Traditional network security takes a positively medieval approach, building high castle walls and focusing on outward facing defences to keep attackers out of your network, but what happens when then they make it past your anti-virus and firewalls and breach your defences?
With traditional security, there is such a large emphasis on keeping attackers out of your networks that it is easy to forget about what happens when they do finally get in. When it comes to breaches it is important to remember that it is a case of ‘When’ not ‘If’ and many organisations have little in place to stop attackers going where they want and accessing your secure data once they have made it past your defences.
The first problem with this traditional approach is the issue of mobility. When your staff were all concentrated to a few buildings and sat at the same desk every day using the same desktop, creating digital fortifications works well because they can protect a concentrated area.
However, we now live in an age where many employees no longer work standard office jobs. They have flexibility, no longer work from an assigned desk, do away with the standard 9-5, work at times which they feel most productive and use multiple devices including phones, tablets and laptops.
The second issue is that many organisations wrongly assume that those working within the business, the people within the castle walls can be trusted and have the organisations best interests at heart. This is not always the case and thinking this way can leave your organisation dangerously exposed. According to McAfee insider threats are responsible for 43% of data breaches and The Information Security Forum puts the figure at 54%.
In an effort to kerb this outdated thinking, many firms are changing the way they approach security and turning to a model known as the BeyondCorp approach.
Pioneered by Google in response to the Aurora cyber attacks in 2009, BeyondCorp assumes that every device or person trying to connect to your network is a threat until proven otherwise.
To prove that the device or person is not a threat, it analyses external devices, how they are being used and what information they are submitting. This encompasses the standard login information and the location the login has originated from, but also encompasses far more subtle indicators such as how the individual uses the device.
Gathering this information about the individual’s quirks of usage also creates a second layer of identity, enabling the security to confirm who is using the device and flag any anomalies, significantly reducing the time to detect threats.
Using BeyondCorp turns your network into an active element of defence. Instead of the passive nature of traditional security, BeyondCorp continuously monitors your network enabling you to understand what’s going on in your network at all times.
In addition, using a BeyondCorp approach to your security can limit the impact of a breach to your network. This is because it involves dividing up your company’s internal networks so your users are only able to access the applications which they are approved to use.
Because of the way BeyondCorp works, the mass of data gathered on users, their devices and the way they act once they are connected adoption may seem daunting to a lot of organisations. However, Automation is advancing all the time, increasingly helping organisations to keep a handle on the millions of events that now occur on their systems.
Although this approach may seem like a way off for many organisations, everyone can begin taking steps to improve their organisations security.
At SES we recommend that you start by reviewing your permission strategy and compartmentalising your network to ensure your users only have access to the areas they need to perform their role. This way you can limit the implications of a malicious actor gaining one of your employee’s login credentials or breaching your network and reduce the damage and disruption to your business.
If you are concerned about your organisations security and would like to speak to one of our specialists about increasing your defences to potential threats, please get in touch and one of our specialists will get back to you within one business day.
© Financechain Limited trading as SES and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.