The Good, Bad and Ugly - The Future of Enterprise Security
The year 2015 has seen a significant amount of security breaches like Anthem, Ashley Madison, the U.S. Office of Personnel Management (OPM), and countless others that have hit the healthcare, financial, higher-education and federal markets, and even the security industry itself. Today’s threat landscape is populated with increasingly sophisticated intrusions that take the form of Advanced Persistent Threats, targeted attacks, sophisticated malware and zero-day threats. Enterprises experience material security breaches as a result of these attacks because advanced security operations teams—as well as the defenses they deploy—operate in silos with no ability to orchestrate security across the entire organization or environment.
Governments and large organizations aren’t the only ones who fall prey to cyber attacks, this threat can extend to specific individuals within organizations as well. Mobile, BYOD and cloud-based computing have created new challenges for IT departments, and will continue to do so.
Cloud adoption has created new security and compliance issues with enterprises struggling to understand the data security and compliance impact of aggressive employee and organizational adoption of cloud applications, while alsto trying to determine how to maintain data security and compliance with new data residency laws as their infrastructure moves to the cloud. This is where Cloud Access Security Brokers (CASBs) come into play. CASBs are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcements. Gartner predicts that by 2016, 25 percent of enterprises will secure access to cloud-based services using a CASB platform, up from less than 1 percent in 2012, reducing the cost of securing access by 30 percent.
Security analytics solutions have become an essential weapon against advanced threats. They reduce the impact of data breaches by giving security operations staff and incident response powerful capabilities for capturing, reconstructing, analyzing and remediating attacks. Sophisticated, targeted attacks can take weeks, months or longer to discover and resolve. Incident response teams need tools that quickly uncover the full source and scope of an attack to reduce time-to-resolution, mitigate ongoing risk and further fortify the network.
The use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption is prevalent and growing rapidly worldwide as up to 70 percent of enterprises’ network traffic uses SSL / TLS encryption. While a benefit for privacy purposes, the blanket use of encryption means that many businesses are unable to govern the legitimate corporate information entering and leaving their networks, creating a growing blind spot for enterprises. This growing visibility void also creates opportunities for attackers to deliver malware directly to users, bypassing network security tools. The lack of visibility into SSL traffic represents a potential threat especially given the fact that benign and hostile uses of SSL are indistinguishable to many security devices.
The hostile use of encryption is set to increase in the coming years. This in part will be due to large web properties and hosting services making a switch to the HTTPS protocol. While banks and shopping sites already protect data using such encryption, HTTPS is becoming the rule, rather than the exception. Encrypted traffic presents massive challenges for organizations wishing to protect themselves, and the management of encrypted traffic is a sophisticated discipline. What is essentially needed is a solution that offers complete visibility and control of encrypted traffic without requiring the re-architecture of network infrastructure, a policy based SSL inspection and management capabilities that lifts the security blindfold created by encrypted traffic.
The good news is that maintaining the privacy of employee personal information and adhering to compliance regulations is possible, while still protecting the enterprise from unwanted intrusions and threats. A policy-based solution decrypts and inspects only targeted traffic, to enhance network security while complying with laws and policies. Open and transparent security protocols, along with tight controls limiting the use of decrypted data (e.g., network security), can be combined with regional and tailored IT monitoring notices to employees to maintain compliance with privacy protocols.
As a result of recent massive data breaches and the regular use of encryption that can mask the criminal exfiltration of proprietary information, encrypted traffic needs to be properly managed. Encrypted Traffic Management is a mechanism to responsibly use encryption to protect data, whilst preventing actors with hostile intent from abusing these services.
The failure of organizations and countries to build up cyber talent will be a huge issue over the next five years. Additionally, products will have to get better and smarter to drive change and the private industry will need to change the trend and get investments to get people interested.