#InfosecurityOnline: Utilizing Automation in New Security Architecture
The shift to cloud networks and a wider attack surface brought about by new working practices during the COVID-19 pandemic have made traditional security strategies unfit for purpose, according to Steven Tee, principal solutions architect at Infoblox, speaking during a session at the Infosecurity Online event.
He made the case that there needs to be much greater use of automated tools such as machine learning to effectively detect and combat cyber-attacks in the current age.
Tee began by outlining the alarming increase and impact of cybercrime over recent years. “Cybercrime is a problem that either directly or indirectly affects everyone,” he said. He noted that the average cost of a data breach in 2019 was almost $4m.
This is linked to substantial changes in network architectures, which have been heavily exacerbated by the shift to remote working during COVID-19. These include the growing implementation of cloud systems and use of IoT devices, which are expanding the attack surface area and largely rendering the traditional perimeter security model redundant.
Tee said: “With the adoption of cloud, SD-WAN, work from home and the massively increased attack surface, we’re ever more reliant on next-generation technologies such as analytics and machine learning that can study behavior over time and make decisions in real time.”
In Tee’s view, the main barrier to implementing such measures on a widescale basis is not a lack of tools and technologies, but rather a shortage of skilled personnel and resources to use them effectively. “In conjunction with a global skills shortage, it’s not uncommon for enterprises to own tools without the in-house knowledge required to effectively use them,” he added.
Another issue is that personnel involved in an organization’s cybersecurity often work in silos, such as between tech and network teams and vendors. Tee commented: “All of this makes security and incident response efforts harder due to manual, inefficient and untimely data sharing, wasting time and resources.”
In order to address these kinds of issues, especially at a time where budgets are being reduced, Tee firstly recommended the use of security frameworks. “Frameworks allow teams to follow a tried and trusted process of securing their networks and dealing with threats using a common language,” he explained.
Ensuring visibility across all security frameworks through automated technology is also critical across teams. Tee said: “Quite simply, if you don’t know what’s on a network, then you can’t effectively decide policy and tools to adequately protect them.” In addition, security alerts and threat intelligence are insufficient without this visibility being in place.
Tee then went on to discuss the importance of organizations adequately protecting DNS protocols. He noted that most malware relies on DNS to launch attacks “using it at every stage, from penetration to infection to exfiltration. He added that “it’s one of the only protocols in widespread use today that has not been secured.”
Organizations should therefore focus on technology that mitigates the DNS layer to prevent these bad connections, before automatically sharing this information with other security tools such as next generation firewalls.
Protecting against data exfiltration over DNS is also critical, according to Tee, as they “can be used as a covert communication channel to bypass firewalls.” To do so, again machine learning and analytics must be utilized in order to discover whether lookups are legitimate or not.
Tee concluded by saying how effective use of machine learning and data analytics “leads to the ability to detect, contain and remediate threats faster.”