Security Breaches are often Network Breaches
August 6, 2018
Once again, recently we heard about an enterprise that succumbed to a major security breach. Shipping giant COSCO lost email and IP phone connectivity throughout their entire US network. And without finding the cause, the company shut down networks within other regions.
This example, along with countless others, solidifies the point that distributed networks and security are inherently symbiotic. COSCO says the incident was a network breakdown that led to the ransomware infection. While some are arguing it was the network, others say it was a Malware security breach. The COSCO event was not only a network breakdown, it was a network and security breakdown – and in a contemporary distributed enterprise, one might ask what’s the difference.
Traditional siloed security infrastructure is proving to be ineffective, as witnessed by the growing attacks on seemingly ineffective security infrastructure. Many enterprises are embracing a significant paradigm shift that ushers in a modern enterprise software-defined infrastructure. One that consists of multiple inter-dependencies, relationships and key structural network and security functions that are inherently integrated into a single, cohesive network-wide, and cloud-native IP platform.
The solution for these types of security breaches will encompass best-of-breed SD-WAN with embedded full-featured security that is automated and programmable at every edge location. One that enables incident data to be centrally managed and responded to in real-time, by security experts.
One of the most effective means of reducing the attack surface of an enterprise is the ability to segment the network by class of traffic and segmentation of duties, i.e., CEO vs CFO vs CMO. The four-square problem that most enterprises face is that they lack full integration of security and networking services in the same device or image, and their networking architecture does not allow for multi-tenancy everywhere in the enterprise.
The ability to provide true multi-tenancy intra-enterprise to segment traffic and privileged communications, and segment every sub-net on the corporate network, is a significant preventive maneuver to reduce the windows of vulnerability within the global enterprise.
Segmentation of traffic, and the ability to universally shut off that traffic by closing a port or quarantining packets, is in itself the type of security posture that minimally will reduce the amount of cyber-insurance enterprises have to pay. Segmentation of duties with multi-tenancy, according to corporate function, such as an officer of the company or HR or sales, usually dependent upon their HR designation in Active Directory, is also a significant action to ensure regulatory and legal compliance.
In the contemporary enterprise, the responsibilities of executives in finance, legal, information technology and, most critical, those with a special duty of care and loyalty to the best interests of shareholders, the so-called “fiduciaries” of a publicly traded corporation, are the ones that typically are the victims of a malicious or criminal hack.
Even a corporation that has a mature infrastructure-operations security program, including several levels of security, strictly enforced policies, and regularly scheduled audits, still faces a number of potential threats that can either bring down the network, or increase security risks and create legal liabilities. An important factor to remember is the delta between the loss of corporate reputation, brand equity and shareholder value as a result of an attack versus the lower TCO and increased business agility derived from a robust SD-WAN and cloud-network solution.
It is imperative that service providers and network architects implement uniform corporate security policies for every node at the edge of the network, that protect audit trails for IP going into and leaving company networks, while establishing an enterprise architecture strategy to embed security intelligence and remedial mechanisms throughout the fabric of the network.
Corporations rely on a combination of speed and accuracy to make financial information of a material nature publicly available. This level of velocity requires greater emphasis on deploying flexible edge-network systems with highly granular visibility to events and correlated analytics in order to devise a holistic compliance scheme that is resilient enough to adapt deterministically before the next sophisticated attack occurs.