Taking an expert look at NZ’s enterprise security landscape
For New Zealand organisations across every industry, security has never had such high visibility.
Nor has it required the involvement of personnel from so many different areas of the business in defining a workable security policy.
IT leaders continually face the ongoing issues of shrinking IT budgets, difficulty gaining project funding sign off – not to mention finding the right resources, skills and people. But as the technology portfolio for every organisation expands, so too do the security risks.
Unfortunately, cost reduction and enhanced security functionality don’t tend to go hand in hand and can only be achieved via consolidation.
Adding a myriad of point solutions will not only end in what is classed as “Security Sprawl”, but will likely undo any initially realized savings as a result of the inevitable operational inefficiencies that will occur.
We have witnessed and will continue to see the increased sophistication of security threats and attacks with DDoS (or Distributed Denial of Service), botnets and multi-vector threats becoming more prominent.
These issues are making New Zealand organisations and regulators sit up and take notice. The growing sophistication of targeted attacks makes due diligence and compliance more than just a “nice to have”, and ensuring employee understanding of the risks and security policy is also critical.
In 2012 alone, there were over 200 known critical vulnerabilities in leading applications: 30 in Adobe Reader, 17 in Java, 16 in Microsoft Office, 57 in Adobe Flash, 91 in Firefox and 14 in Internet Explorer.
In this context, “critical” usually means that the vulnerability resulted in remote code execution – in some cases just by a staff member visiting an infected web site.
An example closer to home is Google’s Digital Attack Map, which highlights the need to incorporate a DDoS solution into an enterprise threat prevention strategy. Just this August, Australia was the focus of a serious DDoS attack. The background bandwidth consumed by that attack fluctuated between 100 and 400 GB.
Check Point researched the problem and reported on the breadth and frequency of these attacks on organizations in the 2013 Security Report. The methodology for this research was simple.
We used Check Point products running on 900 customer networks, and listened to those networks for a total of 120,000 hours of monitored traffic, across various industries and 62 countries.
Our research shows that nearly two-thirds of organisations are infected with bots, and that PCs are accessing malicious websites on purpose or under bot control many times a day.
Security Challenges to Pay Attention To
Three of the primary security challenges that I find consistently on the minds of New Zealand’s IT leaders in the current security landscape include:
1. Protecting against the Unknown Unknown
A number of technologies like IPS, Antivirus, Anti-Bot and Anti-Spam form a solid pre-infection and post-infection defense to protect against known attacks , but what about unknown attacks or attack variants?
Cybercriminals use a variety of new and evolving techniques to avoid detection. This presents the challenge of how to prevent infections from undiscovered exploits, zero-day and targeted attacks.
Unknown exposures and zero-day exploits are top attack vectors in today’s network environments, primarily because they have the ability to avoid traditional malware detection – making it difficult for organisations to keep up with the sheer volume of threats.
The best way to mitigate the threat of these unknowns is to implement a multi-layered threat prevention solution, including security technologies that prevent infections from the initial contact, and that block undiscovered malware attacks before they can threaten network security or disturb the flow of business.
Intrusion Prevention Systems (IPS) detect attacks that exploit known vulnerabilities. Network and endpoint antivirus blocks malware downloads from malicious sites. Anti-bot technologies can detect and stop bot damages by identifying bots, their communications targets and patterns, and even bot specific behaviors such as spam generation or click fraud.
An enterprise DDoS solution can mitigate denial of service attacks in seconds, identifying and blocking volumetric, DNS reflection, low and slow attacks, and more.
On top of this, threat emulation employs a virtual sand-box environment that can identify the malicious behavior of variants and unknown attacks before they have a chance to infect and compromise enterprise systems.
2. How to provide access to employees so they can do their job…But not have them spend all day on Facebook
This is a serious concern for organisations – Generation Y employees want to be connected at all times – but it is often difficult to remove this temptation in the work environment.
Additionally, Internet applications have now become essential business tools in the modern enterprise. Tools such as Facebook, Twitter, Webex, LinkedIn, and YouTube to name a few, are becoming more and more prevalent in enterprises that acknowledge them as business enablers.
However, these tools also introduce new risks to the business environment. For instance, a number of useful internet applications have been converted to be used as attack tools against organizations – Applications such as Anonymizers, Peer-to-Peer File Sharing sites, Remote Administrative Tools, File Storage, File Sharing and Social Media have been used by attackers to exploit organizations
Next Generation Firewalls extend the power of the traditional firewall beyond stopping unauthorised access by adding Intrusion Prevention Systems (IPS) and Application Control protections whilst basing access on the individual or their role in the organisation rather than their IP Address.
Choosing the right next generation firewall means looking at access control, authentication, user and machine awareness, application control (controlling access to applications and social network widgets, creating granular security policies based on users or groups to identify, block or limit usage of web applications and widgets like instant messaging, social networking, video streaming, VoIP, games, etc.) and identity awareness.
3. Mobility and BYOD
With the proliferation of mobile devices and BYOD, mobile and document security, as well as associated compliance challenges are top of mind for many IT professionals.
An effective mobile security strategy will focus on protecting corporate information on the multitude of devices that are in use today by implementing proper access controls to information and applications on the go.
Equally important is educating employees about best practices, as the majority of businesses are more concerned with careless employees than cybercriminals.
Mobile security solutions offer enterprise-grade remote access that provide simple, safe and secure connectivity to email, calendar, contacts, and corporate applications over smart phones, tablets and PCs.
The introduction of containerisation on mobile platforms is providing organisations with the ability to allow personal and business data to reside on the same device, while removing the risk of corporate information getting into the wrong hands if the device is stolen or lost.
While there are a number of challenges facing New Zealand organisations and IT leaders, security requires involvement from the ground up.
However, these challenges can be overcome through continuous conversation between key personnel about policy implementation, through employee education, and with technology deployments best suited for your organisation’s needs.
By Hamish Soper, NZ Country Manager, Check Point Software Technologies