Steve Whiter, Director, Appurity, speaks about how the changing threat-scape means businesses need to adopt solutions that can secure their data everywhere
The ramifications of COVID for businesses of all sizes, and pretty much all around the world continue. To put it simply, organisations everywhere have had to cope with degrees of remote working. What started for many of us two years ago as enforced working from home (WFH), has been followed by various degrees of hybrid remote working. Whichever flavour organisations adopted, their IT departments faced a number of technology challenges – cybersecurity being chief amongst them.
The good old days of centralised networks managing an almost entirely office-based workforce and clearly defined security perimeters, are long gone. To this end, the traditional on-premises security tools are no longer fit for purpose. In addition, most organisations are well down the digital transformation road which brings in even more security challenges as they deal with a cloud-first environment. It will be interesting to see how the threat-scape develops over the coming year, with a much more interconnected workforce, accessing resources using multiple devices and from a variety of locations. Security gaps will need to be plugged – anything from software supply chain weak spots to data escape and endpoint threat detection.
To deal with the constantly changing threat-scape and the challenges of cloud computing, businesses need to adopt solutions that can secure their data everywhere. Integrated, cloud-delivered security solutions will help to smooth the way but what are some of the technologies to look out for?
Secure Service Edge (SSE)
SSE or also known as SASE (Secure Access Service Edge) is a concept that will allow organisations to say goodbye to centralised data centres. Originally a term coined by Gartner, SASE should be interpreted as an overall framework, not any one single security product or security solution. Think of SASE therefore as a package of technologies (delivered as a service) that gives organisations the power to offer truly secure access to their remote, dynamic and disparate workforce. Some of the more prominent technologies we can expect to find when talking about a secure service edge include CASB (computer access security broker), ZTNA (zero trust network architecture, SWG (secure web gateway) and DRM (digital rights management).
We touched upon the clearly defined network perimeters of yesteryear – these days people are seeking to access an organisation’s network from outside such traditional perimeters. Also, there is a plethora of devices to contend with, many more apps to contend with and myriad traffic types. SASE takes the network and security solutions from outside the traditional data centre and delivers it to ‘the edge’ where you currently find the now much more distributed workforce. Another security improvement we see in this SASE world is the concept of identity-based security – this allows any workforce to work dynamically / remotely on the basis that they can only access those resources they need in order to work productively, efficiently and above all, securely.
User and Entity Behaviour Analytics (UEBA)
In essence, UEBA is machine learning whereby very large datasets are interrogated in order to try and model what are both typical and atypical behaviours of human beings and machines within a specific network. By doing so it allows for another level of defence whereby cyber attacks can be thwarted with the discovery of any security irregularities. All of the underlying analysis using UEBA is to allow security professionals to understand whether certain kinds of activity and behaviour amount to the perfect ingredients for a cyberattack.
Of particular use to security analysts is the fact that UEBA is able to expose any abnormal behaviour in real-time. This speedy response saves valuable time for any security team trying to prevent any potential security threat from turning into an actual breach of any kind. UEBA effectively does the heavy lifting work, automating the analysis of any threats so that only bona fide threats are pushed to the top of the list – this can save an awful lot of valuable time for those usually tasked with such analysis.
Mobile Threat Prevention
Who doesn’t own a smart device these days? Whether it’s a company-issue device or something that falls under a BYOD scheme, the chances are that a very significant proportion of your workforce are ‘working’ to some degree or other via such smart devices. It is therefore very important for organisations to ensure that employees are able to work on any of these devices – multi factor authentication and a Zero Trust approach to security is absolutely essential when protecting against mobile threats.
The threat to mobile security comes from cybercriminals looking to compromise or steal data from mobile devices. Usually, such attacks manifest themselves as malware or spyware, given thieves unauthorised access to a user’s device – without proper mobile threat prevention, the user probably wouldn’t even know that an attack had taken place. Upon gaining access to your smart device, cyberthieves are then able to steal your data, gain access to your contact database and even send phishing messages. If they are also then able to steal login credentials for your network (assuming the user is using the device for work matters) then one single breach on an employee’s device can lead to large massive data leaks for your organisation.
Adopting a Managed Mobility services (MMS) approach is useful here – building the right device with the right security parameters with the appropriate level of compliance for your industry will work wonders.