How to effectively protect your Network using the Onion analogy.
Kevin Prone, Services Manager at Nowcomm, explains why multi-layered network security protection gives you the best chance of being better protected from malicious cyber-attacks.
Innovative technology like the Internet of Things is changing the way we do everyday things like using transport, banking, controlling our home systems and much more. As the applications for technology widens and become more deeply intertwined with our daily activities, we give technology greater control over our lives and personal information. We consume these applications that make our life easier and more connected with security often on at the back of our minds. As a result, we become increasingly reliant on them working securely and properly all the time, every time. It is this reliance that puts our devices and personal information at risk, as recent trends show that cyber-attacks are using IoT to deliver ransomware attacks to our endpoints and network. Do you have a sure-fire way of knowing what is connected to your network? Are the devices trusted or non-trusted devices? Are you allowing people to connect personal devices to the corporate network? How do you protect against data loss or network infection?
IoT isn’t the only way malicious content is getting into our network, many corporate businesses are diversifying the way they work to include mobile working, this involves users being able to connect to networks other than the corporate one when using their company endpoint device. Malicious content can be dormant on the endpoint device until it’s reconnected to the corporate network, at which point in wreaks havoc and compromises the entire infrastructure.
With so many points of entry for hackers to infiltrate your network, it’s daunting to know whether you’ve touched your key bases, and that’s if you even know what your key bases are! The perimeter has changed with the advance of cloud-based applications and the approach to security needs to change with it. It isn’t possible to have a 100% fool-proof plan, but by following the ‘Onion’ Analogy, you can be confident that you have a resilient and robust Security Strategy in place, that gives you the best chance at defending your network and organisation.
The Onion Analogy
Most experts would agree that the best kind of network protection is the kind that covers your entire Network’s endpoints, applications, servers, routers and the web and email gateways to name but a few because the different layers of protection can cover for the failings of each component of your network. There is no one-size-fits-all solution here that can provide comprehensive coverage for all of these potential entry points, however, in our experience, we have found that a layered approach to security is the most effective in identifying, blocking and remediating threats against your network. This is essential in protecting an ever-diversifying set of applications spread over public and private networks.
The types of network security measures available include:
Data Loss Prevention Email Security Firewalls Intrusion Prevention Systems
Mobile Device Security Network Segmentation Security Information Event Management
Web Security Wireless Security Two-factor authentication VPN
You can enlist a number of components within your layered security strategy, and the reason we recommend this approach is because hackers will exploit the vulnerabilities of your first line of defence to get into your network, because the reality is that one security measure will not mitigate every threat if it doesn’t look like a threat. But if you have another security control in place to cover the vulnerability from your first line of defence, you have made it more difficult for cyber-attacks to target your network. Remember that lots of attacks come from inside the network often as a result of the device being mobile and not protected by the traditional perimeter security. When you look at it like that, it seems like the most sensible way to go right?
The most important question you want to ask yourself is: is your network traffic and activity visible to your IT team? In order to understand how malicious content is navigating its way through your network, you need to be able to get a comprehensive view of your entire infrastructure and everything connected to it. You might already have a monitoring system in place that is so inundated with alerts and notifications that any authentic threat warning gets ignored as a result of the sheer volume of alerts. By the time, you notice the alert, it is too late and the issue has spread out of control and is hard to contain. This is typically the case in most IT departments, and this creates a dangerous culture of false security which is why malware finds its way into your network easily and rapidly – hackers take advantage of our operational flaws to compromise our networks and with an inefficient monitoring strategy and remediation strategy. We’re essentially letting them. This brings me to a snippet I read in a research paper written by SANS Institute on layered security, where the analogy of Babylon VS Persia was used to illustrate an empire’s downfall due to the ignorance that their weakness wouldn’t or couldn’t be exploited.
Why it Works
- The way Malware attacks a network has evolved and become sophisticated.
This is better covered in our Advanced Malware Protection section, but in short, with sophisticated technological advancements comes sophisticated malware to suit. Hackers are opportunists and have found ways to exploit infrastructure by leveraging the latest developments in computing to formulate malware that your existing strategy might not recognise as a threat until it’s too late. Be ahead of the curve by eliminating the common ways in which they would try to target your organisation’s network by underpinning your security strategy with an efficient monitoring system, and an array security layers that capture the attack as it begins to unfold.
- A multi-layered security strategy ensures that if one defence fails, then another is there to make up for it.
Here’s something that most companies are reluctant to say, there isn’t a single solution that is the end-all and be-all solution to protecting your network. However, there are ways in which a multitude of security platforms can work effectively as part of a cohesive ecosystem of preventative measures. For e.g. A firewall has a failproof set of protocols to stop Malware 1, 2 and 3 from entering your network, but what if the hacker has wrapped Malware 1 and 2 into a friendly-seeming link that’s entered your network via email? That is of course if you configure it correctly! One of your employees have clicked on that email and have now inadvertently made way for the payload to enter your network. Traditionally, it would be havoc from here on out, but because of a clever little behavioural analytic software you put in place as well, your system is now monitoring all files to detect malicious behaviour days, weeks and months even after it’s been in your system – clever eh?
- You won’t find many security vendors that disagree with a multi-tiered security plan, even if it’s in their best interests to do so.
In this age of information, it’s much harder for vendors to embellish their product as the light-sabre of all security products, a) because customers have the tools to make informed decisions and see through the promotional exaggeration, b) Good security vendors know that their platform works as part of a wider strategy and would even recommend other platforms that work in harmony with theirs, providing you with optimal security. With the likes of malware and ransomware running wild across the internet, and extracting hundreds and thousands of pounds from businesses and organisations, this isn’t something that can be left as a ‘we’ll think about it when we set the next budget’ action. Ultimately, this isn’t about buying one or two pieces of software, it’s about stopping you from spending a lot more money if you don’t. Whether that’s retrieving encrypted data being held for ransom, recovering your data as a result of malicious payloads that got into your network or incurring the costs of any downtime as a result – don’t just be another case study about why layered security should have been the way to go. Don't even get me started on the ramifications of data breach and the loss of reputation that follows. Organisations need to invest in security technologies that provide assurances from the board that all reasonable measures have been put in place to protect the organisation's data, network and applications.
If you’d like to have an in-depth discussion with me about layered security and ‘defence-in-depth’, then get in touch, we’re always looking to engage in conversation about the latest developments in network security.