Multi-Layer Protection from Data Breaches
.png?width=1603&name=Hackers-Blog-Lee-G-April-Web%20(1).png)
I was recently reading a Wikipedia entry which documents a number of key security breaches that have occurred, along with an indication of why each one happened (with associated links to various sources of detail). While this is obviously not a definitive list, it does provide a useful insight into the range of incidents and how they were carried out.
Security breaches and data leaks will happen. The ease with which an attack can now be launched via a subscription on the dark web has been facilitated by hackers who provide an actual service, complete with SLAs and guarantees. These services are looking to exploit zero day and existing vulnerabilities as well as human errors and weaknesses.
In order to reduce the risk of an attack, a multi-layered approach to security is needed which takes a broader view than the traditional areas of focus.
Perimeters
In the past, perimeter protection meant a firewall of some sort. While this is still the case, defining your organisation’s perimeter now usually includes both traditional network edges and the cloud.
SaaS platforms must be properly controlled and protected to mitigate against data leakage and ensure that users can securely connect to the information easily using two factor authentication.
Public cloud platforms need to be secured effectively by ensuring that the security models in place extend into the public cloud providers. This should include both provision of firewall services and systems to ensure that public cloud environment activity is monitored. By monitoring the deployments of services against best practices, you can ensure that entries into your network are not created by human error.
Traditional firewalls are still needed, but must be more than basic rules covering what is and isn’t allowed based on simple destinations and traffic types. Instead, they need to be able to assess the content of this traffic to ensure that it isn’t malicious.
Within Your Network
What is actually happening in your network? Who is talking to who? What traffic is traversing your networks? A full understanding of all your normal traffic flows allows you to easily spot the unusual, which enables faster identification of zero day threats. This can be delivered using a combination of advanced endpoint solutions and monitoring the actual traffic travelling across your LAN.
The Human Problem
As I have discussed before, humans are the weakest link in the security chain.
The network needs to be protected from errors generated by misconfiguration. Where possible, repeatable tasks should be automated, utilising software defined networks for automatic self-configuration and tuning.
Systems should be deployed that monitor the configuration of cloud platforms to ensure data is not left unencrypted and public access is not left open, and robust release mechanisms should be in place for in-house developed platforms to ensure vulnerabilities are not introduced by poor coding.
End users need continual education on the issues of cyber security. This should also be tested to ensure that users are not succumbing to targeted social engineering attacks.
Monitoring Credentials
It’s widely known that the dark web is a source of credentials. Are your users credentials available for sale? Monitors should be used that look at what is available and if it is relevant to your environments.
Monitor and Tune Your Security
All of the above will generate a lot of noise. Ensure you have the ability to filter out this noise with a robust SIEM platform that intelligently highlights what is important, and integrate these platforms to self-tune based on threats.
Enabling you to respond much quicker to both targeted attacks and unintentional errors, a multi-layered approach to security is the most reliable way to save your organisation from the financial and reputational cost of a data breach.
