In this blog, we consider enterprise IT security in the context of the crisis and look at how micro segmentation and associated security concepts can be used to defend a widened set of vulnerabilities against emerging threats. It’s acutely relevant because, while the world focuses on the threat of the virus, there has been a dramatic increase in cyber-security attacks. The ones that exploit anxiety about COVID-19 are spreading faster than the virus itself.
COVID-19 is no different to past pandemics in that it seemingly appeared from nowhere, it propagates aggressively before symptoms present, there is no immediate cure or preventative solution and it requires aggressive and disruptive measures to isolate and defeat. Information Security outbreaks are no different and only proactive measures can reduce the risk of potentially catastrophic outcomes for any business.
Crisis Security for Regulated Industries
Enterprise IT security has always suffered at the hands of users. The IT security manager would only be able to run a truly tight ship by keeping them off her network. 90% of malware is still delivered by email and it doesn’t achieve its malign goals unless somebody opens a message and clicks on something inside it. Now that we have seen a mass-migration of office-based workers to remote, home-working environments, the vulnerabilities are increased at technical and human levels. As enterprise comes to terms with the length of the lockdown, more users will be added to the remote workforce.
In some cases, remote-working will lead to the use of unsecured and unmonitored Wi-Fi beyond the reach of traditional perimeter-based security. Depending on what hardware users were already supplied with, it could also lead to a wave of new endpoints to be patched and secured. Some devices in regulated industries have awkward security protocols which may also have unintended consequences in remote settings.
For regulated businesses that generally forbid telecommuting there is an uncomfortable loss of control over the environment. Companies will need to identify mission-critical applications and secure them accordingly. Cloud services should still be easily accessible and protected, providers will be able to clarify continuity policy. For proprietary software or applications that reside on internal networks then access will need to be secured by VPN or a similar method; as a consequence, private networks will need to be stress-tested for extra capacity.
Human Level Security Threats During Lockdown
Cyber criminals target vulnerabilities at the technical and human level. People working from home are more likely to mix work with personal browsing and communication, increasing the possibility that work assets are exposed by careless activity. The anxiety caused by the outbreak also presents a vulnerability as people are likely to click on apparently relevant links in the search for certainty. It is important for companies to remind users of best practice early and often in a crisis like this.
Researchers have reported three main types of COVID-19 themed phishing attacks: scamming, brand impersonation (especially the WHO, CDC and relevant charities), and business email compromise. There is some advice specific to current threats below, and this should be proactively shared with users. Although the crisis increases vulnerability, in reality, the threat never goes away, and the advice stays valid.
- Be wary of any email that asks users to open attachments or click links. Even with anti-malware in place, caution is always advised.
- Look out for emails from sources you would not usually normally receive communication from as they are likely to be phishing attempts.
- Also be cautious with emails from organizations that you do regularly communicate with. Brand impersonation is a recurrent theme in COVID-19 email attacks.
- Don’t respond directly to unsolicited charity messaging as this is a common deceit. If you wish to donate, seek out a reputable charity and make a secure website payment.
Users aren’t committing the crime, but they are culpable for exposing the business to the bulk of the risks, they also have persistent demands for a seamless experience when logging on and using their apps and services. This is the reality of the trade-off. Some of the most secure solutions we’ve seen have been totally unacceptable from a UX perspective. When the current crisis subsides, having worked remotely for several weeks at uncomfortable desks with slow Wi-Fi connections, it could be that users accept a slightly more security focused experience, but it can’t come at the cost of productivity.
Micro-Segmentation – Self Isolation for Your Networks
In corporate IT, the days of protecting the perimeter wall around a flat network are gone, because nobody inside the business needs access to every resource while some people outside the business do need access to some of your network e.g. website servers or guest Wi-Fi. Segmentation was introduced to provide the highest level of security where it was needed most. The perimeter still exists but breaching it does not provide access to everything on the network. The highest priority assets have extra layers of containerized protection whereas a lighter touch can be applied to less sensitive data, applications and workflows. By breaking the network down into “subnets,” a higher level of targeted security is achieved.
