It is becoming clear that the prevailing piecemeal approach to security is no longer sufficient to thwart increasingly sophisticated attacks. Gaps in coverage provide possible entry points, blended attacks in several sectors can mask the actual threat, and sophisticated attacks involving multiple targets and approaches can find their way around many current defenses.
Interest is growing in unified threat management (UTM) for small to medium-sized businesses, which centralizes all network intrusion response in a single device, and next-generation firewalls (NGFs), which defend against most of the same things but are aimed at the enterprise. Although some currently define these as separate product areas, major vendors are now providing this form of protection as a continuum. Centralizing network perimeter protection in this way has innumerable benefits, making it possible to apply best practices and meet regulatory requirements. Centralized devices can provide a variety of deep-screening techniques through virtualized systems and across changing areas of concern. In addition, they can be quickly updated, reducing effectiveness of zero-day exploits, and dedicated hardware permits use of ASICS (application-specific integrated circuits engineering) and FPGAs (field-programmable gate arrays) to improve throughput.
While UTMs and NGFs handle the network perimeter, this cannot entirely fix the problem. Security is required at every level, and at every gateway, in addition to perimeter devices, all the way down to the user profile itself. And the user profile might change depending upon the user’s activities. So user profiles become a new perimeter that companies must control better because these are gateways into the network, into legitimate use of services, and into data access and encryption. Moreover, the user might be an individual, a device, or a piece of software.
The changing technological landscape will continue to create new challenges. Digitization and the continued evaporation of borders that make digital business a formidable evolutionary process also create newer and more serious risks, including:
- The IoT makes it possible to affect devices and to use devices to gain privileged entry to other services.
- The cloud takes service access off the corporate reservation.
- Mobility brings with it app exploits, device-theft exploits, and remote-access exploits.
- Advanced analytics brings possibilities not only for network monitoring and protection but also for vulnerability discovery and footprinting.
As with everything in the IT universe, the arms race between threat and protection, always fierce, has moved up a notch and gone into acceleration. As the Red Queen said in Alice in Wonderland, “Now, here, you see, it takes all the running you can do, to keep in the same place.” This is known as the Red Queen’s hypothesis, and it has many applications in both innovation and security.
There is no complete solution. But flexibility, promoting awareness, keeping security systems up to date, patching vulnerabilities, and constant monitoring can go a long way toward ensuring the security of corporate systems. We are moving into an era where the velocity of change is constantly increasing, and falling behind in security could make you more vulnerable to tomorrow’s attacks. In turbulent times, risks increase because there are new areas to exploit. As we head into the next era of digital business, entirely new threat categories are likely to emerge, which existing guidelines may not necessarily cover. As such, vigilance — along with an organization-wide understanding of risk — is paramount.