The news is flooded with updates regarding the COVID-19 vaccine. Cyberattacks are targeting the vaccine supply chain. Phishing attacks are exploiting sign-ups for the vaccine. There are even attacks to get access to vaccine data. Sounds a lot like our enterprises every day! We’re all learning about human immunology from the headlines, but what are the equivalent defenses for our networks? How do we achieve resilience at scale, when we don’t really have a network immune system?
There is a lot we can learn from the COVID-19 pandemic. First, we start with cyber hygiene – the online equivalent of hand washing. Are we doing the basics – following basic hardening guides? At scale? All the time? It’s one thing to publish a policy about cyber hygiene, it’s quite another to get a large-scale organization to follow all the recommendations. Do we even know about every asset that has to go through some hygiene checks? If we don’t have a complete inventory, how can we have complete compliance even with the most basic rules? Just because you can’t easily see under your fridge doesn’t mean it’s all nice and tidy under there! As the public health professionals fighting the pandemic can tell you, it’s important to go back to basics, and keep repeating clear messages, if you want to see real shifts in behavior across the organization.
Next, we need to design our networks to limit the spread of inevitable future attacks. In the physical world, we call this social distancing. It’s an effective way to slow a pandemic down by reducing its ability to spread, and much the same idea works for cyberattacks. That said, we know it won’t do any good to space online assets far apart, since the Internet connects everything eventually. Still, we can segment or isolate assets to slow or prevent the spread of an attack. Microsegmentation is our equivalent to social distancing. It’s not easy to do – it gives you more complex control points to monitor — but automation can help. If you can describe which access you expect, or even better, what kinds of access should not be allowed, you can use software to validate that you have the network “social distancing” that you need.
And let’s not forget about monitoring lateral movement, which is similar to the real-world task we call contact tracing. To track the spread of a cyberattack, and better yet to get ahead of it before it does more damage, we’ll need to have planned ahead. That means we need to build up a map, in advance, showing all our assets, so that defenders can understand how attacks propagate and spread. By minimizing lateral movement, or the spread of an attack, we can flatten the infection curve.
For more details around each of these areas, Dr. Mike Lloyd, Chief Technology Officer from RedSeal, joined Enterprise Security Weekly. Dr. Mike, a former epidemiologist, studied the spread of disease and now its parallels to cybersecurity. He applies his research at RedSeal to help defenders improve their skills as the network’s equivalent of an immune system, preparing to fend off the various nasty invaders that will eventually get in.
RedSeal automates the foundational activities like continually visualizing your entire hybrid data center – your public cloud, private cloud, and physical network. RedSeal’s cloud security solution shows what’s on your network, how it’s connected and the associated risk. Use RedSeal to:
- Accurately locate resources and vulnerabilities unintentionally exposed to the internet across all network environments.
- Interpret access controls across cloud native and third-party virtual firewalls.
- Validate network segmentation policies automatically. Continuously verify that you’re in compliance with policies and regulations.