Information technology has pervaded every layer of the ground in global economics, to the extent that the biggest business continuity threat for the modern enterprise is IT failure, and not product failure. Naturally, information security is huge in the present and slated to be so for the years to come.
As an IT decision maker, you need to understand the current state of InfoSec technologies, the biggest and most realistic threats, technologies that help you combat them, and the ones most suitably mapped to your company’s IT ecosystem and practices.
This guide draws from information security reports released by the most respected consultancies in the world, to give a holistic view of the same to CIOs and CISOs.
Cloud workload protection platforms
Modern datacenters manage workloads running in all kinds of configurations and platforms – physical machines, virtualized machines, private cloud, containers, and so forth. Also, most datacenters manage at least a few workloads operating in the public cloud.
How does a security leader ensure that this hybrid cloud workload system is sustained and protected from cybersecurity threats and outages?
Hybrid cloud workload protection platforms (CWPP) come to the rescue, providing a one-stop console for managing and protecting all the varied workloads. This also provides administrators the means to implement unified security policies irrespective of where the workload is running.
Isolation of end user web browsing
An increasing number of cyberattacks on enterprise computers and networks is being linked to compromised Internet browsing practices among end users. Public Internet and browser-based attacks are neutralizing even the most advanced information security tools and technologies. How does an enterprise IT security leader take care of this massive exposed and vulnerable surface area of attack? The answer – remote browsers.
Information security architects can control and mitigate a lot of potential damage by isolating end user web browsing from enterprise networks and end points.
This helps keep malware restricted within a single computer and significantly reduces the attack surface area of the enterprise’s IT systems. (Kind of like stealth technology on a fighter plane, the surface area exposed to enemy radar is serious reduced so the enemy does not see the fighter jet at all or know what type of aircraft it is.) Remote browsing shifts the risk of attack to the server session, which can be reset to a known stable state on every subsequent browsing session.
Microsegmentation for damage control
The core idea of remote browsing, as discussed above, is isolation. Microsegmentation takes the “isolation” idea a step ahead. Generally, when a cybercrime agency manages to intrude into an enterprise’s systems, it can freely navigate deeper, and wreak havoc. Microsegmentation focuses on limiting the damage by restricting the comprised access to small system areas.
Microsegmentation techniques are all about implementing segmentation within virtual datacenters. It started as an approach of damage control in lateral networks of servers; however, it has quickly advanced and become a datacenter-wide mechanism of damage control. This is kind of a naval ship. A navy ship is divided up into compartments or spaces so if one is flooded out, the water does not spread into other compartments threatening the buoyancy of the ship. Quick acting watertight doors are a life saver! Just watch the movie “U-571”!
Deception technologies to thwart cyberattacks
Deception is more an approach of preventing cyberattacks than a set of technologies to do so. This approach focuses on understanding the cognitive approach of a cybercriminal to intruding an enterprise network, and deliberately creating deceptive processes and protocols that cause a cyber-criminal to use certain known means of attack, which are eventually thwarted. Too bad “24” in Season 4 did not thwart Habib Marwan before it was just about too late before America’s worst nightmare occurred!
This enables enterprises to continually enhance their understanding of network vulnerabilities, which then acts as a feedback to strengthen the deception techniques it uses.
The key benefits of deception techniques are centered on delaying attack activities and exposing them in the duration, disrupting automated attack tools used by cybercriminals, and thwarting successful intrusion attempts. Deception techniques involve the use of multiple information security technologies within multiple layers of end points, applications, data, and networks.
Endpoint detection and response (EDR)
Endpoint detection and response (EDR) technologies aim to augment the conventional endpoint attack prevention tools like antiviruses and firewalls. This is achieved by monitoring endpoints regularly and identifying suspicious behavior that indicate a possible attack attempt. A Gartner report suggested that by 2020, more than 80 percent of large enterprises will have adopted EDR technologies as a major layer of protection against endpoint attacks.
Managed detection and response (MDR)
It sounds similar to EDR, but is slightly different in its execution. MDR is all about dedicated services of threat detection and incident response for enterprises that don’t have the internal skill set to implement EDR. Managed service providers take care of continuous monitoring activities for enterprises.
Demand is particularly likely to be strong from a small and medium-sized business market point of view in the coming days. As vendors develop stronger and more matured capabilities in MDR, even large enterprises will find it viable to consider this option. MDR is a decent alternative for businesses that have not invested in strong threat detection mechanisms.
Dedicated containers security
Make no mistake – containers are inherently secure, but only when they’re implemented securely! Unfortunately, because most enterprises are only learning the tips and tricks of the trade, container implementations end up less secure than what should ideally be. Because containers operate in a shared OS model, any attack on the parent OS can compromise all containers.
This makes a strong case for container-specific security solutions that span the entire lifecycle of container implementation and operation, right from creation to production. These container-security mechanisms leverage strong runtime monitoring and protective tools to deliver container security, which traditional host and network based solutions often fail to deliver.
Cloud access security brokers (CASBs)
We mentioned cloud workload protection platforms in the beginning of this report. Cloud access security brokers aim to deliver similar benefits by bridging the massive gaps that exist in cloud-heavy enterprise IT ecosystems.
Called CASBs, these mechanisms offer a single point of control of several different cloud services running in parallel. The ever growing concerns around SaaS cloud services adopted by enterprises make CASBs paramount for the times that are going to come, as they offer the required control and visibility to cloud security professionals.
The punch line
We’ve covered approaches and mechanisms of InfoSec technologies that you will hear a lot of in the near future. Future-ready enterprises are already strategizing to devise adoption plans for these technologies, and it’s time you did the same for your enterprise. Contingency planning runs 24/7!
Photo credit: Shutterstock
