Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/9/2020
02:00 PM
PJ Kirner
PJ Kirner
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cyber Resiliency, Cloud & the Evolving Role of the Firewall

Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.

As more applications move to the cloud and hybrid cloud environments, so too do the threats and bad actors that permeate today's businesses. Today, defending against such threats is only half the battle, and preventing against the vulnerabilities — specifically, complex chains of simple vulnerabilities — that we cannot see will separate thriving businesses from their counterparts. Organizations will be forced to either evolve their mentality — or lose out to evolving threats.  

Let's begin with how cloud computing placed new pressures on the firewall. The firewall, like many businesses of the late 21st century, has had to evolve as cloud environments became the norm.

Originally introduced in the late '80s, the first network firewalls were developed to protect private networks by securing gateway servers to external networks like the Internet. Generally speaking, firewalls were designed to block or allow "north/south" traffic according to rules that had been set up to define what was permissible and what's not, thereby defining the "perimeter" for the enterprise. To this day, firewalls still continue to excel at solving this specific problem where it exists.

But cloud computing introduced a new wave of complex cloud and hybrid environments that changed what the "perimeter" looks like, causing the firewall to evolve. We have seen the introduction of virtual firewalls, intended for the public cloud, that provide some visibility around where connections come from or where they are going. However, that is only a minor evolution, and still relies upon a traditional way of thinking about the world at its core.

Enter the Agile Cloud
Today, the same evolution is needed in cybersecurity defense-in-depth. Strong perimeter defenses are still foundational but now are complemented with an "assume breach" mentality. This is a mere acknowledgment of what we know — a security incident will happen thanks to an employee clicking on a phishing link, a misconfiguration exposing a container to the Internet, or stolen credentials. Practically, we will evolve defense-in-depth to complement perimeter defenses with zero-trust dynamic and adaptive controls. This will ensure small security incidents remain just that by stopping unauthorized access to networks and applications or malicious lateral movement in data centers and clouds. 

This breach mentality is founded on a risk-based view of protecting your highest-value assets. This means focusing on bolstering your perimeter defenses as much as defenses that detain attackers who get inside. They will get in eventually; however, with the right approach, damage can be minimal.

Obviously, the assume breach mentality builds upon the single objective of your traditional firewall — keeping the bad guys out. But in 2020, new entry points will continue to emerge, bad actors will continue to implement more creative attacks, and threats will continue to evolve. Evolving defenses must be both creative in isolating those threats as well as in segmenting environments to prevent attacks to exterior defenses.

Planning for the Inevitable
Start by turning your focus on investing in your cyber resiliency. Cyber resiliency is your company's ability to withstand a cyberattack and continue operations. It requires organizations to assume a breach will happen and also plan for what happens next. History shows that it's not a question of if but when a breach will happen, so organizations need to invest to protect their most important, valuable data and prepare to withstand attacks.

The best and most effective security strategy for enterprises is what has been coined zero trust, a strategy by which organizations don't trust anything inside or outside the network perimeters and instead verify anything and everything that's trying to connect to the network before giving it access. Zero trust has become a model for effective security by localizing and isolating threats through microsegmentation technology that applies policies to individual workloads for greater attack resistance.

I like to use a submarine analogy when it comes to microsegmentation: Picture two submarines — one built with bulkheads or walls that create airtight compartments connected to a solid hull, and the other just a hull with no walls segmenting the interior. Both submarines have been breached and water is pouring in, but when the first submarine starts leaking, you quickly seal the compartment with the leak to contain it, and although that specific compartment floods, the rest of the ship stays safe and dry.

Unlike the firewall, this is an architecture that is built specifically for breaches. It is designed both for the intruders, and forthe "assume breach" thinkers. Although unconventional, if we learned anything in 2019, it's that attackers are continuing to innovate, so our technology and our defense systems must do the same. In 2020, we can already assume that attacks will be plentiful and breaches will be many. But just because attackers get in doesn't mean they need to get what they're looking for.

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Perfect Travel Security Policy for a Globe-Trotting Laptop."

As chief technology officer and founder, PJ is responsible for Illumio's technology vision and platform architecture. PJ has 20 years of experience in engineering, with a focus on addressing the complexities of data centers. Prior to Illumio, PJ was CTO at Cymtec. He also ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.