[BreachExchange] Fighting ransomware with network segmentation as a path to resiliency

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 24 20:03:42 EDT 2018


Recent cybersecurity events involving the use of ransomware (WannaCry and
similar variants) represent the latest examples highlighting the need for
organizations to not only take an initial hit, but survive, adapt, and
endure. In other words, be resilient.

All too often, our community is a witness to any number of similar events
where an initial breach leads to catastrophic effects across the
enterprise. We need to do better; the methodologies and tools to do so are
readily available.

Organization can achieve network resiliency and survivability through a
strategy embracing network segmentation in general, and micro-segmentation
in particular. In a world where it is simply unrealistic to expect CIOs,
CTOs and organization security teams to know about and cover everything on
their networks, they must strive to protect what they do know about and
control access across organizations which are increasingly amorphous,
porous and dynamic.

Ask any infosec professional what steps to take to secure a network, and
you’ll hear some common themes. Know the hardware and software deployed on
your network and how it should communicate so you can detect if two devices
shouldn’t be talking. Enable application whitelisting, encrypt data in
transit and at rest, and enforce network segmentation.

Security professionals know that most networks are like a piece of candy –
they have a hard crunchy outside and a soft gooey inside. Network
segmentation removes the gooey inside, simultaneously reducing mean time to
detection and mean time to remediation – the two most important metrics for
security incidents. These steps make it very hard for any adversary to
gain, maintain and further develop access and move freely across a network.
In fact, this will significantly reduce attacker ROI, often making them
look elsewhere for an easier target.

The challenge to many, if not most, organizations is a lack of network
inventory and true visibility. Patching failure is often cited as the cause
of network breaches, but you can’t patch what you don’t know about. In many
cases, organizations must deal with devices that are leased and not under
their full control. In other cases, devices cannot be brought down for
patching due to operational requirements. In still other examples, the gear
and infrastructure is “mixed” and “common” (the cloud and other shared
resources). Lastly, some infrastructure is simply too delicate to handle
any patching.

What then is the answer? As CIOs and CTOs are driving the rapid adoption of
new technologies (many of which lack basic security hardening), security
teams are struggling to deal with increased attack surfaces and rapidly
changing network boundaries. This relationship sets up a dynamic tension
that is not sustainable.

Segmentation is the solution to this problem with a particular focus on the
emerging world of micro-segmentation. In this model, security profiles are
adopted closer to the endpoint, thus replacing the traditional concept of a
hardened single perimeter, and providing a dynamic and scalable perimeter
wrapped around every workload.

Deployed correctly – particularly when combined with software defined
networking and encryption – microsegmentation allows for the presentation
of true “zero trust models” across the enterprise. This protects critical
workload and business processes while reducing reliance on overly complex
hardware-based infrastructure and rulesets (which bring their own
vulnerabilities to the mix).

Adversaries usually don’t know where they land on the targeted system or
network, or what’s around them. This is just as true for nation state
attackers and insider threats as it is for unskilled attackers. By limiting
their ability to move laterally throughout a network, they are quickly
detected and contained, limiting the damage caused by any intrusion.

The key is to limit the extent by which the attacker retains any advantage
inside the network, regain control and initiative, and reduce the impact of
any attack across the enterprise. It’s a fact of life today that
organizations will eventually be hit with a cyberattack. But with the
appropriate segmentation, they will survive if they are prepared and
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180524/e0a5e134/attachment.html>

More information about the BreachExchange mailing list