We build security solutions to protect our networks from the rest of the internet, but do we do anything to protect the network from our own employees and users? The first line of protection for your networks is not the firewall or other perimeter security device, it is the education and protection of the people that use the network. People are concerned about having their apartments or homes broken into so they put locks on the doors, install alarm systems, or put surveillance equipment like security cameras around the property. They are vigilant about making sure that an unauthorized intruder cannot enter the home easily without detection and alarms being raised.
That same security-conscious person will give a copy of their key and alarm code to a house sitter or dog walker that they hire. Their teenage kids will share the information with their classmates. In essence, these people are inviting someone into their protected establishment, circumventing all of the security provisions put in place. Of course, there is some vetting done to make sure that the guest is legitimate and is not planning to do anything malicious. Unfortunately, that vetting is minimal and not likely to provide complete assurance that these people are legitimate.
When we architect the security technologies to protect our IT networks and the assets they manage, we are usually concerned about the known and unknown malicious threats coming from the external networks. These threats attempt to penetrate our defenses using exploits and application vulnerabilities. Our firewalls, intrusion prevention systems (IPS), DDoS mitigation solutions, and other security technologies detect and block these external threats.
Stupid is as stupid does
Lately, we have been hearing a lot about ransomware, phishing, spear-phishing, clickbait, and other methods hackers are using to gain access to networks and sensitive information. These techniques rely on social engineering instead of technological ingenuity and the success rate is much higher than one would think.
The hacker is sending information that looks legitimate to the user. This could be an email, a website, or could even be a phone call directly to the targeted victim. In reality, the information is not legitimate and is designed to convince the user to do something that gives the hacker access to their computer or certain parts of the network and applications. The user might click on a link in an email, go to a compromised website, or even send username/password credentials to the hacker.
No one is immune to these threats no matter their position or technical expertise. Everyone from the data entry clerk up to the CEO have been targeted and given the hackers access to their IT infrastructure. Targeted social engineering is much more successful than probing a network for known vulnerabilities.
Everyone is vulnerable to these social engineering attacks. It is impossible to train every person to be 100 percent effective at detecting and blocking these hacker threats. Fortunately, IT solutions exist to protect the network from users accidentally (or purposefully) performing malicious activities. Outbound inspection solutions are available to monitor what the users are accessing on the internet and whether the site, content, or activity is legitimate.
X-ray vision for everyone
There are different solutions including next generation firewalls (NGFW), IPS, antivirus/antimalware, data loss prevention (DLP) that can be used to inspect the external communications to detect and block these threats. It is likely that a combination of these solutions is necessary to properly protect the IT assets.
Unfortunately, it is becoming harder for these solutions to do their job because an increasing amount of traffic going to and from the internet is encrypted. The decryption of this traffic is resource intensive and each security solution needs to perform the decryption, inspection, and re-encryption of the data.
IT architectures need a solution that can provide visibility into the content of the user sessions for all of the security technologies. Then, this solution can steer the visible content to all of the appropriate security solutions before re-encrypting it to make its way to the destination on the internet.
Protect in both directions
Application delivery controllers (ADC) are designed to deliver this functionality. As a reverse-proxy for application servers, they support high performance encryption, provide the load balancing of services, and they can service chain multiple security applications. If we turn the ADC around so that the applications are on the internet, the ADC becomes a forward proxy performing outbound SSL inspection with the multiple security solutions.
The outbound SSL inspection solution can protect your network from the biggest security threat – your internal users. The integration of the ADC with security technologies as an outbound SSL inspection solution provides the visibility and reliability businesses need to protect their networks from their employees and users – the internal human threat.