Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/19/2019
10:30 AM
Darren Anstee
Darren Anstee
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

Why We Need a 'Cleaner Internet'

By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.

If we discover a water leak in our homes, we don't throw a large bucket underneath and hope the problem goes away. We try to stop the damage by finding the source of the problem. But when dealing with threats in the connected world, we seem to take the former approach, deploying more security tools and spending more money – and all the while the risk of damage continues to increase.

In this current paradigm, the Internet is neutral and, in fact, largely passive. Unless the traffic related to an attack directly impacts a network, causing congestion or other issues, it is simply delivered as equitably as "good" traffic.

In midsize and large companies, millions of dollars have been spent deploying multiple layers of security technology (multiple buckets) and putting the right people and processes in place (to empty the buckets). However, threats are becoming more sophisticated and harder to defend against amid a growing population of connected infrastructure that is poorly defended and vulnerable – namely, the Internet of Things (IoT).

The number of devices connected to the Internet is expected to grow exponentially – around 29 billion connected devices are forecast by 2022, of which around 18 billion will be related to IoT. As we all know, many of these devices were not designed with security in mind. It is also common knowledge that bad actors have already used IoT devices to launch large-scale distributed denial-of-service attacks for cryptojacking and for man-in-the-middle data theft. Initially, dictionaries of default passwords and network scans were used to build out large botnets of temporarily (until reboot) compromised devices. Now more sophisticated vulnerabilities, and a wider range of passwords, are being used to more permanently take control of a broader range of devices. And this is just the beginning.

Putting appropriate defenses in place to defend against targeted threats is important and will always be required. But what if the networks that make up the Internet started to block threats and attacks nearer to their sources – if vulnerable infrastructure was identified and protected proactively? Much of the "noise" we have to deal with in the security would diminish. We'd cut down on the complexity in the security stacks deployed by well-defended organizations, reducing cost and risk. The shortage of skilled security personnel would become less of an issue, as well. In short, we'd be making it harder and more costly for attackers to launch attacks, shifting the balance away from the target.  

In doing so, we'd also be turning the connected world into a cleaner and safer place for all. Returning to our water leak analogy, we'd be reducing our risk, and the cost of buying buckets, by turning off the water to the exterior taps before the frost causes them to burst.

There is a growing interest in this proactive approach from the cybersecurity community, including the federal government. In fact, the US Department of Defense stated in its Cyber Strategy Summary from last September: "We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict."  

Network operators are also increasingly concerned with the implication of potential security incidents made possible by the explosion of unprotected infrastructure and are giving consideration to this pre-emptive approach. Yet this interest is not entirely altruistic. The concept of a "cleaner Internet" gives network providers an opportunity to generate revenue by providing a broader set of security services to a broader range of consumers and organizations.

While the global managed security services market is growing rapidly, most current offerings are aimed at large, sophisticated organizations that know and understand exactly the type of capabilities they need. Expanding security services to a broader range of customers, even at a relatively low cost, could yield significant returns when tens or hundreds of thousands of businesses are considered.

The next five years are sure to see a directed movement by the industry to invest in a cleaner Internet. Expect to see operators delivering new services that offer more proactive capabilities to deal with threats before they reach their target – enabling the continued expansion of the connected world while reducing our overall risk and cost.

Related Content:

 

 

 Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Darren Anstee has 20 years of experience in pre-sales, consultancy, and support for telecom and security solutions. As Chief Technology Officer at Arbor Networks, Darren works across the research, strategy, and pre-sales aspects of Arbor's traffic monitoring, threat ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
SPeterson
50%
50%
SPeterson,
User Rank: Apprentice
4/20/2019 | 9:10:45 PM
Locking down malicious actions closer to the source
I agree we need "dummy-proof" security, however, be careful to not make it harder for truth about what's going on to get sent out of countries and organizations that want to rigidly control the flow of information. (And, there's no such thing as foolproof, because fools are so ingenious.)
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
4/22/2019 | 10:53:30 AM
Re: Locking down malicious actions closer to the source
This is a messy area indeed - cleaner but whose idea of clean is the one that applies.   And who polices that clean environment (who makes that decision based upon what criteria).   We are getting close to State and One thought for all.  i believe it should be a wide open Dodge City for free speech with all the hell that embraces.  The price of a free internet.  There are always bad users and actors, always will be.   You cannot legislate stupidity but it is rampant.  (See Congress LOL).  Slippery slope indeed.
Rigina
50%
50%
Rigina,
User Rank: Apprentice
4/23/2019 | 5:19:15 AM
Re: Locking down malicious actions closer to the source
look it is an interresting  article https://www.bbc.co.uk/mediacentre/proginfo/2019/12/the-internets-dirtiest-secrets-the-cleaners

find it quite interesting
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-7505
PUBLISHED: 2020-02-18
Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.
CVE-2015-7567
PUBLISHED: 2020-02-18
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
CVE-2012-0718
PUBLISHED: 2020-02-18
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.
CVE-2019-10791
PUBLISHED: 2020-02-18
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
CVE-2009-5146
PUBLISHED: 2020-02-18
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.