Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/31/2020
10:00 AM
Dr. Mike Lloyd
Dr. Mike Lloyd
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

3 Ways Social Distancing Can Strengthen Your Network

Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.

We all know the role social distancing plays in combating COVID-19. Most people also understand why this is our primary line of defense; it's about slowing down the progress of the disease to prevent our healthcare defenders from being overwhelmed. Today's network security teams live in a similar shifting landscape and need to apply these same ideas to avoid getting overwhelmed. Here are three tactics to help "social distance" your network.

Tactic 1: Focus on Flare-ups
Networks bring a lot of value into our lives, but along with the value we get a lot of built-in complexity. As a result, network defense is complicated, whether your network is for commerce, healthcare, military use, or something else. All networks share one thing in common: the accumulation of complex, interacting parts. As a network grows, the number of things that can interact goes up very fast — quadratically fast. If your network doubles, the number of possible interactions goes up four times. At this rate, networks rapidly outstrip our ability to keep track of them and find problems.

Public health officials face a similar problem when combating a virus. On a planet with billions of people, it's impossible to accurately determine how many people have the disease. Instead, to protect as many people as possible, health officials focus on identifying symptoms and containing flare-ups.

Tactic 2: Without a Magic Bullet, Operate Wisely
With a pandemic, social distancing is a practical step we can take to save lives. Unfortunately, distancing is even more difficult in online security. When it's people versus a virus, people can change their behavior faster and more intelligently than the bug can evolve. The online world pits people against people, where the adversaries are clever and motivated. Tactics keep shifting, new vulnerabilities are continually discovered, and the rules for defense never settle down. This means our countermeasures must keep changing too. What was considered decent security yesterday is routinely out of date today.

It's no wonder that we have to plan for how we will handle breaches and how we'll quickly recover from them. Despite how security vendors behaved for years, perfect prevention is not an option you can buy off of a shelf. We must build security on the assumption that someone is going to get into some part of our infrastructure in the same way that we can't rely on travel constraints to keep a virus out. Social distancing has become the most important lesson to carry from the pandemic into online security.

Tactic 3: Quarantine or Zero Trust Is Not the Answer
Completely disconnecting from the outside world is not the answer to social distancing. Networks across all industries — from banking and finance to military, healthcare, and industrial operations — need to connect to perform their functions and deliver value and efficiencies. People also rely on connections, including social, emotional, and professional. For both networks and society, there will always be a risk of something nasty getting inside. The point of social distancing for your network is not to stop all contact with the outside. It's to increase the gaps between systems internally. Since we can't isolate our networks, we have to deal with internal segmentation, which intentionally keeps separate things separate.

Modern computing allows software to be run with wild abandon, sharing virtual machines and containers on limited physical resources. At first, IT shops saw this as a great advantage, giving them the ability to make one computer do the job of five and to reallocate inefficiently used resources to places where they can make a difference. Security personnel see it like public health personnel might: We know interactions — between networks or people — are necessary. So we manage the risk by asking for reasonable accommodations to a dangerous world. This compromise results in social distancing and network segmentation.

People don't like wearing masks and staying apart, and IT teams don't like limits placed on where they can run things. Security professionals must make the risks clear and avoid being too inflexible. An organization may have an innovative, cloud-first development team using cutting-edge tools. But while we don't want to remove their freedom to work quickly, we can require that they keep their fast-moving experiments in a confined cloud footprint, away from other operations that work at different speeds or face different regulatory requirements.

There are important security lessons we can take from the current pandemic to make modern hybrid business networks stronger and more resilient. We must prepare for events that haven't happened yet. And we must think about how to slow down spread by building in separation between different fast-changing areas.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dr. Mike Lloyd is CTO of cyber terrain mapping company RedSeal. Dr. Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-0532
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177
CVE-2021-0533
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932
CVE-2021-26461
PUBLISHED: 2021-06-21
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-0478
PUBLISHED: 2021-06-21
In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for explo...
CVE-2021-0504
PUBLISHED: 2021-06-21
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...