The Department of Homeland Security (DHS) recently issued an alert warning government agencies, network infrastructure managers and networking vendors about the more advanced techniques of cybercriminals, and how an attack can wreak havoc on a network infrastructure. The alert focuses on firewalls and routers, and advises that “[p]rotecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.”
Anyone who is tasked with protecting an enterprise network knows all too well that attackers attempting to breach security infrastructure will always look for vulnerabilities in the system as a quick and easy way in. Vulnerabilities occur as a result of outdated or unpatched software, but also firewall misconfigurations and weak network security policies on those firewalls.
Set it; don’t forget it
It wasn’t that long ago that securing a network was as simple as putting a firewall at the perimeter. But the traditional perimeter no longer exists. Now, a network may employ several (or even several hundred) firewalls; however, without proper policies managing traffic from and access to these devices, the risk of a breach becomes even more likely. There are many ways to expose a network. Giving too much allowance, or giving the wrong people access they don’t need, opens up the network to cybercriminals. As the DHS alert points out, the vulnerabilities listed in some of the firewall appliances provide opportunities for cybercriminals to make “lateral moves” once they’ve gained access.
However, security policies that are too narrow or restrictive have the potential to slow down business operations or even result in application downtime. In either scenario, businesses are at risk to lose money – whether as a result of a cyberattack or as a result of business inefficiencies.
It’s time for IT managers to get out of the “set it and forget it” mind frame. A truly secure network infrastructure must be constantly monitored and maintained in order to effectively protect against a cyberattack. Developing a network security policy management strategy allows enterprises to streamline the management of network security configuration changes. In an enterprise network, change is constant and often complex. In order to keep up with ever-changing business demands, IT managers must have complete visibility and control, while maintaining compliance and proper security policies. This is crucial to ensuring network security and connectivity.
Security skills gap adds fuel to the fire
As the DHS alert points out, “rising threat levels place more demands on security personnel and network administrators to protect information systems.” However, many companies are struggling to maintain their current security infrastructure with existing resources. The cybersecurity skills gap is real, and it’s leaving businesses even more vulnerable as IT administrators navigate an increasingly complex network infrastructure.
Highly skilled engineers are hired to reinforce security systems, not spend their days on network hardware and software maintenance and configuration changes. This makes automation of security policy changes a necessity, in order to free up the security team to focus more on incident response and prevention instead of playing policy catch-up. While technology tools are no substitute for intelligent human analysis, automation can replace a large amount of the more repetitive, traditional network tasks. The security skills gap won’t be solved overnight, and until more IT security professionals enter the workforce, businesses can allocate human resources to where the attention of a dedicated, experienced expert is required, while automating the more mundane security operations and tasks.
Preventing the “land and expand”
One of the solutions highlighted in the DHS alert is proper network segmentation, noting it as “a very effective security mechanism to prevent an intruder from propagating exploits or laterally moving around an internal network.” A tightly segmented network avoids lateral movement, thereby reducing the overall attack surface. First, the IT team must have a full understanding of the business drivers and key IT assets in order to properly define separate groups and place them in different network segments. From there, the IT team needs to define how the different network segments interact with each other, and create sets of rules and restrictions to access the data. Prioritizing these different network segments based on important assets is also crucial to protect businesses from external threats.
However, understanding and enforcing network segmentation as an ongoing effort is a major challenge for IT experts – particularly when it comes to preventing major delays to service levels throughout the change cycle. This is another area where automation plays a key role, restricting the movement of traffic across the network while adapting to changes.
The threat landscape continues to expand and become more sophisticated. It’s not a matter of “if” your network will be breached; it’s only a matter of “when.” As IT managers respond to advanced threats, we encourage them to keep this in mind: your firewall is only as strong as the policies that manage it. Not only will network automation help IT teams gain agility, but it will increase their management and operational efficiency and lead to greater network resiliency.
[su_box title=”About Reuven Harrison” style=”noise” box_color=”#336588″][short_info id=’61903′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.