[BreachExchange] The Principles and Technologies Heralding the Next Cybersecurity Revolution
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Fri May 28 14:10:55 EDT 2021
https://www.infosecurity-magazine.com/next-gen-infosec/principles-tech-next-cyber/
Everyone is always looking for the next big thing but how do you know when
the time’s up for the current tools?
Over recent years <https://def.camp/impact-cybersecurity-five-years/>, we
have faced increasing incidents of cyber-attacks and unprecedented
technologies being used to cause data breaches.
It’ll only get worse unless organizations adapt their cybersecurity
strategies
<https://www.infosecurity-magazine.com/opinions/improving-cybersecurity-higher/>
to
the principles and technologies of the current transformation in the state
of enterprise cybersecurity.
Here, we discuss three of these big principles and highlight some of the
technologies driving the trend.
*Zero-Trust*
Basically, this is a principle that strips security authentication systems
of the assumption of trust when handling access requests.
As against traditional security models, the zero-trust framework aims to
ascertain the identity of a user and their legitimacy to be granted the
required access.
This moves away from dependence on hardware devices and knowledge-based
authentication
<https://www.infosecurity-magazine.com/news-features/2020-cybersecurity-predictions/>
models,
all of which may be easily breached/hijacked. By not trusting anything
outside the network perimeter until the user’s identity is firmly
established, organizations can greatly reduce incidents of data breaches.
*Least Privilege*
One of the principles promoted in the zero-trust model is *least
privilege *cybersecurity.
The principle means that users do not have access to network resources
beyond what’s necessary for fulfilling a (legitimate task).
The ultimate aim is to manage and reduce the impact of data breaches.
Essentially, if even the CEO cannot have access to more network resources
than they require to fulfill an assignment, breaching the system through
that endpoint limits the amount of damage that a cyber-attacker can wreak.
Least privilege
<https://www.infosecurity-magazine.com/news/a-fifth-privileged-users-elevated/>
appears
to be a cross between smart permission management and advanced network
segmentation that reduces a cyber-attack surface.
*Edge Security and User Responsibility*
This is the age of the distributed workspace
<https://startupgrowthguide.com/top-business-functions-that-are-best-outsourced-for-your-startup/>,
which is a welcome development. However, eliminating the physical
boundaries of office networks must require a transformation in
organizations’ approach to cybersecurity.
Apparently, the edge has attained the same level of importance as the core.
The cybersecurity technologies of the future would be those that place
greater importance upon securing the edge from malicious infiltration.
The fast-rising adoption of IoT makes this all the more important.
Companies need to focus on securing endpoints
<https://www.infosecurity-magazine.com/news/endpoint-pain-point/>, wherever
they exist. As expected, this means individual users (employees) have a
greater responsibility in securing office data.
Therefore, new cybersecurity technologies must focus on empowering
employees as the first line of defense, in order to resist attacks.
Now, to the specific technologies that implement these principles:
*Software-Defined Perimeter*
An SDP is used to segment network resources and limit access to approved
users.
SDP solutions use a zero-trust strategy and a least privilege model by
assuming that everything outside the defined perimeter is untrusted.
Once connected to the network, a user is only granted access for carrying
out a particular task as approved. Therefore, the larger network remains
secure even if a data breach occurs.
*Risk-Based Authentication*
Traditional authentication systems are too rigid and that is a
disadvantage. If everyone (regardless of the level of privilege) is only
required to supply a password to access a system, it is only a matter of
time before highly privileged accounts are breached.
RBA prevents this by applying varying authentication requirements according
to the sensitivity of the data to be accessed as well as the login context.
Therefore, without using 2-factor authentication
<https://www.infosecurity-magazine.com/opinions/authentication-lazy/>, you
can still deliver scalable and easy-to-use login authentication.
*Secure Access Service Edge*
SASE <https://www.perimeter81.com/solutions/sase> consolidates network
connectivity and security functions into cloud-delivered solutions.
With the rising adoption of remote work and distributed endpoints, SASE
solutions govern access to network resources in a scalable way, ensuring
security compliance across contexts.
Gartner predicted
<https://blogs.gartner.com/andrew-lerner/2020/01/06/networking-predictions-2020-edition/>
last
year that “By 2024, at least 40% of enterprises will have explicit
strategies to adopt SASE.”
*Cloud Access Security Broker*
CASBs
<https://www.gartner.com/en/information-technology/glossary/cloud-access-security-brokers-casbs>
are
used to integrate multiple categories of security policies and enforce them
as users try to access system cloud resources. A CASB operates between the
users and the cloud service providers to enforce security compliance.
Some of the security policies may include authorization, malware detection
and prevention, incident response, remote access, business continuity, etc.
*Next-Generation Firewall*
Traditional firewalls use stateful packet filtering; however, NGFWs go
beyond by implementing security at the highest layer of the OSI model: the
application layer.
NGFWs also include an Integrated Intrusion Prevention System, Deep Packet
Inspection, threat intelligence, and other capabilities not possible with
traditional firewalls.
*Conclusion*
Enterprise cybersecurity has relied upon traditional VPNs, firewalls,
encryption, antivirus, and other similar technologies. However, they have
failed to deliver the kinds of cyber resilience required as the world of
work changes.
The next generation of cybersecurity will require that tools and
technologies assume no trust but instead authenticate everything that tries
to access a network.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210528/cd205352/attachment.html>
More information about the BreachExchange
mailing list