Companies are indeed taking a closer look at cybersecurity. Recently, KPMG surveyed audit committee members of various business organisations globally and learnt that 55 percent of them think more agenda time needs to be dedicated to cybersecurity this year. Audit committee members in Singapore echoed the sentiment, with 62 percent of them saying likewise.
Those figures in isolation make the situation appear dire. But understanding the cyberattack lifecycle before it reaches your data center – how a breach occurs, what happens once it’s in, and even just how long it takes to resolve – means you’re in the best possible position to prevent a potential attack.
For years, data center security has meant securing an organisation’s perimeter. But hackers are getting smarter; once they breach the perimeter they move laterally to cause attacks within enterprise and government networks. What’s more, hackers these days are deliberate in their methods – and persistent. Our research tells us it takes an average of 24 days for organisations to identify and resolve an attack.
The threats and the applications that allow them
What’s clear is that there is a link between threats and the applications running on networks. Many significant network breaches start with an application such as e-mail delivering an exploit. These breaches use social engineering tactics and otherwise innocent business processes and procedures to do all the hard work normally involved in delivering malware. Exploiting a business process gives the attacker access to potentially millions of users and troves of data with minimal effort. Once on the network, attackers use other applications or services to effectively hide in plain sight and continue their malicious activity unnoticed for weeks, months or even years at a time.
Based on this evolution in attacks and the actors behind them, it’s clear that incident response and remediation-based security – that is, cleaning up only after an organisation has been breached – is hardly adequate. Instead, we need to prevent attacks from occurring in the first place, and make attacking an organisation so cost-prohibitive for a hacker to pull off a successful attack that they just give up and move on to another target.
New thinking about security is essential
Think about securing your organisation not as a house, with your security at front and back doors, but as a hotel, with security segmented by rooms and access levels. Network segmentation means multiple layers of protection that prevent hackers from moving freely within the network should they break through one layer.
The virtualisation of data centers is also creating new threat vectors. In our annual Application Usage and Threat Report (AUTR), we found that just 10 out of 1,395 applications traversing most enterprise networks were responsible for generating 97 percent of 60 million exploit logs found on those networks. Nine of these 10 were data center applications.
Architect for prevention
Securing data centers with better user awareness programs and detection software is not where companies should focus their often-limited resources. While detection and remediation measures have their place, ultimately they do little more than provide the details of an attack after the damage has been done. Companies must ensure that security measures are in place to protect data centers from catastrophic attacks, employing micro-segmentation within the data center and throughout the infrastructure to limit the risk.
To protect against attacks, focus on building a robust threat prevention program that, through high visibility, can quickly turn unknown attacks into known threats. Can your security infrastructure:
- Quickly analyse and identify the alerts that are critical from those that are benign, reducing the response times required?
- Streamline management and paring down the number of security policies needed in your organisation?
- Prevent known and unknown attacks from occurring by correlating patterns that pinpoint malicious activity?
Think beyond the four walls of an organisation and deploy security at entry and exit points but also at a more granular level. Think prevention – only cleaning up attacks after the fact leaves the advantage with the bad guys.
Joe Green is the vice president of Systems Engineering for Asia-Pacific at Palo Alto Networks.