Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/9/2020
02:00 PM
PJ Kirner
PJ Kirner
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cyber Resiliency, Cloud & the Evolving Role of the Firewall

Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.

As more applications move to the cloud and hybrid cloud environments, so too do the threats and bad actors that permeate today's businesses. Today, defending against such threats is only half the battle, and preventing against the vulnerabilities — specifically, complex chains of simple vulnerabilities — that we cannot see will separate thriving businesses from their counterparts. Organizations will be forced to either evolve their mentality — or lose out to evolving threats.  

Let's begin with how cloud computing placed new pressures on the firewall. The firewall, like many businesses of the late 21st century, has had to evolve as cloud environments became the norm.

Originally introduced in the late '80s, the first network firewalls were developed to protect private networks by securing gateway servers to external networks like the Internet. Generally speaking, firewalls were designed to block or allow "north/south" traffic according to rules that had been set up to define what was permissible and what's not, thereby defining the "perimeter" for the enterprise. To this day, firewalls still continue to excel at solving this specific problem where it exists.

But cloud computing introduced a new wave of complex cloud and hybrid environments that changed what the "perimeter" looks like, causing the firewall to evolve. We have seen the introduction of virtual firewalls, intended for the public cloud, that provide some visibility around where connections come from or where they are going. However, that is only a minor evolution, and still relies upon a traditional way of thinking about the world at its core.

Enter the Agile Cloud
Today, the same evolution is needed in cybersecurity defense-in-depth. Strong perimeter defenses are still foundational but now are complemented with an "assume breach" mentality. This is a mere acknowledgment of what we know — a security incident will happen thanks to an employee clicking on a phishing link, a misconfiguration exposing a container to the Internet, or stolen credentials. Practically, we will evolve defense-in-depth to complement perimeter defenses with zero-trust dynamic and adaptive controls. This will ensure small security incidents remain just that by stopping unauthorized access to networks and applications or malicious lateral movement in data centers and clouds. 

This breach mentality is founded on a risk-based view of protecting your highest-value assets. This means focusing on bolstering your perimeter defenses as much as defenses that detain attackers who get inside. They will get in eventually; however, with the right approach, damage can be minimal.

Obviously, the assume breach mentality builds upon the single objective of your traditional firewall — keeping the bad guys out. But in 2020, new entry points will continue to emerge, bad actors will continue to implement more creative attacks, and threats will continue to evolve. Evolving defenses must be both creative in isolating those threats as well as in segmenting environments to prevent attacks to exterior defenses.

Planning for the Inevitable
Start by turning your focus on investing in your cyber resiliency. Cyber resiliency is your company's ability to withstand a cyberattack and continue operations. It requires organizations to assume a breach will happen and also plan for what happens next. History shows that it's not a question of if but when a breach will happen, so organizations need to invest to protect their most important, valuable data and prepare to withstand attacks.

The best and most effective security strategy for enterprises is what has been coined zero trust, a strategy by which organizations don't trust anything inside or outside the network perimeters and instead verify anything and everything that's trying to connect to the network before giving it access. Zero trust has become a model for effective security by localizing and isolating threats through microsegmentation technology that applies policies to individual workloads for greater attack resistance.

I like to use a submarine analogy when it comes to microsegmentation: Picture two submarines — one built with bulkheads or walls that create airtight compartments connected to a solid hull, and the other just a hull with no walls segmenting the interior. Both submarines have been breached and water is pouring in, but when the first submarine starts leaking, you quickly seal the compartment with the leak to contain it, and although that specific compartment floods, the rest of the ship stays safe and dry.

Unlike the firewall, this is an architecture that is built specifically for breaches. It is designed both for the intruders, and forthe "assume breach" thinkers. Although unconventional, if we learned anything in 2019, it's that attackers are continuing to innovate, so our technology and our defense systems must do the same. In 2020, we can already assume that attacks will be plentiful and breaches will be many. But just because attackers get in doesn't mean they need to get what they're looking for.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Perfect Travel Security Policy for a Globe-Trotting Laptop."

As chief technology officer and founder, PJ is responsible for Illumio's technology vision and platform architecture. PJ has 20 years of experience in engineering, with a focus on addressing the complexities of data centers. Prior to Illumio, PJ was CTO at Cymtec. He also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20902
PUBLISHED: 2020-10-01
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
CVE-2019-20903
PUBLISHED: 2020-10-01
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.