CYBERSECURITY: Multiple Lines of Attack Require Multiple Lines of Defense Despite ongoing efforts to fight cybercrime, security breaches continue to plague companies in every sector, threatening reputations, business continuity, and the bottom line. Although security solutions are an important defense against cybercrime, IT professionals often are fighting an uphill battle in a changing technology landscape—one in which identities, infrastructure, applications, and data are no longer tucked safely inside a data center. Today’s data center has no real perimeter; instead, data, applications, identities, and infrastructure live everywhere, from mobile devices and internet- based sensors to public or private clouds. This new digital landscape, sometimes called the mobile/cloud era of computing, requires a drastically different approach to security—one that secures interactions from users to every touchpoint, whether it’s an endpoint, the network, infrastructure, or data. And since many security solutions safeguard only one or two touchpoints, it’s not uncommon for organizations to use dozens of security tools to protect their business. But this patchwork approach to security isn’t effective against today’s sophisticated cyberthreats. The mobile/cloud era calls for a simplified, more automated approach to security, with the right protection of five key elements: identity, mobile endpoints, networking, virtualization, and the cloud. EVERYTHING HAS CHANGED Long gone are the days when all important IT assets were kept securely within the four walls of a data center. Today’s data center is both everywhere and nowhere, replaced by a digital enterprise in which users and devices access data and applications on-premises or in the cloud, on secured and unsecured networks that may be outside the control of the company. With this model, how can organizations secure their IT assets and verify that users trying to access those assets are who they say they are? Although it might be tempting to simply add more security solutions to address each point of vulnerability, this approach isn’t effective. Consider that analyst firm Gartner predicted that worldwide spending on cybersecurity would reach $90 billion in 2017—a 7.6% increase from 2016. Yet while the overall number of security incidents declined 8.2% between 2017 and 2016, the number of events in the U.S. that resulted in loss or damage rose, according to the “State of Cybercrime 2017” survey. Nearly 20% of the participating companies reported a critical system disruption as a result of security events during the previous 12 months. And phishing attacks, ransomware, and financial fraud increased. There are many reasons why adding more security point solutions doesn’t solve the problem. Some solutions are simply outdated, developed years ago to protect laptops or desktop PCs that were inside a company facility, connected via cable to a server that was also inside a building. Other solutions are managed by only one part of the IT team and unavailable to other users. For example, the networking department may have its own cadre of point solutions whereas the team responsible for mobile applications uses
Transcript
CYBERSECURITY:
Multiple Lines of Attack Require Multiple Lines of Defense
Despite ongoing efforts to fight cybercrime, security breaches continue to plague companies in every sector, threatening reputations, business continuity, and the bottom line. Although security solutions are an important defense against cybercrime, IT professionals often are fighting an uphill battle in a changing technology landscape—one in which identities, infrastructure, applications, and data are no longer tucked safely inside a data center.
Today’s data center has no real perimeter; instead, data, applications, identities, and infrastructure live everywhere, from mobile devices and internet-based sensors to public or private clouds. This new digital landscape, sometimes called the mobile/cloud era of computing, requires a drastically different approach to security—one that secures interactions from users to every touchpoint, whether it’s an endpoint, the network, infrastructure, or data. And since many security solutions safeguard only one or two touchpoints, it’s not uncommon for organizations to use dozens of security tools to protect their business.
But this patchwork approach to security isn’t effective against today’s sophisticated cyberthreats. The mobile/cloud era calls for a simplified, more automated approach to security, with the right protection of five key elements: identity, mobile endpoints, networking, virtualization, and the cloud.
EVERYTHING HAS CHANGED
Long gone are the days when all important IT assets were kept securely within the four walls of a data center. Today’s data center is both everywhere and nowhere, replaced by a digital enterprise in which users and devices access data and applications on-premises or in the cloud, on secured and unsecured networks that may be outside the control of the company.
With this model, how can organizations secure their IT assets and verify that users trying to access those assets are who they say they are? Although it might be tempting to simply add more security solutions to address each point of vulnerability, this approach isn’t effective.
