Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to avoid being the next Yahoo

Ryan Francis | Oct. 18, 2016
What questions should the CIO/CISO be asking network architects to stay secure.

What are the red flags?

The network is not segmented—the internal network is trusted and we rely on a hardened perimeter.

How does this segmentation protect our critical/regulated applications and data?

Why is this important?

Do the teams believe that the current approach to network security provides sufficient protection for the critical/regulated applications and data and are they able to back that up. Controls should stand up to internal/external audit and levels compliance should be readily available.

What would we expect the answer to be?

System administrators should know how these systems are protected from other network zones and geographical regions. How granular— such as microsegementation—how effective and how application aware the measures are should be well understood.

What are the red flags?

None or minimal segmentation between internal network zones, geographical regions and critical/regulated applications and data is an issue.

How does this segmentation and associated controls reduce the opportunity for an attacker to laterally move within our environments?

Why is this important?

The blueprint for data breach is to get in and move around and find valuable assets and data, much of which is unstructured and highly distributed. Once in a “trusted” network, adversaries can go anywhere and potentially compromise/access more and more systems leading to a domino effect.

What would we expect the answer to be?

We would want the controls to allow measures to restrict communication between authorized systems only and to reduce the attack surface available to an attacker exploiting common protocol vulnerabilities. They should also prevent protocol hijacking of existing connections (stateful) or be able to prevent control disablement (the agent problem).

What are the red flags?

There is no clear understanding of how hacker can compromise networks via unassuming devices.

How can these controls be used to better mitigate vulnerabilities in our systems?

Why is this important?

It isn’t always possible to patch every system or retire every vulnerable platform. In these cases it is necessary to bring in independent control to mitigate the risk.

What would we expect the answer to be?

We would want to see distributed security platform that provides the capability to rapidly deploy application aware controls to help protect vulnerable workloads until they can be remediated. Traditional deployments wouldn't be able to apply controls  with the required level of granularity or proximity to the workload to be effective.

What are the red flags?

There are no control points where we could apply controls. We don’t have an inventory to work from.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.