Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/19/2019
10:30 AM
Darren Anstee
Darren Anstee
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

Why We Need a 'Cleaner Internet'

By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.

If we discover a water leak in our homes, we don't throw a large bucket underneath and hope the problem goes away. We try to stop the damage by finding the source of the problem. But when dealing with threats in the connected world, we seem to take the former approach, deploying more security tools and spending more money – and all the while the risk of damage continues to increase.

In this current paradigm, the Internet is neutral and, in fact, largely passive. Unless the traffic related to an attack directly impacts a network, causing congestion or other issues, it is simply delivered as equitably as "good" traffic.

In midsize and large companies, millions of dollars have been spent deploying multiple layers of security technology (multiple buckets) and putting the right people and processes in place (to empty the buckets). However, threats are becoming more sophisticated and harder to defend against amid a growing population of connected infrastructure that is poorly defended and vulnerable – namely, the Internet of Things (IoT).

The number of devices connected to the Internet is expected to grow exponentially – around 29 billion connected devices are forecast by 2022, of which around 18 billion will be related to IoT. As we all know, many of these devices were not designed with security in mind. It is also common knowledge that bad actors have already used IoT devices to launch large-scale distributed denial-of-service attacks for cryptojacking and for man-in-the-middle data theft. Initially, dictionaries of default passwords and network scans were used to build out large botnets of temporarily (until reboot) compromised devices. Now more sophisticated vulnerabilities, and a wider range of passwords, are being used to more permanently take control of a broader range of devices. And this is just the beginning.

Putting appropriate defenses in place to defend against targeted threats is important and will always be required. But what if the networks that make up the Internet started to block threats and attacks nearer to their sources – if vulnerable infrastructure was identified and protected proactively? Much of the "noise" we have to deal with in the security would diminish. We'd cut down on the complexity in the security stacks deployed by well-defended organizations, reducing cost and risk. The shortage of skilled security personnel would become less of an issue, as well. In short, we'd be making it harder and more costly for attackers to launch attacks, shifting the balance away from the target.  

In doing so, we'd also be turning the connected world into a cleaner and safer place for all. Returning to our water leak analogy, we'd be reducing our risk, and the cost of buying buckets, by turning off the water to the exterior taps before the frost causes them to burst.

There is a growing interest in this proactive approach from the cybersecurity community, including the federal government. In fact, the US Department of Defense stated in its Cyber Strategy Summary from last September: "We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict."  

Network operators are also increasingly concerned with the implication of potential security incidents made possible by the explosion of unprotected infrastructure and are giving consideration to this pre-emptive approach. Yet this interest is not entirely altruistic. The concept of a "cleaner Internet" gives network providers an opportunity to generate revenue by providing a broader set of security services to a broader range of consumers and organizations.

While the global managed security services market is growing rapidly, most current offerings are aimed at large, sophisticated organizations that know and understand exactly the type of capabilities they need. Expanding security services to a broader range of customers, even at a relatively low cost, could yield significant returns when tens or hundreds of thousands of businesses are considered.

The next five years are sure to see a directed movement by the industry to invest in a cleaner Internet. Expect to see operators delivering new services that offer more proactive capabilities to deal with threats before they reach their target – enabling the continued expansion of the connected world while reducing our overall risk and cost.

Related Content:

 

 

 Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Darren Anstee has 20 years of experience in pre-sales, consultancy, and support for telecom and security solutions. As Chief Technology Officer at Arbor Networks, Darren works across the research, strategy, and pre-sales aspects of Arbor's traffic monitoring, threat ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Rigina
50%
50%
Rigina,
User Rank: Apprentice
4/23/2019 | 5:19:15 AM
Re: Locking down malicious actions closer to the source
look it is an interresting  article https://www.bbc.co.uk/mediacentre/proginfo/2019/12/the-internets-dirtiest-secrets-the-cleaners

find it quite interesting
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
4/22/2019 | 10:53:30 AM
Re: Locking down malicious actions closer to the source
This is a messy area indeed - cleaner but whose idea of clean is the one that applies.   And who polices that clean environment (who makes that decision based upon what criteria).   We are getting close to State and One thought for all.  i believe it should be a wide open Dodge City for free speech with all the hell that embraces.  The price of a free internet.  There are always bad users and actors, always will be.   You cannot legislate stupidity but it is rampant.  (See Congress LOL).  Slippery slope indeed.
SPeterson
50%
50%
SPeterson,
User Rank: Apprentice
4/20/2019 | 9:10:45 PM
Locking down malicious actions closer to the source
I agree we need "dummy-proof" security, however, be careful to not make it harder for truth about what's going on to get sent out of countries and organizations that want to rigidly control the flow of information. (And, there's no such thing as foolproof, because fools are so ingenious.)
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...