Zero-trust security and micro segmentation are emerging as powerful tools against today’s cyber security threats but how can you get the best out of them?
Cybersecurity threats are widespread and growing. Roger Barranco, Vice President of Global Security and Customer Operations at Akamai opened a recent TEISS breakfast briefing at London’s Andaz Hotel with news that DDOS attacks are on the rise, with the threat growing in Europe in particular. He told attendees, all senior IT security executives from a range of sectors, that the top DDOS target has been in the US for the last few years. However, since around six weeks before Russia’s invasion of Ukraine, the top targets have been in Europe, with Nato countries seeing increasing threats.
Leading the way among compromised devices, said Mr Barranco, are home security cameras and DVRs. He said the main advantage that defenders have is the fact that the bad actors are all working against each and often work to boot their competitors off compromised devices.
But organisations aren’t just facing DDOS attacks - what Mr Barranco calls “north-south threats” - they also face ongoing threats from ransomware, phishing and other attacks designed to get access to the network and conduct malicious activity from inside - so-called ‘east-west threats’. Attendees said they had seen recent increases on ransomware attacks directed at companies in their supply chain, while some said they were dealing with well-directed phishing attacks.
The power of micro segmentation
One emerging approach for dealing with east-west threats is zero-trust. This requires everyone and everything that tries to access information to be validated at multiple levels. This applies to users and devices. Where traditional static firewalls can be used to prevent unauthorised systems access, they are inflexible. They just as often keep out the good as well as the bad.
Zero-trust access can be implemented and controlled in multiple ways, including micro-segmentation. Micro-segmentation is a more agile technique that allows variable tagging and adaptable firewall rules that enable security teams to respond flexibly and in real time to changing threats. For example, as Laurent Jacquemin, Senior Manager of Solutions Engineering, Microsegmentation at Akamai, explained, a firewall can see traffic via a TCP Port, but this mechanism does not necessarily identify the real requester nor does it shed light on the processes taking place inside the machine.. Micro-segmentation can tell that the traffic is coming from a particular application, which makes it easier to determine whether the activity should be permitted.
Some attendees said they were concerned that micro-segmentation can be complicated and expensive to install. The problem comes, said Gerhard Giese, Industry Strategist at Akamai, when organisations try to take an all-or-nothing approach to installing it. Instead, it is better to add micro-segmentation to new systems when they are added to the network. Older systems can wait until they are replaced or upgraded.
On the other hand, as Mr Jacquemin pointed out, the rules-based nature of micro-segmentation can make it a good solution for legacy systems because it can essentially place security around them. Rules can determine which systems the legacy system can connect to, what data it’s allowed to send and so on, and then block anything that doesn’t meet the rules.
A multi-layer approach
Micro-segmentation, and zero-trust more generally, are only a piece of the security puzzle, however. As Mr Barranco noted, micro-segmentation doesn’t deal with layer-7 attacks, so a firewall will still be necessary for those. But multiple layers of defence are good practice in any case. For DDOS attacks generally, Mr Barranco said, he still recommends that customers use Akamai’s defences alongside their own firewall, to provide extra protection.
For those east-west attacks, micro-segmentation can be layered with other processes, such as multi-factor authentication. Some attendees said their organisations are building a behavioural layer of security, checking not only someone’s authentication but also whether their location is unusual, whether they are trying to access systems at an unusual time, and so on. Some organisations are even correlating data with social media activity to check, for example, that someone really is travelling and not being impersonated by a foreign-based attacker.
Cyber security is never simple and the risks it seeks to manage are constantly evolving. But implementing a zero-trust model and micro-segmentation are increasingly an important part of the puzzle when it comes to enabling organisations to stay ahead of the hackers.
© 2024, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543