Page 228 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 228

What is causing the perimeter to vanish?

            As the organizational network expands, the number of devices located outside its perimeter increases.
            Organizations  are  increasingly  migrating  to  the  cloud  and  adopting  software-as-a-service  (SaaS)
            products  for  business  continuity,  cost  efficiencies  and  digital  transformation  initiatives,  making  it
            extremely  difficult  to  manage  endpoint  security  and  monitor  all  user  activity.  The  network  perimeter
            protected the on-premise data centers and corporate resources, which are now easily accessible through
            unmonitored  private  networks.  Hybrid  data  models  where  data  is  stored  on-premises  partially  and
            partially on the cloud make it difficult to enforce access controls around the network boundary. The rise
            in the number of IoT devices has resulted in poor security management.



            Challenges associated with perimeter-based security models

               •  The insider risk: When an insider is planning a malicious activity, there isn't any need for intruding
                   on the trusted network. The traditional perimeter-based model is not sufficient to deal with this
                   type of risk. Insider threats are difficult to defend as they have an added advantage of being
                   familiar with the organization's security structure. The level of visibility and granularity required to
                   mitigate insider threats cannot be fulfilled through traditional methods.




               •  Policy gaps: Certain business-critical data gets stored in two different systems using different
                   levels of access policies, and such instances often get unnoticed by security teams. External
                   attackers exploit these gaps between different policies or enforcement that apply to the same
                   asset. They leverage outdated policies or flawed authentication methods to break the perimeter.



               •  Vulnerable  Endpoints: Vulnerable  endpoints  or  software  that  contain  security  flaws  can  be
                   exploited  by  attackers.  Endpoints  should  be  monitored  and  updated  regularly.  Every  device
                   connected to a private network can be a potential threat surface for attackers to execute code
                   and exploit vulnerabilities. These threat surfaces are sometimes used to gain access to business-
                   critical resources or hold hostage and steal sensitive information. This can be a security nightmare
                   for the enterprise.




               •  Dynamic Workloads: Most workloads are now either deployed on virtual machines or container
                   models,  or cloud  platforms.  Hybrid  cloud  models  allow  workloads  to  be  on  either  side  of the
                   network  boundary  while  allowing  them  to move  around  dynamically  between  on-premise  and
                   cloud data centers. In such cases, obtaining visibility over workloads and creating relevant access
                   policies with the traditional network perimeter model can be challenging.









                                                                                                            228
   223   224   225   226   227   228   229   230   231   232   233