Network security can’t be a passive thing. Those who want into your network are constantly figuring out new ways to get there. If you’ve read this blog for any length of time, that should be a somewhat familiar message. And if that message feels familiar, so should this one. Because hackers are evolving their methods of attacking your networks then you need to be evolving your methods of defending yourself from them.
One of the best ways to do that is through education, and not just on new devices coming to the market, but by making sure you are familiar with emerging concepts and ideas.
With that in mind, we have four definitions and concepts you need to be familiar with for the new year.
We have spent years teaching people how to build strong passwords. The problem is we’ve been doing it wrong. We’ve told them that they need to use complicated combinations of letters, numbers and symbols that are hard to remember but relatively easy for a computer to crack.
What we should be encouraging instead are passphrases, strings of three and four random words that the user can easily remember but are infinitely harder for a computer to guess. We encourage their use by retraining our employs about what a strong password looks like then using updated algorithms that help determine if what employees are using is actually strong.
Admittedly, visibility is a word that might start to lose a little bit of meaning due to it being just about everywhere. Almost every network security vendor mentions it at some point. The idea is that you need to have (automated) eyes on your servers, your endpoints, your switches and on the wire. What this feels like to us is the new way to talk about layered security, something that’s still a must-have but a term that has become a bit dated.
Heuristics and Machine Learning
These technical terms have been usurped by marketing departments to create blingy copy for all manner of network security companies, but the general idea is this: Based on measurable observations of a computer’s or program’s behavior, you can use algorithms to predict whether that behavior is malicious or not. If it is, you then do something to stop it. This varies from traditional security methods like firewall rules (which are simply ‘yes’ and ‘no’ policy-based decisions) and signature-based tools (which identify malicious traffic based on previously observed markers). Both of these traditional methods are passive. They rely on something to have happened. Using these newer techniques, security becomes more proactive.
Why is important to know these concepts? Because there are a lot of products out there touting their use of heuristics and machine learning. You need to be able to separate the hype from the reality.
Ok, not a new term. We’ll admit that. But it’s not just the new ideas and concepts that are relevant to security. We can get a little bit caught in the shiny stuff, those things that we’ve never seen before. But keep in mind that 44 percent of breaches in 2014 came from old, unpatched vulnerabilities. The basics of network security are still important. Updated software. Strong passwords (or, better, passphrases). Smart and aware people. Those things have to be in place whether you have the newest devices or not.