The Network Perimeter Is Dead. So Now What?

Digital transformation is driving wholesale changes in the processes and interactions that power businesses and government organizations.

i
Expanse

Digital transformation is driving wholesale changes in the processes and interactions that power businesses and government organizations. Networks that enable these organizations are more complex than ever before, and this complexity is blurring organizations’ true network perimeter. Remote workers, cloud systems, regional offices, mergers, and acquisitions all add to the rapid global expansion and network sprawl across geographies and IP space.

In this environment, CISOs are trapped between a rock and a hard place. They must enable the technology that drives digital transformation forward, but they are also struggling to rein in the exposures presented by the growth and ephemeral nature of today’s cloud and virtual environments. The growing digital interconnectivity of organizations, suppliers, partners, and customers, plus business process automation, have increased the possibility of Internet-connected assets and services becoming exposed.

However, the challenges that CISOs face today didn’t spring up overnight. They developed over time as a result of the coverage gaps left by traditional security tools and processes that were designed around IT-controlled assets and a known perimeter. The increasing reliance on digital technologies, such as the cloud, mobile, and distributed computing, coupled with growing connectivity has exposed the failure of traditional inside-out security models.

Traditional IT operations and security solutions are incapable of meeting the needs of today’s organizations and their constantly changing Internet attack surfaces. This fact has made catastrophic data breaches routine occurrences among the world’s largest organizations.

A single security flaw on your organization’s attack surface can become an exploited attack vector within minutes. Attackers will target systems that are not under active management or that are most likely to be programmed with default credentials.

For example, most new office buildings have a building automation and control system connected to the Internet that controls things like sprinklers, door locks, smoke alarms, heating and cooling systems, and more. If these controls are managed by a tenant, these systems must be monitored and inventoried. Frequently, this fails to happen. Even the most mature organizations sometimes fall victim to such oversights. An attacker is then able to discover and identify the exposed building control system, and perhaps even move laterally through the network to access more sensitive information. Attacks are sometimes even productized on underground websites selling RDP exposures for as little as $6, complete with a fully automated, e-commerce-driven attack chain.

It is therefore imperative that organizations understand and monitor all of their network and cloud assets, remediate misconfigurations and non-adherence to security policies, and uncover any suspicious communications to Internet-connected assets and services. In order to defend against attacks, organizations need a complete and accurate understanding of their Internet exposures and their associated business risks. The perimeter of old is dead, and this means that only continuous, outside-in, global visibility into all of your assets and services will enable you to protect your organization.

Related:

Copyright © 2019 IDG Communications, Inc.