Reactions From RSA Conference 2017

RSA Conference 2017

How and Why to Employ a “Code Red” Security Approach

At the RSA Conference last week in San Francisco, it was clear there’s a growing consensus among cybersecurity leaders that “the threat level is now Code Red,” as one Gartner representative put it. It’s absolutely true: Enterprises must view security as an ongoing, business-as-usual practice.

Of course, we can use phrases like “business as usual” and “Code Red,” but it’s important to be clear about what that approach looks like in practice, with an understanding of the real challenges and constraints that today’s increasingly distributed businesses and organizations face.

Today, organizations that are leading the way on security have stopped allocating all their resources toward attempting to create an impenetrable perimeter, and instead are asking themselves how they can minimize business risk in the event of an attack.    

Prioritize Threat Detection

Given the massive scale of today’s enterprise networks, it’s no longer a question of if your network will be threatened, but how your organization will deal with it when it happens, and what safeguards you’ve put in place to protect mission-critical applications and data.

The latest averages for time to detection hover at around 146 days. Many of the past years’ most high-profile breaches have lasted even longer than that. It’s clear, then, that more enterprises need to take a layered security approach, prioritizing intrusion detection.

Deploy Layered, Scalable Security

A layered security approach accepts that any network can be compromised. Cradlepoint recommends the following strategies for a layered approach:

  • Eliminate threat vectors with secure hardware-related practices. These include creating air-gapped Parallel Networks to separate the most sensitive company data from risks such as guest WiFi and Internet of Things (IoT) devices. Another important practice is locking down router entry points. 
  • Enhance visibility and control with cloud management. The key to a quick threat response is having already set up top-notch visibility and control, especially on a distributed network. Many IT organizations find that a cloud network management solution is a critical tool because it reduces reliance on complex coding and on-site management.  
  • Implement PCI Compliance controls. Whether or not your organization deals with PCI Compliance regulations, the underpinning strategies provide a good basis for “Code Red” security. If you are subject to PCI Compliance, stay up on compliance constantly, not just when preparing for an audit.
  • Enforce device visibility. There are a number of measures that organizations can take to enhance device visibility, including using multiple criteria to identify devices and utilizing cloud network management solutions.
  • Utilize cloud-managed IPS/IDS. Consistent policy enforcement is critical, but it’s difficult to achieve with standalone hardware devices at distributed locations. By deploying IPS/IDS via the cloud, enterprises can consistently apply security policies and threat response across applications, users, and different computing environments.  

Evaluate Business Risk

As stated earlier, leading enterprises today are asking themselves not how they can perfect the network perimeter, but what they can do to reduce business risk. Because of the increasing role of the cloud in today’s enterprise networks, the question should be applied most rigorously to cloud data storage.   

Risk evaluation usually revolves around three security objectives: confidentiality, integrity, and availability.

  • Confidentiality involves preserving authorized restrictions on information access and disclosure. This includes protecting personal privacy and proprietary information. To reduce risk in this category, ensure that all passwords stored in the cloud are encrypted with AES 256. 
  • Integrity involves guarding against improper information modification or destruction. This includes ensuring information authenticity. To reduce risk of compromised data integrity, choose a network management solution that triggers notifications to network administrators any time a network or device configuration change occurs. Further, ensure the network management solution operates in an encrypted application environment. In other words, utilize an encrypted stream between network devices and the data center or application server. While there is a chance a hacker could modify router configurations to reroute sought-after traffic from an inaccessible part of the network to one that’s been compromised, encrypting the traffic ensure that such data remains unreadable.
  • Availability involves ensuring timely and reliable access to, and use of, information systems. Deploy failover routers and networks so that if an outage occurs, business operations will continue as usual.  

Enforce Best Practices

Best-in-breed security applications and smart resource allocation are critical components of enterprise network security, but they don’t take the place of best practices enforcement. These critical best practices include:

  • Educating end users. Educating staff early and often is one of the most effective ways to mitigate cyber security risks. As a start, make sure employees are well aware of how to spot a phishing attempt.
  • Maintaining firmware updates and software patches. Keeping all network devices and software up to date is easier said than done. A cloud-managed or cloud-delivered network can simplify and expedite the process.
  • Implementing multi-factor authentication. The risk of a security breach can be greatly reduced when a company’s staff login process requires a verification code along with the employee’s username and password. That way, even if an employee’s credentials are stolen, the hacker can’t get network access without also gaining access to the employee’s phone or mobile device.

Live Webinar About Software-Defined Breach Protection

Learn about how Cradlepoint helps mobile and distributed enterprises approach security with a “Code Red” mindset while minimizing the resources needed to secure the network. Register for our live webinar on March 14, 2017.