Analysis: John Maddison, Fortinet VP on why more businesses need to deploy a second layer of security inside the network to protect valuable and sensitive information.
If you’ve read anything recently about cybersecurity, you already know that hackers have gotten smarter, savvier, and have more tools than ever at their disposal to infiltrate a business’s network, steal information and, in many cases, get out before anybody even realizes they were there.
An organization’s internal network is a gold mine for hackers who can gain access. And if a network has a vulnerability, there’s a good chance a hacker will exploit it.
How can companies close these vulnerabilities and protect their most valuable assets?
Let’s start with traditional security measures that concentrate on securing the perimeter. Firewalls and other security measures monitor traffic at key access points (WAN, endpoints, cloud, network gateways, etc.). Consistent and up-to-date implementation of security policies at all of these entry points is essential.
However, in many networks, if bad actors get past perimeter defenses, the internal network is very flat and open and valuable information is too often unsecured. Traditional firewalls are not designed to handle the faster speeds of the internal network, which has prevented them from being used to segment and secure internal infrastructure.
Not surprisingly then, recent high-profile attacks have been traced back to internal network vulnerabilities. In the Target data breach, hackers gained access to Target’s network via a third-party vendor. The hackers who claim to have perpetrated the Ashley Madison breach said the company’s internal network was segmented, but weak passwords (i.e. Pass1234) got them full access to sensitive data. Hackers use a variety of methods to gain access – phishing and malware are two commonly used tools – and even simple mistakes can lead to critical vulnerabilities. Clicking on a link in a phishing email or configuring a server improperly, for example, can have far-reaching consequences
Threats have become more advanced, more persistent and more damaging for businesses in terms of cost, reputation, and loss of customer trust and it’s time for security to be considered from the inside out, rather than the outside in. A multi-layered approach aligns more closely with how today’s advanced persistent threats are infiltrating company networks and provides increased visibility and protection across the network, regardless of an attack’s entry point.
How does internal segmentation work?
While not a new concept, internal segmentation has matured considerably in recent years. An internal segmentation firewall complements existing network security measures. It is deployed in strategic locations within the network, such as in front of specific servers that store valuable intellectual property or customer credit card information, around a set of vulnerable or mission-critical user devices, or even in front of virtual application servers in the cloud. The firewall monitors traffic in and out of that network asset. This is the so-called "east-west traffic" that traditional edge protections are not designed to secure.
Networks are vulnerable when security professionals can’t see or evaluate traffic in real time. There have been countless examples of attacks where a breach went undetected for weeks, months, or even years. Visibility – the ability to inspect each network packet as it moves about the network – is critical to earlier, more effective breach detection and mitigation. The internal segmentation firewall helps identify where a packet came from, where it’s going, and the application with which it is associated, all of which are fundamental to network security and control.
If the packet inspection raises any red flags, visibility gives way to protection. Is this packet malicious? Should a given application be passing information between network assets? This type of examination detects malicious files, applications, and exploits and issues an alert to give security professionals time to react and contain the threat so it doesn’t compromise other areas of the network. In many cases, containment and mitigation can even be automatic.
More than three years ago, then-FBI Director Robert Mueller told a roomful of cybersecurity professionals that there were only two types of companies: "those that have been hacked and those that will be."
He even went a step further to say these two types are "converging into one category: companies that have been hacked and [those that] will be hacked again."
Headlines over the past three years of major (and minor) data breaches have only put the necessity of proper network configuration and smarter approaches to security into greater focus.
When it comes to network vulnerabilities, every network is different. But it is essential to implement protection around an organization’s most valuable assets, most often found in the internal network. The softer internal network is a precious commodity to both the company and bad actors. A multi-layered approach that includes an internal segmentation firewall gets companies on their way to closing gaps in internal network security.