Cybersecurity is, understandably, a key priority for governments and businesses, and it is becoming more so as a result of high-profile breaches making the news. Data breaches, ransomware, DDoS, and other malware remain pressing concerns for regional enterprises and governments. The consequences of these attacks can be unprecedented, ranging from disrupted operations, financial loss and reputational damage.
Bad actors constantly leverage new tactics to infiltrate organisational networks to target their vulnerabilities. Therefore, one of the top questions in the minds of network security personnel is: “How do I reduce my security risk?” This is crucial even for smaller firms because every network has a flaw. But do they realise where they are most vulnerable? Wouldn’t they want to address the issue now, before a hacker exploits it?
Here is a three-point plan that works to expose intrusions and decrease network security risk:
Reduce as many attacks from entering the network as possible
One of the crucial aspects of network security is preventing as many intrusions as possible by implementing a solid security architecture.
Inline security solutions are a high-impact strategy that businesses can use to combat security threats. These programs examine incoming data packets for known malware, ransomware, and other threats in real-time. These solutions can block up to 90 percent of incoming security threats before they even reach the network. While an inline security architecture will not provide a flawless defence against all incoming threats, it will give security operations (SecOps) teams the data access they need to manage the security threat load.
It’s important to understand that implementing an inline security solution entails more than simply installing a security appliance such as an intrusion prevention system (IPS) or a web application firewall (WAF). The solution requires external bypass switches and network packet brokers (NPBs) to access and provide comprehensive data visibility. This allows all data to be examined for suspicious network traffic.
Hunt down intrusions
The 2021 Ponemon Institute Cost of A Data Breach report found that it took businesses an average of 287 days to identify and contain a data breach. This is over two-thirds of a year – which is plenty of time for a bad actor to find what they want and then exfiltrate that data.
While inline security solutions are critical for reducing the chance of a security breach, the truth is that bad actors will eventually find their way into a network for whatever reason. This is why organisations require a secondary line of defense to assist them in actively searching for threats. They need total visibility into all network components to complete this task.
Simultaneously, not all visibility equipment is created equal. For example, do these security tools see everything they need to see? IT teams could be overlooking more than 60% of security threats without even realising it. This is because some providers of visibility equipment (such as NPBs) drop packets (without informing the user) before the data reaches necessary security instruments such as an intrusion detection system (IDS). This missing data significantly contributes to the success of security threats.
Any threat hunting tool must be able to see all; of the data to be effective. Seeing only a portion of the data is insufficient as the tool can overlook invasions. This is why organisations should deploy taps at crucial locations throughout their network and then aggregate and filter that material so that their security tools (IDS, DLP, SIEM, and so on) receive exactly the appropriate data at the right time to point out any anomalies or suspicious actions. The tap and packet broker combination provides the visibility required to ensure that the organisation’s security tools are as successful as possible.
Stay vigilant and constantly validate your security architecture
Finally, the third line of defense is to validate the security architecture regularly. This entails deploying a breach and attack simulation (BAS) system to test defenses against real-world threats in a safe manner. Although routine patch maintenance and annual penetration testing are good security practices, they do not replace weekly or monthly BAS-type operations. For example, suppose a patch was not applied or was misapplied – how do IT teams proceed? And penetration testing is only valid for a certain period. New flaws will almost certainly emerge after a few weeks or months. And, most importantly, were the appropriate solutions implemented if a vulnerability was discovered? For these reasons and more, enterprises should use a BAS solution to determine the current strength of their security infrastructure.
Rather than responding to cyber-attacks in a reactive way, proactive testing of cyber defenses is needed to reduce risk and minimise consequential losses.
In the current digital revolution, it is not a question of if a network will be attacked, but when it will be attacked. Thus, governments and enterprises can bolster their network security by implementing a solid security architecture, proactively hunting for intrusions, and periodically testing their defences.
Kelly Ambriz, international business & market development manager, government sector, Keysight Technologies, Inc.
