«Security Perimeter v2.0» concept

According to a study by Ernst & Young, the number of attacks on the organization is growing, and now reaches an average of 135 attacks a year. Just imagine that you are attacked almost every two days.

 

The latest sensational attack by hackers was conducted by our countrymen, a group from Ukraine. In March Anonymous Ukraine published in the Internet more than 7 million. Records confidential data, thus protesting against financial companies. Were hacked, including 3255663 card systems Visa, 1778749 records MasterCard, Discover, and 362132 records 668,279 - American Express.

According to results of the last few years of investigations, became clear that cybercriminals organized a global business that hires, provides equipment and sends hacker attacks on financial institutions and individual users. As long as there is demand - there is a proposal that still justifies the laws of the market economy.

Exploits such as MITMO (Man in the Mobile), which can be installed on more and more "advanced" smart phones, or building networks are becoming a huge threat due to their high prevalence, exceeding even the number of PCs in some countries. Multi-level authentication, considered earlier maximum protection, today defeated before the Trojans, exposing users attacks «man-in-the-browser», which are aimed at bank accounts.

The evolution of threats, and their focus on the critical point for the companies data affect the changes in the approach to information security. The role of the security officer had changed.

The role of the head of information security for a long time was determined by using the latest security technology. Yes, of course, technology is now playing a major role in the business, but the selection and use decisions - is only part of the information security problems. In addition, today, the head of information security part is in a quandary. On the one hand, he is responsible for limiting the spread of confidential information, on the other hand, the director of the IT department is encouraged to create the conditions of providing this information to all employees. Information previously stored in one place, now in motion, constantly coming out, or falls within the organization's network. Perimeter security controlled area and became blurred and, in fact, can be anywhere in the world. In these circumstances, the security officer of the subject turns to the expert advisor and strategist for the construction of a comprehensive policy in the field of security issues.

Modern attacks are increasingly successful because the attackers more systematic in their work than the defenders. Attacks are usually preceded by intelligence to detect possible gaps for the invasion. Once the attackers are making the first success, "automatic" attack (self-propagating) act on the "worm-like" principle, while an experienced opponent can get other opportunities for future attacks.

To the current time on the enterprises mainly was used the traditional approach to security: protection system located separately in each of the blocks network, there was no communication and synchronization between systems security event sources were located locally. Protection of the network was based on the principle of identifying potential threats or breaches of security and the use of instruments of protection against them.

What do companies need to change to be proactive in ensuring information security?

Of course – change a approach to the construction of a network of protected perimeters. Funds used only to restrict access to corporate information from outside is not enough. At the same time, there is no single class of systems that can protect you from all possible threats.

The diagram below you can see the concept we developed a secure Internet access, called «Security Perimeter v2.0».

Most of the threats arecoming from the Internet, that is why there a majority of tools and instruments for the protection of the network. Of course, the construction of protection, we must use the best solutions on the market, and unfortunately or fortunately, they are based on the equipment of different manufacturers, which complicates the implementation of such decisions.

The usage of an architectural approach involves, first of all, the full integration of all security instruments, their prioritization, the primary analysis, the possibility of a rapid response to emerging threats and constant awareness of the presence of hazardous activities, both inside and outside the controlled perimeter.

Information security staff should receive information about events throughout the network, to be able to auto-correlation between them, the time and place of occurrence, which will help to pinpoint the causes and consequences of occurrence of attacks.

Well, if you have a large staff of experienced and qualified professionals. Even better, if you have the time to carry out investigations of incidents and timely response to them. But in most organizations, employee IS overloaded, it is looking for ways and tools to facilitate their work, to free up time for other tasks that require his direct involvement.

A key component of the developed concept - a SIEM-system. 

Source: ko.com.ua