Ransomware and phishing attacks point to end goals: vulnerable internal networks
Hackers are unwittingly signaling an industry movement from resources locked away in data centers to highly connected, distributed resources in flexible environments. Ransomware and phishing scams are growing, and now targeting high-value individuals and organizations. These attacks are only the first step to gaining access. The ultimate goal is to ransack vulnerable resources connected in internal networks.
In 2016, 3 Ukrainian regional electric power distribution companies suffered 3-hour-long power outages caused by a coordinated cyberattack. The attack impacted more than 250,000 customers. Once the hackers accessed the control systems (SCAD) networks through hijacked VPNs, they had full access to the power grids.
Sony should have taught us to lock down internal networks. Even more horrifying is the length of time hackers have full access to resources once inside. The Yahoo breach in the news in 2016 – affecting 500 million users’ email addresses, phone numbers, and encrypted passwords – came from a 2014 intrusion.
“With recent high profile, broad-reaching and sophisticated penetrations of firms such as JP Morgan Chase and Sony, it’s increasingly obvious that simple perimeter level network defenses are insufficient,” said Stephen O’Grady, Principal Analyst with RedMonk. “Combined with the fact that every portion of technical infrastructure is a target, application level security with encrypted segmentation is a must have.”
Industry shift: valuable data resides in many locations
Saryu Nayyar of Dark Reading writes, “Data no longer resides behind firewalls; that singular control point of protection is gone. Instead, there is a much more complex, hybrid IT security challenge of on-premises environments being connected to multiple cloud applications and multiple mobile devices.”
More than 70% of organizations have deployed at least one application to the cloud, according to IDC. On average organizations will invest $1.62 million in cloud computing. With all this valuable movement to cloud-based resources hackers are eyeing the potential vulnerabilities in data transfer and novice cloud users who do not focus on security.
Security approaches need an evolution, quickly
Perimeter-based security approaches have not evolved to meet the modern application-focused enterprise. Hardware and virtualization layer defenses give far too much access to core mission-critical controls. Teams are forced to write overly permissive controls to accommodate overlapping use cases. The weaknesses of the perimeter-based approach are on display in the east/west attacks on Sony, Target, and Home Depot exploits where hackers gained access to the perimeter, then ransacked the internal networks with minimal resistance.
What can modern enterprises do? A “defense in depth” approach to security at the network layer.
Enterprises must strengthen existing core networking hardware and virtualization layer security with added application security. Just as the physical segmentation at the core hardware layer and logical segmentation at the virtualization layer, application layer security provides “application segmentation.” Defense in depth at the application layer can stop the next Sony attack before it becomes another headline.
In data centers, physical network isolation is not practical, and logical segmentation can be very difficult without using evolved networking approaches. As data centers became wholly virtualized and blur the line between data center and private cloud, we can finally add and control logical segmentation at the virtualization layer.
Application segmentation: the missing link in security evolution
This “Application Segmentation” provides the most comprehensive security model available today.
You can apply application segmentation defense in depth using Cohesive Networks’ VNS3:turret. VNS3:turret creates a cryptographically unique micro-perimeter around each application topology. By segregating each application, the inner rings of security can eliminate east-west vulnerability within a network.
VNS3:turret secures virtualized applications on a client’s virtual, public, private or hybrid cloud networks. vns3:turret uses the vns3:asc – a virtual application security controller – to provide a virtual router, switch, firewall, VPN concentrator, protocol redistributor, and extensible NFV container functions.
Defense in Depth with VNS3:turret
Using the VNS3:turret vns3:asc’s organic security, users can set their own access rules, firewall settings, and other security policies specifically for that application cluster. With flexible and interoperable components, VNS3:turret allows users to add in compatibility with existing networking devices and open-source capabilities such as network intrusion detection (NIDS), proxy, caching, and load balancing.
VNS3:turret is a software-only network appliance that adds security at the application layer. Create encrypted networks on top of cloud providers’ network. Virtualize critical network security functions, including routing, switching, firewalls and SSL VPNs. Through end-to-end encrypted IPsec tunnels, customers can connect on-premises or data center edge firewall devices to cloud resources. By building such encrypted virtual networks, customers are able to build secure connections over the top of data center networks, and bridge networks to cloud resources.
Cohesive Networks positions ourselves as cloud networking and security advisors in a space full of vendors selling “magic”. Our leadership team promote the belief that enterprise IT should incorporate security best practices and existing resources without redoing everything for cloud. Because of our strong believe in low “cognitive load” on customers, Cohesive Networks have always been provider, vendor, application, OS and script neutral.
By: Margaret Valtierra