Brought to you by Keysight Technologies
By Dr Mark Pierpoint
As more of the world operates in digital spaces, we gain new capabilities and value, but we’re also exposed to many new vulnerabilities. Lapses in cybersecurity have consequences, and the costs of a breach may be measured in terms of lost business, lost credibility, or even loss of life.
Four concepts will help achieve the ultimate end result security professionals seek: keeping everything working while keeping everything secure. The first two ideas, organisational resilience and preparation, are general purpose, while the second two, security visibility and security auditing, are more specific.
Everyone and everything, connected
Across the world, many perpetrators are trying to pull off ever-more sophisticated attacks. Their goal is to disrupt the lives, businesses, or governments of their victims and, increasingly, extract payment not to.
It’s also safe to say they love the opportunities presented by the longstanding vision of “everyone and everything, connected.” On the positive side, the value of this idea is amplified by the lessons we’ve learned during the pandemic: connectivity is essential to consumers, enterprises, and governments.
Today, users have higher expectations—for instant access, zero lag, and constant availability. In fact, recent surveys have shown that end users are more concerned about 100-per cent availability than they are about security.
Everyone and everything, protected?
When our devices and service providers can deliver on the notion of pervasive, seamless, and dependable connectivity, it delivers tremendous benefits—but this is a double-edged sword. The dark side of pervasive connectivity is a rapidly expanding attack surface. More access by more users and more devices creates a seemingly infinite number of potential entry points.
As a result, severe vulnerabilities are possible within communications networks, defence systems, industrial IoT deployments, connected cars, and more. With virtualised networks, open APIs, mandatory interoperability, and massive Linux use, many crucial technologies add to the risks.
And then there’s the data: individuals, companies, and governments are generating massive amounts of high-value data. While stricter regulations have escalated the penalties for exposure of private information, this does not seem to have slowed the exposure rate.
All of this poses the crucial question: How well are everyone and everything protected?
Everything working, everything secure
At Keysight, we’ve spent a lot of time talking with our customers about these issues. And while it’s easy to get lost in the details, we can step back and clearly state the real goal: keeping everything working while keeping everything more secure. Thus, the ultimate measure of success is keeping your core business running while keeping everyone and everything safe.
Day to day, keeping everything secure depends on your tools and your perspective. Let me offer an analogy. A thermal image of a well-constructed house could easily represent your network. You can certainly use a leaky house for its intended purpose, but you may not be fully aware of all the trouble spots that are allowing heat to escape.
You might not be able to stop 100 per cent of the loss, but you can do something. As a starting point, an experienced structural engineer, equipped with the right tools, can quickly assess the situation and make recommendations that will make your house a more comfortable place to live and save you money.
Two general recommendations
A variety of vendors, including Keysight, can do the same for you and your network. Four key recommendations will help you prepare for the capabilities they offer. Two are general and strategic, namely resilience and preparation. The other two are specific and tactical: security visibility and security auditing.
In the face of present and future realities, unprepared organisations will be increasingly brittle. The durable alternative is resilience. The key success factors for resilience are mindset and action.
The mindset is realistic and pragmatic: assume you have been and will be attacked. Further, we suggest that you gear up for “time-critical response” as your standard approach. Action plans should accelerate progress from detect, assess, remediate and recover. Staying ahead depends on continuously learning and adjusting.
The foundation of resilience is preparation. One basic framework is probably familiar: people, product, process, and tools. For your people, training and readiness are, of course, essential. Beyond training, security competitions adopted from the military prevent your practice sessions from becoming predictable and boring.
On the product side, the percentage of security failures caused by configuration errors continues to be in the range of 90 per cent—but testing dramatically reduces that number. As staffing is maintained, even as the risks and exposures climb, process improvements and automated tools enhance the speed of detection and response.
Two specific recommendations
While that four-part framework may be familiar, there are many tools, all of which profess to solve your problems. The right tools make a material difference to resilience and preparation:
– Completeness of coverage has both qualitative and quantitative aspects.
– Security visibility needs to be north, south, east, west, and into the farthest and darkest reaches of your network.
– Security auditing is the process of pressure testing your network.
As a final point, new solutions should be easy to integrate with your existing tools, ideally simplifying your processes at the same time.
Let’s take a closer look and visibility and auditing, which are the specific recommendations. Visibility takes us back to the thermal image of the leaky house. The right tools provide a greater level of visibility as to where the heat is leaking out.
The same is true for your network. If you don’t know what data is traversing your network, which application is running, and who’s talking, then you simply don’t know your own network.
That’s where visibility solutions come in. Whether it’s a cloud or a physical network, these can provide a variety of useful perspectives: intelligently tap traffic to be analysed; or intelligently shepherd some, or all traffic, to next-generation firewalls, data loss prevention solutions, or sandboxes.
Some visibility solutions can also create critical metadata about the traffic, reducing visibility overhead: Who’s talking on the network? Where are they originating from? What applications? Which browser?
In other words, visibility capabilities can provide everything a security engineer needs to know in order to detect, find, assess, and make a decision.
Security auditing includes pressure testing of your network using thorough and realistic simulation of the harshest possible conditions it may face. It also includes safe, self-directed attacks.
Security operations, or “SecOps,” is a collaborative effort between information technology (IT) security and operations teams. The focus is on integrating tools, processes, and technology to meet the collective goal of keeping the organization secure while reducing risk and improving agility.
SecOps tools called threat simulators let you hack yourself—before hackers do. For example, breach-and-attack platforms such as Keysight’s Threat Simulator enable you to safely simulate attacks on your production network, identify gaps in coverage, and remediate potential vulnerabilities before attackers can exploit them.
The Measure of Success
Moving forward, our increasingly connected world demands new security tactics. The foundational elements are preparation, resilience, visibility, and pressure testing. These set you up to meet the ultimate measure of success: keeping everything working while keeping everything more secure.
Mark Pierpoint is president of Keysight’s network applications and security business, which provides network test and visibility solutions for validating, optimising, and securing network solutions and services.