Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/19/2019
10:30 AM
Darren Anstee
Darren Anstee
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

Why We Need a 'Cleaner Internet'

By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.

If we discover a water leak in our homes, we don't throw a large bucket underneath and hope the problem goes away. We try to stop the damage by finding the source of the problem. But when dealing with threats in the connected world, we seem to take the former approach, deploying more security tools and spending more money – and all the while the risk of damage continues to increase.

In this current paradigm, the Internet is neutral and, in fact, largely passive. Unless the traffic related to an attack directly impacts a network, causing congestion or other issues, it is simply delivered as equitably as "good" traffic.

In midsize and large companies, millions of dollars have been spent deploying multiple layers of security technology (multiple buckets) and putting the right people and processes in place (to empty the buckets). However, threats are becoming more sophisticated and harder to defend against amid a growing population of connected infrastructure that is poorly defended and vulnerable – namely, the Internet of Things (IoT).

The number of devices connected to the Internet is expected to grow exponentially – around 29 billion connected devices are forecast by 2022, of which around 18 billion will be related to IoT. As we all know, many of these devices were not designed with security in mind. It is also common knowledge that bad actors have already used IoT devices to launch large-scale distributed denial-of-service attacks for cryptojacking and for man-in-the-middle data theft. Initially, dictionaries of default passwords and network scans were used to build out large botnets of temporarily (until reboot) compromised devices. Now more sophisticated vulnerabilities, and a wider range of passwords, are being used to more permanently take control of a broader range of devices. And this is just the beginning.

Putting appropriate defenses in place to defend against targeted threats is important and will always be required. But what if the networks that make up the Internet started to block threats and attacks nearer to their sources – if vulnerable infrastructure was identified and protected proactively? Much of the "noise" we have to deal with in the security would diminish. We'd cut down on the complexity in the security stacks deployed by well-defended organizations, reducing cost and risk. The shortage of skilled security personnel would become less of an issue, as well. In short, we'd be making it harder and more costly for attackers to launch attacks, shifting the balance away from the target.  

In doing so, we'd also be turning the connected world into a cleaner and safer place for all. Returning to our water leak analogy, we'd be reducing our risk, and the cost of buying buckets, by turning off the water to the exterior taps before the frost causes them to burst.

There is a growing interest in this proactive approach from the cybersecurity community, including the federal government. In fact, the US Department of Defense stated in its Cyber Strategy Summary from last September: "We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict."  

Network operators are also increasingly concerned with the implication of potential security incidents made possible by the explosion of unprotected infrastructure and are giving consideration to this pre-emptive approach. Yet this interest is not entirely altruistic. The concept of a "cleaner Internet" gives network providers an opportunity to generate revenue by providing a broader set of security services to a broader range of consumers and organizations.

While the global managed security services market is growing rapidly, most current offerings are aimed at large, sophisticated organizations that know and understand exactly the type of capabilities they need. Expanding security services to a broader range of customers, even at a relatively low cost, could yield significant returns when tens or hundreds of thousands of businesses are considered.

The next five years are sure to see a directed movement by the industry to invest in a cleaner Internet. Expect to see operators delivering new services that offer more proactive capabilities to deal with threats before they reach their target – enabling the continued expansion of the connected world while reducing our overall risk and cost.

Related Content:

 

 

 Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Darren Anstee has 20 years of experience in pre-sales, consultancy, and support for telecom and security solutions. As Chief Technology Officer at Arbor Networks, Darren works across the research, strategy, and pre-sales aspects of Arbor's traffic monitoring, threat ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Rigina
50%
50%
Rigina,
User Rank: Apprentice
4/23/2019 | 5:19:15 AM
Re: Locking down malicious actions closer to the source
look it is an interresting  article https://www.bbc.co.uk/mediacentre/proginfo/2019/12/the-internets-dirtiest-secrets-the-cleaners

find it quite interesting
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
4/22/2019 | 10:53:30 AM
Re: Locking down malicious actions closer to the source
This is a messy area indeed - cleaner but whose idea of clean is the one that applies.   And who polices that clean environment (who makes that decision based upon what criteria).   We are getting close to State and One thought for all.  i believe it should be a wide open Dodge City for free speech with all the hell that embraces.  The price of a free internet.  There are always bad users and actors, always will be.   You cannot legislate stupidity but it is rampant.  (See Congress LOL).  Slippery slope indeed.
SPeterson
50%
50%
SPeterson,
User Rank: Apprentice
4/20/2019 | 9:10:45 PM
Locking down malicious actions closer to the source
I agree we need "dummy-proof" security, however, be careful to not make it harder for truth about what's going on to get sent out of countries and organizations that want to rigidly control the flow of information. (And, there's no such thing as foolproof, because fools are so ingenious.)
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...