The security thought process is broken
I like to walk, it helps me clear my mind. When I’m talking to colleagues or industry peers on the phone, I take a walk. When I’m thinking about a complex problem, I take a walk. The point here really isn’t that I like to walk, it’s just where a lot of my thinking and problem solving happens – as opposed to the porcelain clad apparatus that’s usually referenced as a cliché.
On one of my walks, I was thinking about a conversation I had with my Wife a few years ago. We were watching a show that had some sort of IT/Cyber specialist who was going to do something with a firewall, and I recall saying “That’s not how that works!” as I am sure many tech pros can relate. She asked me “Well, honey, how do firewalls work?”, so I go into an overview of firewalls, their purpose, how they work, and how they’re deployed in an organization.
In many – if not most – small to medium size businesses (SMBs), and even a few larger enterprises, a firewall is the device that separates the open internet – yikes – from the internal network. Now this can be a single device, a group of devices, or an entire security system designed to keep intruders out. Specifically out of the servers, and systems that house the company’s proprietary, customer, or any other sensitive data.
My Wife asks me “But what about the internal users? Shouldn’t the firewall sit between them and the servers too?”
It hit me like a freight train, “Holy crap, you’re right!” It’s almost a universal rule that a company’s technology users are inherently trusted and many with unrestricted access to network resources. In the SMB space, once you’re on the internal network, there’s generally no firewall between you and the servers. This is in part due to IT teams being requested to do more with less. There may also be a lack of resources, proper security practice, or simply resistance from operational and executive leadership to implement the change.
Think about your business IT systems, your intellectual property, finance documents (Balance sheet, P&L sheet, etc), and anything else crucial to your business running. What happens if it falls victim to a ransomware attack? Accidental deletion? Can your business afford to assume the risk of being attacked? What if you didn’t have to worry about it? Would you invest in a solution that can minimize your risk?
One of my former employers was hit with a “crypto-locker” style attack due to this exact scenario. The manufacturing floor had one generic account everyone used to log into, and that account had administrative access to the computers it was used on. It was deemed too cumbersome by the end users to remove admin rights and make users log in with their own user accounts, despite the IT team trying to implement proper security practices. And it was only a matter of time before the inevitable happened. Fortunately, all data was backed up, and the backups were safe, so we were able to restore and get back up and running. We were only down for a day, but the estimated impact of this was approximately $300K-500K in product not shipped that day.
An application layer firewall between your users and your information systems is a good start, as it adds a layer of protection from your users. On a side note, I’m not implying that users are inherently bad, or out to sink your business. Not at all. Your users are your most important customer – they’re the reason your team has work. But users may inadvertently click an attachment, open an email, or do something else that exposes your infrastructure to risk. It’s our job to educate the users on proper security practices. And hey, we also make mistakes so we (the IT team) need failsafe measures in place in the event we - me being a user myself at times – make a mistake, click on a bad link, or do something else that exposes us to risk. The truth is, even a firewall between the users and your information systems may still not be enough to avoid some of these risks.
Is there a way to identify a bad actor before that traffic ever makes it to the user facing firewall?
Enter the security fabric. What is that you ask? The security fabric makes sure that any communication from a user device, guest device, or mobile device - thanks to the advent of BYOD (bring your own device) - gets inspected BEFORE it’s permitted to talk to network resources. If that communication isn’t allowed to talk to a resource, it gets denied. If it matches a known bad pattern, it is discarded, and the host is blocked, a ticket is opened to your IT team, and the issue is remedied before further damage can occur. Most importantly, it can also identify the user the device belongs to so you know who to work with to correct such an event.
Security is crucial to the operation of your business. Your security frameworks needs to address the Confidentiality, Integrity, and Availability of all your internal and external data. That means your data remains confidential when you want it to be, valid when you need it to be, and available when it should be. Anything outside of that, can be considered a breach of security and must be addressed.
Ultraviolet Networks can help you with your security posture needs. For more info, contact us at 321.421.0869 or email@example.com.