If you’ve watched TV at all over the last few months you’ve no doubt seen the commercial from IBM regarding network security. The set up is a series of fake newscasts reporting that a large company didn’t have a data breach.
It’s clearly a dig at all of those high profile data breaches we’ve seen over the last year or two. And, honestly, it’s good for a chuckle. It’s also a message that probably plays very well with executives in the C-suite. IBM is offering network protection. Nobody at the executive level wants to hear that the company they are hiring to protect their network probably can’t actually do that with absolute certainty, so why would you admit that in an advertisement?
But, really, that’s the reality. When looking to protect your network, you can’t operate like you’ve built – or a vendor has built – an unbreachable wall. They don’t exist. You can build it higher. You can make it thicker. But someone at some point will figure out a way over it, under it or through it.
Acknowledging this is called the assume-breach mentality, and it’s the mindset that any smart network engineer is going to have. Assuming that you will be breached at some point, if you haven’t been already, lets you focus on building reliable backups and creating a solid plan for disaster recovery. It’s what keeps you from losing days just trying to rebuild a breached network.
Create Visibility Across the Network
The key to “Assume Breach” and network security is visibility across the entire network.
Yes, that’s becoming an overused word, but visibility on the network is really the key. You can’t just say, “OK, I’ve got a hundred desktops, I know how to protect them. I deploy anti virus, and I’m good to go.” That’s 12-years-ago thinking. Really, you have to have visibility not just where traffic comes into your network, but what happens with that traffic once it’s inside the network.
Sometimes traffic coming in can look legitimate. It may be someone logging in with legitimate credentials, but where that account typically accesses information in the area of the network assigned to Human Resources, this time it’s taken a detour and is now, suspiciously, accessing financial files.
Or maybe there’s a sudden reversal in traffic. An area of the network that used to take in traffic is suddenly sending it out.
Visibility Comes from Layered Security
Building visibility starts with layered security. That’s an IPS and firewall at the perimeter. It’s a web filter or proxy service to monitor users’ web traffic. It’s antivirus protection at the endpoints. And for all the area in-between, it’s switches and tools that can watch the data move around. Maybe that’s a Security Incident and Event Management device, or SIEM, that gathers log information from across the network and makes that data available for analysis all in one spot.
This type of layered security is only going to become more important as the traditional idea of a network, and what constitutes its edges, begin to change. The traditional definition of an end point is getting fuzzy; it’s no longer the desktop computer in an office somewhere. It could just as easily be a smartphone sitting in someone’s pocket or a tablet tossed quickly into a briefcase.
And it’s this expansion of the network and the blurring of its edges that’s making it infinitely harder to protect, and it’s why we believe all businesses should be operating with an assume breach mentality. That means that you should be building security and backups with the assumption that at some point you will be breached if you haven’t been already.
What all of this adds up to is that, sure, you can tell the C-suite what it wants to hear: No breaches. But make sure that you are still working behind the scenes to make sure that when it does happen – and it will if it hasn’t already – you’re prepared.