Consider that analyst firm Gartner predicted that worldwide spending on cybersecurity would reach $90 billion in 2017—a 7.6% increase from 2016. Yet while the overall number of security incidents declined 8.2% between 2017 and 2016, the number of events in the U.S. that resulted in loss or damage rose, according to the “State of Cybercrime 2017” survey. Nearly 20% of the participating companies reported a critical system disruption as a result of security events during the previous 12 months. And phishing attacks, ransomware, and financial fraud increased.
There are many reasons why adding more security point solutions doesn’t solve the problem. Some solutions are simply outdated, developed years ago to protect laptops or desktop PCs that were inside a company facility, connected via cable to a server that was also inside a building. Other solutions are managed by only one part of the IT team and unavailable to other users. For example, the networking department may have its own cadre of point solutions whereas the team responsible for mobile applications uses
completely different solutions. Some organizations may have a host of security solutions that address only a single vulnerability, such as packet capture, endpoint security, security for cloud data, or network traffic monitoring. Each may require specialized knowledge and skill to be effective.
All of this creates security silos with no visibility or shared context between them. These can be notoriously difficult to manage and integrate and can leave areas of the network without adequate security coverage. They also make it nearly impossible to have a comprehensive threat detection and response (TD&R) strategy across an organization.
The lack of integration also can make it difficult to detect intrusions quickly—a key component of thwarting attacks and preventing significant damage. According to an RSA survey, nine out of 10 chief information security officers (CISOs) aren’t satisfied with how quickly intrusions are detected. And they shouldn’t be: The “State of Cybercrime 2017” survey found that the time it takes to discover an intrusion rose from 57.6 days in
2015 to 80.6 days in 2016, and to 92.2 days in 2017.
SIMPLIFYING SECURITY
The key to simplifying security is consolidation. Instead of having 60 security solutions, experts advise paring it down to a dozen or so integrated solutions. This will make security efforts not only more focused but also more effective.
“Security has to be intrinsic from the moment a user picks up a device, all the way down to the data that person is accessing. That requires a lot of steps: validating the user’s identity, the device the user is using, the application the user is accessing, the data the person is accessing, the network channel the user takes to get the data,” explains Christopher Campbell, Director, Solution Product Marketing, Networking and Security. VMware. “When you think of it that way, you realize that security can’t be done piecemeal but must be done in a more holistic way. All the pieces have to be integrated and communicating with each other at all times.”
By using a modern scalable, foundational platform consisting of VMware security solutions, organizations can take effective steps to consolidate, simplify, and integrate their defenses, enabling security to be scaled up or down to every endpoint and user application.
Having a modern infrastructure is the best way to secure the five elements critical to effective cybersecurity in today’s perimeter-less world: user identity, mobile endpoints, network, virtualization, and the cloud. With these capabilities anchored by a modern platform, “security everywhere” becomes a realistic goal.
Identity management/user identity. Most companies still use passwords to verify user identity, but this method is fraught with problems. People are human, and they may inadvertently do things that could compromise security, such as write a password on a sticky note or use a common, easily guessed word or phrase. Today one of the best ways to validate a person’s identity is through biometrics. Nobody can fake a fingerprint. An effective way to enforce biometrics is through
something like Workspace ONE, a digital workspace platform that integrates the security features of all known identity providers with the logon process. This enables users to sign on to their tablet or smartphone once, using facial recognition or a fingerprint and access any Workspace ONE app.
Enterprise mobility/mobile endpoints. Twenty years ago, traveling for business meant carrying a camera, word processor, scanner, and Rolodex. Today employees expect everything they need—from accounting applications to GPS capabilities—to be accessible through a mobile device. If that device is fully secured by identity, users can access contacts, calendars, and anything else they need in the cloud. By using a modern foundational layer, organizations can rely on mobile devices and the applications they serve up without worrying about security breaches.
