.
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
Kelly Sheridan, Staff Editor, Dark Reading,  1/10/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark Reading,  1/14/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Give us your best shot! You might win an Amazon gift card!
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-17
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
PUBLISHED: 2020-01-17
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and...
PUBLISHED: 2020-01-17
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
PUBLISHED: 2020-01-17
In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
PUBLISHED: 2020-01-17
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.