Information Security in Bizarro World
The enterprise firewall is not a security device. The Intrusion Protection System will break the network. SSL inspection is an invasion of privacy. Network segmentation is hard. Welcome to Information Security in Bizarro World.
Yes, I have heard all those excuses. The Internet is not a friendly place anymore with bunnies and unicorns frolicking in the meadows. Nation states, professional hackers spreading ransomware, and script kiddies are just some of the dangers everyone faces on a constant basis.
Organizations should employ every security measure at their disposal to protect their users and assets, along with educating their users of the many dangers and threats posed by the Internet.
Implementing proven security architectures, such as Zero Trust, and segmenting your network into defined security zones, isolates and protects your data and systems from both external and insider threats. One of the tenets of Zero Trust is containment. If a system or computer is compromised with malware, the blast radius is reduced and the spread of the malware is contained.
Intrusion Protection Systems used in conjunction with threat intelligence data can protect the organization from both zero-day and known threats that may not have been remediated for any number of reasons.
The volume of encrypted traffic on the Internet is growing at a rate of almost 25% per year and this traffic is becoming one of the biggest threats according to an August 2016 report by the Ponemon Institute. According to the survey respondents, 80% of organizations have been victims of cyberattacks in the previous 12 months, and 41% of those attacks used encryption to evade detection.
Inspecting encrypted traffic for malware and other attacks is not an invasion of privacy with someone sitting at a screen in your organization’s network operations center, watching your personal email scroll by. The volume of data makes that impossible, however without proper education of end users, that will be the perception. As part of any organization’s security awareness education program, the threats being faced and what tools the organization is using to protect everyone needs to be highlighted.
Implementing and using whatever security tools and systems that are available in an organization’s toolkit needs to become the priority of both senior management of the Information Security teams to protect the organization’s users and intellectual assets.