By now everyone should be familiar with the Assumption of Breach stance: forget about protecting the perimeter—act as if threats have already breached and decide what you’re going to do to protect sensitive data.
Take Microsoft Azure for instance, where the IT Security team is constantly testing itself. Azure uses a Red Team to find holes and weaknesses, identify gaps, points of entry, and risks, and exploit them. Then a Blue Team detects and remediates the attacks, which are both planned and unplanned. They approach the process like a perpetual military exercise.
In reality, data breaches are inevitable unless businesses implement such a comprehensive approach, at both the technology and organizational levels. The old way—slapping up a port-and-protocol firewall and hoping it does the job—doesn’t cut it anymore. As attackers get smarter and faster, the approach to finding and stopping them has to do the same.
To be done right, information security requires a proactive stance and a genuine interest in data protection. Getting almost there isn’t good enough. NSA's Robert Joyce, chief of the agency's Tailored Access Operations, says attackers will look for networks that are upward of 97 percent secure, because that's all they need.
“Don’t assume a crack is too small to be noticed, or too small to be exploited,” he recently told Wired. “We need that first crack, that first seam. And we’re going to look and look and look for that esoteric kind of edge case to break open and crack in.”
Predict, Prevent, Detect, Respond
Adaptive Integration partner solutions enable the four capabilities prescribed by Gartner’s Adaptive Security Architecture for Protection From Advanced Attacks—Predict, Prevent, Detect, Respond.
Predict: Baseline your networks and systems, track emerging vulnerabilities and threat vectors, and perform proactive exposure analysis.
Prevent: Harden and isolate systems according to well-understood criteria, divert attackers from your critical assets, prevent incidents by watching for abnormal behavior.
Detect: Identify deviations from normal behavior in as close to real-time as possible, confirm malicious activity and evaluate risk level, contain the breach and assess impact.
Respond: Perform complete investigation, collect learnings to establish new best practices, make changes to affected systems and networks as necessary, predict where similar vulnerabilities will be exploited in the future.
Moving from a reactive to a proactive stance requires enhanced tooling. Here’s what you need to be doing today:
Protect the Perimeter
Going beyond the port-and-protocol approach of a traditional firewall, Palo Alto’s security appliances use deep packet inspection to safely enable each and every critical business application while simultaneously blocking risky apps that use the same ports and protocols. This method provides the capabilities of an intrusion detection or intrusion prevention system (IDS/IPS), as well as a sandbox solution, all in one high-performance platform.
Protect the Edges and Endpoints
Implementation of a modern endpoint protection solution can prevent infection, whether those endpoints are on the corporate campus network or out there in the world. Set traps for hackers using Palo Alto’s Traps. Get instant information and take instant action using Tanium’s endpoint visibility and control solution. Lock down access to data center assets using Nano-segmentation from Illumio.
Watch Network Traffic for Abnormal Behavior
No modern data center or campus network should be implemented without some level of out-of-band monitoring capability that uses SPAN or taps. Once you have access to your wire data, you have complete visibility into your user traffic. A number of solutions have emerged in recent years that make sense of this massive flood of information, including Vectra Networks’ advanced threat detection capabilities and ExtraHop’s wire data analytics platform.
Monitor for Known and New Threats
Palo Alto’s Autofocus service surfaces new threats based on analysis from the Threat Intelligence Cloud and the Palo Alto Unit 42 threat research team. They distill millions of samples and billions of artifacts to only what you need to know, just when you need to know it.
Ultimately, information security isn’t a thing you buy, it’s a thing you do. Comprehensive protection architecture encompassing the perimeter, endpoints, data center segments, and up-to-date knowledge of the threat landscape is just the first step in ensuring that your valuable IT resources are safe from compromise and exploit.