Everything Connected, Everything Protected?
Cybersecurity was front and center at Keysight World 2021. During the event, Keysight’s head of network applications and solutions, Dr. Mark Pierpoint, delivered a keynote about security in a connected world.
After describing some of the growing cyber vulnerabilities resulting from a more connected world, he discussed how our increasing dependency on computer systems and mobile devices creates more opportunities for information misuse, theft, and ransomware scams. Lapses in cybersecurity have consequences, and the costs of a breach may be measured in terms of lost business, lost credibility, or even loss of life.
Mark also explained that the connected world trend empowers perpetrators, who love the opportunities presented by the longstanding vision of connecting everyone and everything.
“Across the world, many perpetrators are trying to pull off ever-more sophisticated attacks,” he said. “Their goal is to disrupt the lives, businesses, or governments of their victims and, increasingly, extract payment not to.”
Across the world, many perpetrators are trying to pull off ever-more sophisticated attacks. Their goal is to disrupt the lives, businesses, or governments of their victims and, increasingly, extract payment not to.
Despite the risks, connectivity has become essential to consumers, enterprises, and governments during the COVID pandemic, and we don’t expect that trend to change. Users also developed higher expectations for instant access, zero lag, and constant availability. Recent surveys have shown that end users are more concerned about 100-percent availability than security.
“When our devices and service providers can deliver on the notion of pervasive, seamless, and dependable connectivity, it delivers tremendous benefits—but this is a double-edged sword,” said Mark.
This article will break down strategies and tactics for keeping everything working while keeping everything secure.
Framing the Situation
The dark side of pervasive connectivity is a rapidly expanding attack surface. More access by more users and more devices creates a seemingly infinite number of potential entry points. As a result, severe vulnerabilities are possible within communications networks, defense systems, industrial IoT deployments, connected cars, and more. In addition, many crucial technologies add to the risks with virtualized networks, open APIs, mandatory interoperability, and massive LINUX use.
From a data perspective, individuals, companies, and governments are generating massive amounts of high-value data. While stricter regulations have escalated the penalties for exposure of private information, this does not seem to have slowed the exposure rate.
Mark offered an analogy to help frame the situation. He described a thermal image of a well-constructed house and said that could represent your network. You can certainly use a leaky house for its intended purpose, but you may not be fully aware of all the trouble spots that are allowing heat to escape. You might not be able to stop 100 percent of the loss, but you can do something. As a starting point, an experienced structural engineer, equipped with the right tools, can quickly assess the situation and make recommendations that will make your house a more comfortable place to live and save you money.
He presented four guidelines for keeping your core business running while keeping everyone and everything safe.
1. Cultivate a Resilient Mindset
The expanding attack surface and data exposure will reveal unprepared organizations as increasingly brittle and inadequate. Mark explained that the durable alternative is resilience.
“The key success factors for resilience are mindset and action,” he said. “The mindset is realistic and pragmatic: assume you have been and will be attacked.”
The key success factors for resilience are mindset and action. The mindset is realistic and pragmatic: assume you have been and will be attacked.
He also suggested that you gear up for “time-critical response” as your standard approach. Action plans should accelerate progress from detect, assess, remediate, and recover. Staying ahead depends on continuously learning and adjusting.
2. Lay a Foundation for Resilience
Preparation is the foundation of resilience: people, products, processes, and tools. People need training and a clear idea of what a time-critical response does or does not include. As a part of regular training, there are some great approaches the military has utilized, such as security competitions, that will prevent these essential practice sessions from becoming predictable and boring.
“On the product side, the percentage of security failures caused by configuration errors continues to be in the range of 90 percent—but testing dramatically reduces that number,” said Mark. “As staffing is maintained, even as the risks and exposures climb, process improvements and automated tools enhance the speed of detection and response.”
He also shared the following key attributes to look for when selecting the right tools:
- Completeness of coverage has both qualitative and quantitative aspects.
- Security visibility needs to be north, south, east, west, and into the farthest and darkest reaches of your network.
- Security auditing is the process of pressure testing your network.
In addition, new solutions should be easy to integrate with your existing tools, ideally simplifying your processes simultaneously.
3. Get Greater Visibility
Visibility takes us back to the thermal image of the leaky house. The right tools provide a greater level of visibility as to where the heat is leaking out. The same is true for your network. If you don’t know what data is traversing your network, which application is running, and who’s talking, then you don’t know your own network.
That’s where visibility solutions come in. Whether it’s a cloud or a physical network, these can provide a variety of useful perspectives: intelligently tap traffic to be analyzed; or intelligently shepherd some, or all traffic, to next-generation firewalls, data loss prevention solutions, or sandboxes. Visibility capabilities can provide everything a security engineer needs to know to detect, find, assess, and make a decision.
4. Audit Your Security
Security auditing includes pressure testing your network using a thorough and realistic simulation of the harshest possible conditions it may face. It also consists of safe, self-directed attacks.
“Security operations, or “SecOps,” is a collaborative effort between information technology (IT) security and operations teams,” said Mark. “The focus is on integrating tools, processes, and technology to meet the collective goal of keeping the organization secure while reducing risk and improving agility.”
The focus is on integrating tools, processes, and technology to meet the collective goal of keeping the organization secure while reducing risk and improving agility.
SecOps tools called threat simulators let you hack yourself—before hackers do. For example, breach-and-attack platforms such as Keysight’s Threat Simulator enable you to safely simulate attacks on your production network, identify gaps in coverage, and remediate potential vulnerabilities before attackers can exploit them.
Measuring Success
Moving forward, our increasingly connected world demands new security tactics. The foundational elements are preparation, resilience, visibility, and pressure testing. These set you up to meet the ultimate measure of success: keeping everything working while keeping everything more secure.