Today’s IT landscape is constantly evolving and looks drastically different than it did a few years ago.
Your network and infrastructure are more digitized and complex due to new, emerging technologies (like IoT, edge computing, APIs and bots), and applications are more customer-centric, cloud-native, and public-facing.
With users, devices and applications everywhere, IT teams and security professionals are struggling with visibility of the network and trying to understand the following:
- Are users legit or malicious?
- What is on the network and how does it connect?
- How vulnerable are our clouds? Who/what accesses it?
- How can we view and secure all connections?
- What exists in the cloud and how does it connect?
- How do you protect something you can’t see?
First, Understand the Threat Landscape
First, we need to understand the threat landscape and how it impacts security considerations in network infrastructure, applications and the cloud.
Environments – We see greater movement towards the cloud across all industries, including multi-cloud environments. The traditional data center has morphed into a private cloud and at the same time, many applications hosted locally are now hosted in multiple public clouds. This has changed the threat landscape considerably, as the attack surface is now much wider and more vulnerable.
Technology – In response to changes in environment, technology is likewise changing and creating the following main threats:
- API – With APIs becoming the main information corridor between applications, threat actors are starting to find ways to abuse them. Case in point: per Radware’s most recent global survey, API attacks have become one of the most common type.
- Bots – Bots are increasingly becoming more sophisticated; they can mimic human behavior by using keystrokes and mouse movements, take over user accounts, scrape data, hold inventory and disrupt services. Unfortunately, almost 80% of organizations cannot make a determinative distinction between a ‘good’ and a ‘bad’ bot.
- IoT – International Data Corporation (IDC) estimates that by 2025, there will be 41.6 billion connected IoT devices generating 79.4 zettabytes (ZB) of data. IoT devices have no standard of security built in, and the burden of their security vulnerabilities is something that enterprises have never had to deal with before.
- SSL – SSL is now going to be based on UDP/DTLS and QUIC; SSL-based attacks, which previously impacted mainly e-commerce and financial services industries, may very well affect all industries moving forward.
- Workload – Transitioning to the cloud means losing visibility and control over computing assets. Cloud-hosted workloads are managed remotely, making it difficult for security teams to supervise access to sensitive cloud resources. As a result, many organizations are unable to prevent cloud misconfigurations, identify cyberattacks as they are happening and respond in time.
- Processes – The speed of business and availability of technologies lead to multiple teams in the organization that are using digital assets and handling data. Company information is no longer in the hands of IT; DevOps, cloud architects and even marketing are all making independent decisions and gaining greater influence on the overall security posture, and security staff is in a constant chase.
- Visibility – As technology, environments and processes are changing, blind spots are created. How do you protect what you can’t see? The complexity of keeping up with quickly changing network environments has made visibility a growing and major issue.
Next, Focus on Key Protections
This all sounds like a lot to deal with and I definitely see how overwhelming it can be. But the good news is there’s a lot synergy in the challenges that can be covered. If I could consolidate them, I’d narrow it down to two key areas that security practitioners can focus on:
- Your workplace. It’s critical to gain insights into users and devices, identify threats and maintain control over all connections in your network. Specifically:
- Protect your network from volumetric and complex DDoS attacks. User behavior-based detection and real time signatures that blocks zero-day attacks, IoT/Bots, DNS based, burst attacks and SSL/encrypted attacks.
- Protect your applications from advanced web application attacks such as OWASP-10. Use a behavioral-based detection system with auto generation policies that reflects simplified user experience, and end-to-end security. As an example, protecting your API GW, protecting web-based applications and anything that is HTTP/S which is opened to the internet.
- Protect against sophisticated bot attacks. Allow precise bot management across all channels of your network, applications and users (web applications, mobile apps and APIs), combine behavioral modeling for granular intent analysis, collective bot intelligence and device fingerprinting. Bot solutions should protect from all forms of account takeover, denial of inventory, DDoS, card fraud, web scraping and other OWASP automated threats while also reducing expenses and increasing revenue.
- Monitor application availability & performance – Ensure your applications’ SLA and ensure agility and elasticity in the data center and multi-cloud.
2. Your workload. Moving workloads to a public cloud means new threats. Putting internal resources in the outside world creates a larger vulnerable attack surface, and external threats that could previously be contained can now strike directly at the heart of an organization’s workloads. In other words, when your inside is out, the outside can get in.
What should you look for in the right security solution?
- Comprehensive protection – protects overall cloud security posture as well as workloads
- Smart hardening – reduce attack surface by eliminating promiscuous permissions
- AI-based detection – advanced machine learning algorithms to detect data theft
- Cloud native – agentless, low touch easy deployment