Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/19/2019
10:30 AM
Darren Anstee
Darren Anstee
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why We Need a 'Cleaner Internet'

By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.

If we discover a water leak in our homes, we don't throw a large bucket underneath and hope the problem goes away. We try to stop the damage by finding the source of the problem. But when dealing with threats in the connected world, we seem to take the former approach, deploying more security tools and spending more money – and all the while the risk of damage continues to increase.

In this current paradigm, the Internet is neutral and, in fact, largely passive. Unless the traffic related to an attack directly impacts a network, causing congestion or other issues, it is simply delivered as equitably as "good" traffic.

In midsize and large companies, millions of dollars have been spent deploying multiple layers of security technology (multiple buckets) and putting the right people and processes in place (to empty the buckets). However, threats are becoming more sophisticated and harder to defend against amid a growing population of connected infrastructure that is poorly defended and vulnerable – namely, the Internet of Things (IoT).

The number of devices connected to the Internet is expected to grow exponentially – around 29 billion connected devices are forecast by 2022, of which around 18 billion will be related to IoT. As we all know, many of these devices were not designed with security in mind. It is also common knowledge that bad actors have already used IoT devices to launch large-scale distributed denial-of-service attacks for cryptojacking and for man-in-the-middle data theft. Initially, dictionaries of default passwords and network scans were used to build out large botnets of temporarily (until reboot) compromised devices. Now more sophisticated vulnerabilities, and a wider range of passwords, are being used to more permanently take control of a broader range of devices. And this is just the beginning.

Putting appropriate defenses in place to defend against targeted threats is important and will always be required. But what if the networks that make up the Internet started to block threats and attacks nearer to their sources – if vulnerable infrastructure was identified and protected proactively? Much of the "noise" we have to deal with in the security would diminish. We'd cut down on the complexity in the security stacks deployed by well-defended organizations, reducing cost and risk. The shortage of skilled security personnel would become less of an issue, as well. In short, we'd be making it harder and more costly for attackers to launch attacks, shifting the balance away from the target.  

In doing so, we'd also be turning the connected world into a cleaner and safer place for all. Returning to our water leak analogy, we'd be reducing our risk, and the cost of buying buckets, by turning off the water to the exterior taps before the frost causes them to burst.

There is a growing interest in this proactive approach from the cybersecurity community, including the federal government. In fact, the US Department of Defense stated in its Cyber Strategy Summary from last September: "We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict."  

Network operators are also increasingly concerned with the implication of potential security incidents made possible by the explosion of unprotected infrastructure and are giving consideration to this pre-emptive approach. Yet this interest is not entirely altruistic. The concept of a "cleaner Internet" gives network providers an opportunity to generate revenue by providing a broader set of security services to a broader range of consumers and organizations.

While the global managed security services market is growing rapidly, most current offerings are aimed at large, sophisticated organizations that know and understand exactly the type of capabilities they need. Expanding security services to a broader range of customers, even at a relatively low cost, could yield significant returns when tens or hundreds of thousands of businesses are considered.

The next five years are sure to see a directed movement by the industry to invest in a cleaner Internet. Expect to see operators delivering new services that offer more proactive capabilities to deal with threats before they reach their target – enabling the continued expansion of the connected world while reducing our overall risk and cost.

Related Content:

 

 

 Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Darren Anstee has 20 years of experience in pre-sales, consultancy, and support for telecom and security solutions. As Chief Technology Officer at Arbor Networks, Darren works across the research, strategy, and pre-sales aspects of Arbor's traffic monitoring, threat ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Rigina
50%
50%
Rigina,
User Rank: Apprentice
4/23/2019 | 5:19:15 AM
Re: Locking down malicious actions closer to the source
look it is an interresting  article https://www.bbc.co.uk/mediacentre/proginfo/2019/12/the-internets-dirtiest-secrets-the-cleaners

find it quite interesting
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
4/22/2019 | 10:53:30 AM
Re: Locking down malicious actions closer to the source
This is a messy area indeed - cleaner but whose idea of clean is the one that applies.   And who polices that clean environment (who makes that decision based upon what criteria).   We are getting close to State and One thought for all.  i believe it should be a wide open Dodge City for free speech with all the hell that embraces.  The price of a free internet.  There are always bad users and actors, always will be.   You cannot legislate stupidity but it is rampant.  (See Congress LOL).  Slippery slope indeed.
SPeterson
50%
50%
SPeterson,
User Rank: Apprentice
4/20/2019 | 9:10:45 PM
Locking down malicious actions closer to the source
I agree we need "dummy-proof" security, however, be careful to not make it harder for truth about what's going on to get sent out of countries and organizations that want to rigidly control the flow of information. (And, there's no such thing as foolproof, because fools are so ingenious.)
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .