Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/31/2020
10:00 AM
Dr. Mike Lloyd
Dr. Mike Lloyd
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Ways Social Distancing Can Strengthen Your Network

Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.

We all know the role social distancing plays in combating COVID-19. Most people also understand why this is our primary line of defense; it's about slowing down the progress of the disease to prevent our healthcare defenders from being overwhelmed. Today's network security teams live in a similar shifting landscape and need to apply these same ideas to avoid getting overwhelmed. Here are three tactics to help "social distance" your network.

Tactic 1: Focus on Flare-ups
Networks bring a lot of value into our lives, but along with the value we get a lot of built-in complexity. As a result, network defense is complicated, whether your network is for commerce, healthcare, military use, or something else. All networks share one thing in common: the accumulation of complex, interacting parts. As a network grows, the number of things that can interact goes up very fast — quadratically fast. If your network doubles, the number of possible interactions goes up four times. At this rate, networks rapidly outstrip our ability to keep track of them and find problems.

Public health officials face a similar problem when combating a virus. On a planet with billions of people, it's impossible to accurately determine how many people have the disease. Instead, to protect as many people as possible, health officials focus on identifying symptoms and containing flare-ups.

Tactic 2: Without a Magic Bullet, Operate Wisely
With a pandemic, social distancing is a practical step we can take to save lives. Unfortunately, distancing is even more difficult in online security. When it's people versus a virus, people can change their behavior faster and more intelligently than the bug can evolve. The online world pits people against people, where the adversaries are clever and motivated. Tactics keep shifting, new vulnerabilities are continually discovered, and the rules for defense never settle down. This means our countermeasures must keep changing too. What was considered decent security yesterday is routinely out of date today.

It's no wonder that we have to plan for how we will handle breaches and how we'll quickly recover from them. Despite how security vendors behaved for years, perfect prevention is not an option you can buy off of a shelf. We must build security on the assumption that someone is going to get into some part of our infrastructure in the same way that we can't rely on travel constraints to keep a virus out. Social distancing has become the most important lesson to carry from the pandemic into online security.

Tactic 3: Quarantine or Zero Trust Is Not the Answer
Completely disconnecting from the outside world is not the answer to social distancing. Networks across all industries — from banking and finance to military, healthcare, and industrial operations — need to connect to perform their functions and deliver value and efficiencies. People also rely on connections, including social, emotional, and professional. For both networks and society, there will always be a risk of something nasty getting inside. The point of social distancing for your network is not to stop all contact with the outside. It's to increase the gaps between systems internally. Since we can't isolate our networks, we have to deal with internal segmentation, which intentionally keeps separate things separate.

Modern computing allows software to be run with wild abandon, sharing virtual machines and containers on limited physical resources. At first, IT shops saw this as a great advantage, giving them the ability to make one computer do the job of five and to reallocate inefficiently used resources to places where they can make a difference. Security personnel see it like public health personnel might: We know interactions — between networks or people — are necessary. So we manage the risk by asking for reasonable accommodations to a dangerous world. This compromise results in social distancing and network segmentation.

People don't like wearing masks and staying apart, and IT teams don't like limits placed on where they can run things. Security professionals must make the risks clear and avoid being too inflexible. An organization may have an innovative, cloud-first development team using cutting-edge tools. But while we don't want to remove their freedom to work quickly, we can require that they keep their fast-moving experiments in a confined cloud footprint, away from other operations that work at different speeds or face different regulatory requirements.

There are important security lessons we can take from the current pandemic to make modern hybrid business networks stronger and more resilient. We must prepare for events that haven't happened yet. And we must think about how to slow down spread by building in separation between different fast-changing areas.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dr. Mike Lloyd is CTO of cyber terrain mapping company RedSeal. Dr. Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25252
PUBLISHED: 2021-03-03
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2021-26813
PUBLISHED: 2021-03-03
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
CVE-2021-27215
PUBLISHED: 2021-03-03
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the...
CVE-2021-3419
PUBLISHED: 2021-03-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-15937
PUBLISHED: 2021-03-03
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.