Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/31/2020
10:00 AM
Dr. Mike Lloyd
Dr. Mike Lloyd
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Ways Social Distancing Can Strengthen Your Network

Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.

We all know the role social distancing plays in combating COVID-19. Most people also understand why this is our primary line of defense; it's about slowing down the progress of the disease to prevent our healthcare defenders from being overwhelmed. Today's network security teams live in a similar shifting landscape and need to apply these same ideas to avoid getting overwhelmed. Here are three tactics to help "social distance" your network.

Tactic 1: Focus on Flare-ups
Networks bring a lot of value into our lives, but along with the value we get a lot of built-in complexity. As a result, network defense is complicated, whether your network is for commerce, healthcare, military use, or something else. All networks share one thing in common: the accumulation of complex, interacting parts. As a network grows, the number of things that can interact goes up very fast — quadratically fast. If your network doubles, the number of possible interactions goes up four times. At this rate, networks rapidly outstrip our ability to keep track of them and find problems.

Public health officials face a similar problem when combating a virus. On a planet with billions of people, it's impossible to accurately determine how many people have the disease. Instead, to protect as many people as possible, health officials focus on identifying symptoms and containing flare-ups.

Tactic 2: Without a Magic Bullet, Operate Wisely
With a pandemic, social distancing is a practical step we can take to save lives. Unfortunately, distancing is even more difficult in online security. When it's people versus a virus, people can change their behavior faster and more intelligently than the bug can evolve. The online world pits people against people, where the adversaries are clever and motivated. Tactics keep shifting, new vulnerabilities are continually discovered, and the rules for defense never settle down. This means our countermeasures must keep changing too. What was considered decent security yesterday is routinely out of date today.

It's no wonder that we have to plan for how we will handle breaches and how we'll quickly recover from them. Despite how security vendors behaved for years, perfect prevention is not an option you can buy off of a shelf. We must build security on the assumption that someone is going to get into some part of our infrastructure in the same way that we can't rely on travel constraints to keep a virus out. Social distancing has become the most important lesson to carry from the pandemic into online security.

Tactic 3: Quarantine or Zero Trust Is Not the Answer
Completely disconnecting from the outside world is not the answer to social distancing. Networks across all industries — from banking and finance to military, healthcare, and industrial operations — need to connect to perform their functions and deliver value and efficiencies. People also rely on connections, including social, emotional, and professional. For both networks and society, there will always be a risk of something nasty getting inside. The point of social distancing for your network is not to stop all contact with the outside. It's to increase the gaps between systems internally. Since we can't isolate our networks, we have to deal with internal segmentation, which intentionally keeps separate things separate.

Modern computing allows software to be run with wild abandon, sharing virtual machines and containers on limited physical resources. At first, IT shops saw this as a great advantage, giving them the ability to make one computer do the job of five and to reallocate inefficiently used resources to places where they can make a difference. Security personnel see it like public health personnel might: We know interactions — between networks or people — are necessary. So we manage the risk by asking for reasonable accommodations to a dangerous world. This compromise results in social distancing and network segmentation.

People don't like wearing masks and staying apart, and IT teams don't like limits placed on where they can run things. Security professionals must make the risks clear and avoid being too inflexible. An organization may have an innovative, cloud-first development team using cutting-edge tools. But while we don't want to remove their freedom to work quickly, we can require that they keep their fast-moving experiments in a confined cloud footprint, away from other operations that work at different speeds or face different regulatory requirements.

There are important security lessons we can take from the current pandemic to make modern hybrid business networks stronger and more resilient. We must prepare for events that haven't happened yet. And we must think about how to slow down spread by building in separation between different fast-changing areas.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dr. Mike Lloyd is CTO of cyber terrain mapping company RedSeal. Dr. Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29440
PUBLISHED: 2020-11-30
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoof...
CVE-2020-29441
PUBLISHED: 2020-11-30
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronou...
CVE-2020-4127
PUBLISHED: 2020-11-30
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 F...
CVE-2020-11867
PUBLISHED: 2020-11-30
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
CVE-2020-16849
PUBLISHED: 2020-11-30
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.