Networking. Today nearly every device has an IP address. The corporate network acts as the connective tissue, tying those devices together and enabling them to communicate with each other. Understanding network traffic, validating it, and securing it are critical to a comprehensive cybersecurity effort. Effective network security requires a modern, integrated platform capable of network virtualization and microsegmentation. With this capability from tools such as VMware NSX, network functions can be virtualized and extended as needed.
Virtualization. Virtualization has dramatically improved efficiency and lowered costs for many companies. It can play a valuable role in combating cyberthreats as well. Take the example of a compromised email application. It can allow the hacker to see everything inside the data center, but with a modernized infrastructure, it’s relatively simple to create a dedicated virtual local-area network (VLAN) for each user. A VLAN segments the email application and its connected data resource from other traffic. If a compromise is detected, only that user’s VLAN will need to be deleted.
The cloud. There are two types of cloud components: those you can control and those you can’t. An example of the first type is software as a service (SaaS). Although cloud providers go to great lengths to ensure that their services are secure, there are still risks in terms of data accessibility, transparency, and stability. Companies also must trust that SaaS providers are keeping up with the latest security standards and patches. A good way to help ensure
COMPLIANCE AND CYBERSECURITY
No matter the industry, the number of regulations required to meet cybersecurity requirements has grown over the past decade. At the same time, siloed systems, aging infrastructures, and a lack of integration with newer technologies have made compliance more difficult to achieve.
Organizations know they must perform risk assessments and develop governance to support compliance initiatives, but it has become more difficult to enforce those initiatives.
Among the keys to improving compliance is having full visibility into where data is stored, how traffic travels, and how identity is verified and managed. IT professionals should also consider the complexities brought on by virtualization, cloud computing, and the integration of mobile devices.
Where to start? Adopt a modern scalable, integrated infrastructure that can take advantage of an automated approach to compliance and remediation—one that can detect and respond to breaches and recover infrastructure as needed. With this approach, for example, if a cybersecurity solution sends an alert about an infected server, it can trigger a series of events that decides and acts on the best solution. Depending on the situation, the solution may be to disable access to the affected users or shut down the virtual network and spin up a fresh one.
SaaS security is to establish a modern infrastructure and partner with cloud access security brokers that enforce cloud-based security policies and track how applications are performing.
The second type of cloud resources are those you can’t control, such as infrastructure. Major providers of infrastructure as a service (IaaS) make every effort to adhere to all applicable security standards, but there are always concerns in moving workloads to the cloud. When security measures designed for an on-premises workload are moved to the cloud, for example, they may have to be completely rearchitected to provide the same level of protection. A solution is to use a modern hyperconverged infrastructure such as VMware’s NSX, vSAN, or vSphere as a foundational layer for delivering cloud resources. With this approach, often the same architecture used on-premises can be moved into the cloud and remain compliant.
THE RESULTS
There are many benefits to consolidating cybersecurity solutions. Perhaps most importantly, an integrated, holistic approach to cybersecurity provides better visibility throughout the enterprise, faster detection of potential threats, and the insight needed to stay on top of changing security requirements. It also can improve operational efficiency, by collapsing individual silos and reducing the number of point solutions that need to be managed as well as helping maintain compliance.
Some organizations are getting the message. A recent report from IT strategy firm ESG found that about one-quarter of enterprises are actively consolidating the number of cybersecurity solutions they use, 38% are doing so on a limited basis, and another 21% are considering it. ESG expects this trend to continue and accelerate.
But more businesses need to move forward by implementing modern infrastructure and consolidating security point solutions. It’s by far the best way to improve cybersecurity and position companies for the inevitable security challenges that will arise and change over time.
”
Learn more about VMware cybersecurity solutions at
vmware.com/go/cybersecurity
If you’re going to be successful, you have to have a comprehensive plan that involves all
parts of the IT team and evaluates all interactions
with customers, users, and employees, from identity
down to the data,” Campbell says. “Then do a real-world assessment that includes the five key elements of
the infrastructure: identity, endpoints, network,
virtualization, and the cloud. With this approach
and an automated, modern infrastructure, you’ll have
the tools you need for continually enhancing and fine-tuning your approach
