Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:30 PM
Ofer Amitai
Ofer Amitai
Connect Directly
E-Mail vvv

The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter

The network no longer provides an air gap against external threats, but access devices can take up the slack.

Four potent forces have turned network security on its head: the decentralization of corporate networks; the proliferation of mobile devices; the evolution of the bring-your-own-device (BYOD) policies to include multiple devices; and the massively disruptive Internet of Things (IoT) phenomenon. One of these forces on its own is enough to weaken the best security defenses, but together they are wreaking havoc in enterprises in every industry.

The impact of these forces has essentially erased the enterprise perimeter, traditionally used to protect organizations from external attacks. The fall of this wall has created a new security landscape in which each endpoint, no matter from where it connects, has become its own perimeter — a weakness that can give adversaries access to the entire network.

The Fall of the Wall
Decentralization caused the first bricks to crumble. The final bricks were taken away by the widespread adoption of BYOD policies and the often chaotic infiltration of IoT devices.

Today, an enterprise might have multiple offices in cities across the country or across the globe, with each location potentially having different security protocols, products, and services. Meanwhile, employees connecting through public, unsecured Wi-Fi connections, as well as contractors and other third-parties using unmanaged BYOD devices all log in to the corporate network. 

The Lateral Threat
A significant challenge to network and information security is lateral movement of attacks such as malware or ransomware and hackers, once inside the network. Undetected, these threats can propagate from one compromised endpoint to others.

In recent years, adversaries have carried out large-scale attacks by exploiting known vulnerabilities and security gaps on endpoints. WannaCry, NotPetya, and Bad Rabbit malware all used lateral movement to spread on a global scale in 2017. Using a single entry point — generally, the most vulnerable device — hackers were able to quickly take down unpatched systems.

Often, the weakest points are unmanaged, unprotected IoT devices, especially those deployed on secure network segments used by important company assets. IoT devices aren’t transient and typically remain undetected by network scans. Therefore, security teams are often unaware of the attack surface they create.

Best Practices
Visibility: Having full visibility of all devices connected to the network is essential. This includes gathering information such as the location and type of device, the processes and applications it is running, and how many similar devices are connected across the enterprise. Full visibility should not be limited to headquarters and includes all branches and endpoints.

Use Historical Data: Historical data on endpoint usage — such as past processes, network connections, and other information — can be very useful in detecting compromised devices as well as in tracing the path of a threat once it has been identified. This data can also be invaluable for conducting rapid and accurate responses to incidents as well as preventing future attacks.

Keep It Simple: Simple security configurations and deployments can translate to painless ongoing maintenance and better security in a world of increasing threats. Simplicity is crucial because enterprises are shorthanded, manage dozens of security products, and have limited time to investigate and respond to threats.

Automate Monitoring and Mitigation: Continuous monitoring is the best way to prevent risks from escalating into security incidents. Organizations need the ability to automatically quarantine threats before they access crucial enterprise data or services. This allows the security teams to assess if a risk is a threat, and, if it is, to block affected endpoints.

Avoid Vendor Lock-in: In a dynamic world where organizations evolve through organic growth or through merger or acquisition, they should not tie their security to a specific vendor. To prevent vendor lock-in and future-proof security operations, adopt a vendor-agnostic approach when choosing security products or services.

Embrace the Cloud: A cloud service runs the latest version of software at any given moment, provides seamless upgrades, and delivers up to date capabilities. Additionally, it offers smooth scalability and distribution across the world, making it a must-have for decentralized enterprises.

Another advantage of a cloud-based approach: It handles threats both inside and outside the enterprise perimeter, allowing organizations to provide remote branches the same security as their corporate headquarters.

Ultimately, enterprises should consider a security approach that implements a perimeter on endpoints through continuous monitoring, risk assessment, policy enforcement, and automated containment/remediation of compromised devices. Following the previously mentioned best practices provides a good framework for re-establishing control over network security.

Related Content:


Ofer Amitai is CEO and co-founder of Portnox, where he is responsible for day-to-day operations and setting the company's strategic direction. He has over 20 years' experience in network security, during which time he established the first IT security team in the Israeli Air ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/21/2019 | 11:46:46 AM
Re: Good Idea
User Rank: Strategist
1/21/2019 | 12:58:54 AM
Paw-ke Mon Go!
"Now, we come here to play Paw-ke Mon Go!"
User Rank: Apprentice
1/20/2019 | 4:29:55 PM
Re: Good Idea
Articles like this just make me laugh. 

I've been consulting for 20 years and I still have yet to see a single organization allow BYOD devices on the corporate network.  If I ever see that, I will point it out as a huge security hole.  BYOD isn't common because the company can't transfer liability to the owner of that device.  If some end user puts corporate data on their personal laptop, which is then stolen, it's the company not the user that is liable.  Therefore, no BYOD. 

This author also said something about contractors putting BYOD devices on the corporate network.  This is also stupid and is not something that ever happens, and for the same reasons I described above.  In my experience, contractors are barely allowed to use the guest WiFi. 

The security perimeter is expanding, not disolving.  BYOD is not a threat if you don't allow them on the network.  Security comes before popularity. 

If you can't control it, don't allow it. 
User Rank: Author
1/18/2019 | 3:50:09 AM
No more one size fits all
Organizations need to be realistic that they will have different endpoints with different levels of security. That's fine provided that they're conscious of it - and that they restrict what their less secure endpoints can do (ie don't allow insecure endpoints to talk to your most sensitive systems!)
User Rank: Ninja
1/17/2019 | 3:11:35 PM
Good Idea
No bring your own devices.  At work you use a CORPORATE ASSET or not at all.  THAT is a good rule.  Eliminates alot of troubles.  Corp has rules for usage of assets, but bringing your own in voids all of that in a flash. SO DON'T BE STUPID about it.  Work is work and that is that.  No outside anything except IF you have a defended guest network maybe and even then test the hell out of it.  Segment that off your corp in-office network.  Tools exist for that.  But NOTHING OUTSIDE ever comes in the door.  Simple and effective. 
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.