Security From Ground to Cloud
Now that security measures must extend to wherever access decisions are made — home offices, coffee shops, hospital rooms, checkout lines, factory floors, and even inside traditional office spaces — old perimeter-centric security models are ineffective at stopping modern threats.
Users demand access to an increasing number of applications, operating across a wide range of device types, and often with little forethought about business or security risks. Meanwhile, IT professionals are dealing with multicloud computing, data center modernization, and mobility initiatives that require a rethink of how to enable access to applications and data while protecting network resources from a new, sophisticated class of advanced threats that evade traditional security constructs.
This represents a new era for information security. Are you ready?
Today’s security architecture begins with protecting endpoints – smartphones, laptops, tablets, IoT devices, and even clunky desktop PCs. Any device that connects to applications, data and other corporate assets needs to be authorized, authenticated and secured against malware and other exploits.
Next-generation security tools and platforms reduce incident response times, assist in the discovery of unknown threats, and streamline security deployments across the enterprise. They safely enable applications, users and content by classifying all traffic, verifying privileges, and enforcing policies to protect access to relevant resources. Often aided by artificial intelligence and machine learning, these platforms help secure public and private cloud computing environments with increased visibility and control, enabling organizations to maintain security protection at the speed of machines against vulnerability exploits, viruses, spyware, botnets, ransomware and other malware.
No discussion of security architecture would be complete without addressing the importance of microsegmentation. Granular control over lateral communication (east-west traffic) is essential in light of today’s advanced exploits. Often, however, this is easier said than done. Microsegmentation requires a comprehensive understanding of everything that touches the enterprise and then mapping all connections between workloads, applications, and environments.
Adept at information security since our founding in 1992, turn to the original security architects at Structured to protect your enterprise.
Endpoint Protection Platforms (EPP)
EPP evolved as a response to advanced persistent threats and zero-day threats that old signature-based antivirus (AV) software could not stop. These platforms leverage advanced algorithmic capabilities inherent in artificial intelligence and machine learning and very often are delivered as subscription-based, cloud-managed solutions that include lightweight agents for endpoints.
EPPs detect, investigate and prevent known and zero-day file-based, fileless, and script-based threats – those that detonate immediately and those that dwell for days or months in a network before activating. In addition to being very powerful computing platforms that are constantly supplied with new data from global repositories, they integrate well with other on-premises and cloud-based security hardware and software tools for sandboxing, application control, data loss prevention, endpoint detection and response, and — very critical — with next-generation firewalls (NGFW).
In fact, EPPs are steadily growing to comprise all of those processes and technologies in a holistic framework. Here we drill down on two: Data Loss Prevention (DLP) and Endpoint Detection and Response (EDR).
Data Loss Prevention (DLP)
DLP encrypts and obfuscates sensitive data and prevents it from leaving the confines of approved corporate network resources. It monitors data at rest, data in use, and data in transit by identifying, classifying, and tagging the information. Built on rules and policies inside of a centralized management framework, DLP automatically triggers actions — such as alerting, encryption, or even purging data – to maintain system integrity.
DLP addresses three critical objectives: personal information protection, intellectual property protection, and data visibility.
The first, personal information protection, is a fundamental component of prominent regulatory compliance frameworks, including the European Union’s General Data Protection Regulations (GDPR), the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLBA), the Payment Card Industry Data Security Standard (PCI-DSS), and many more.
Because protecting personally identifiable information (PII) forms the basis of these government regulations, DLP is helpful on two fronts: It actually protects the PII in question and it provides compliance teams with the visibility and reporting capabilities required by auditors.
Endpoint Detection and Response (EDR)
EDR solutions also deliver on three critical points: endpoint data collection, anomaly detection, and analysis.
EDR systems pick up indicators of compromise (IoCs) on endpoints and are helpful in identifying threat techniques and blocking attacks. Built-in alerting and forensics capabilities keep staff informed in real-time while providing critical context about events. Many systems also help security teams discover potentially compromised endpoints and devices with “trace back” capabilities.
Next-Generation Firewalls (NGFW)
NGFWs retain the same purpose as their stateful inspection forebears – to consistently protect users, data and network resources from attack – but their integrated and powerful inspection, defense and prevention capabilities now dwarf those devices released just a generation ago.
TechTarget, a technology content and marketing company, sums up the features of NGFWs this way: “NGFWs combine many of the capabilities of traditional firewalls — including packet filtering, network address translation (NAT) and port address translation (PAT), URL blocking, and virtual private networks (VPNs) — with quality of service (QoS) functionality and other features that are not found in traditional firewalls. These include intrusion prevention, SSL and SSH inspection, deep-packet inspection, and reputation-based malware detection, as well as application awareness.”
Available as either physical or virtual appliances – or even delivered via the cloud as a SASE solution – now-ubiquitous NGFWs are core to every security architecture. No longer relegated to simple port and protocol inspection of north-south network traffic to detect malware or miscreants, NGFWs supply critical capabilities for establishing and supporting a comprehensive Zero Trust security strategy.
They allow security administrators to create and automatically enforce granular controls for what users and devices are able to do or access; enable microsegmentation of network and application flows to limit damage in the event of a breach; integrate with and boost the efficacy of 3rd party threat-intelligence solutions and technologies like SD-WAN; and — oh yes — they detect and prevent advanced threats stemming from malware, phishing, and other vulnerability exploits like buffer overflows, port scans and command-and-control maneuvers.
Secure Your Future
By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP — One of the first things you must do as a network or systems administrator is document. Oh, Documentation! The bane of IT professionals everywhere. In our harried work lives, it is a tedious, time-consuming process. Most people prefer to avoid documentation. But, when it is…
By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP — Zero Trust is a philosophy, a journey. No one manufacturer or security product will get you where you’re going. It will take all of your technologies, and likely some new ones, to arrive at a Zero Trust architecture. Trust is dead, long live trust! Zero…
By Collin Miller, Director of Cloud Security — Given the emergency brought on by rapid spread of COVID-19, many businesses have been shut down or are transitioning to telework to comply with public health measures. However, for the group of organizations that make up our critical infrastructure, shutting down is not an option. Critical infrastructure…