Modern working practices take these challenges and spread them across external infrastructure. The advent of virtualized networks has paved the way for micro-segmentation, a refined approach that uses software-defined policies to meet this challenge while supporting optimal UX and performance that allow the users to work effectively. Think of micro-segmentation as social distancing for your network. While perimeter defences such as firewalls, proxies and other inline controls can limit the attack surface, inevitably a successful attack will prevail, and only additional internal controls will limit the consequences.
The best solutions come with a higher level of visualization and provide least privilege access control at process-flow level across containers, multiple Cloud instances, virtual machines and legacy bare-metal servers. Granular segmentation policies can be maintained based on environment type, regulation, application and infrastructure tier. By extending internal security policy into virtual and Cloud environments it allows consistency and flexibility by removing reliance on Cloud vendor security offerings.
Security Monitoring Capability
Only a fully integrated monitoring solution can provide proactive protection from future outbreaks. Security event monitoring is slightly different to traditional infrastructure service monitoring, where performance degradation can be detected based on predefined metrics that remain relatively static during the course of normal operations. Security monitoring requires the aggregation of all infrastructure and application assets within an organization, together with real time integration with threat management information networks. With rapid cloud adoption now a reality, this has never been so important. With a good micro-segmentation solution, activity can be monitored centrally across entire hybrid networks with alerts in place so that unsanctioned activity can be rapidly blocked.
Operational Delivery Capability
Continuous Integration/Continuous Delivery (CI/CD) is critical practice that provides organizations with the required agility, particularly when reacting to security incidents. The ability to build and rebuild compromised networks, compute and desktop infrastructure; and application components on demand, is one of the most powerful ways to recover from the incident that will inevitably occur one day.
COVID-19 had a sudden impact on working practices in regulated industries, taking an unprecedented number of workers out of controlled physical spaces for what may be an extended period. High-end overlay micro-segmentation solutions can be very useful here. Flexible policy creation means that environments and devices can be brought within updated control guidelines quickly. Because the best micro-segmentation solutions encompass DevOps and IT Automation, the implementation of new mission critical apps for remote use cases can be facilitated.
COVID-19 Security Action Plan
This crisis will stretch resources to the limits, and although micro-segmentation will help, the core security concepts remain the same, and can be broken down in a way that will feel familiar to many people right now.
- Control propagation methods. Once inside the network, malware will typically target vulnerabilities to increase its impact. Methods to mitigate this include constant education and reminders, and restrictions on trusted access points using passwords, multifactor authentication and biometric authentication where appropriate. Where micro-segmentation has been adopted, it serves to block lateral exploration between servers that could otherwise bypass firewalls.
- Testing is valuable. If comprehensive testing is in place before a breach occurs, then it will be easier to understand the extent of exposure and act to isolate the damage.
- Segmentation limits the spread. By isolating workflows and protecting them individually, lateral communication between servers can be blocked and key assets can be protected. This is best practice at all times but becomes acutely significant in a crisis. With an overlay micro-segmentation solution, it could be possible to achieve this in minutes.
- Protect the most vulnerable and critical digital assets. This is another core policy of a micro-segmentation plan but is not a new concept. Old servers and legacy applications could be more vulnerable, and mission critical apps warrant the highest protection level. By prioritizing carefully, the highest risk assets can be protected from the most aggressive attacks.
COVID-19 reinforces the principles of IT security as it demonstrates our vulnerabilities and the consequences of not being prepared. Companies are facing severe cashflow issues as it is and, although Financial Services has improved its liquidity ratios and general survivability, a significant malware event would be very unwelcome during this testing time.
Micro-segmentation is a methodology that allows granular protection for individual workflows. Policy can be redefined easily allowing flexible, responsive security management. An increase in the adoption of micro-segmentation solutions is a likely outcome of the current crisis.