Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/31/2020
10:00 AM
Dr. Mike Lloyd
Dr. Mike Lloyd
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Ways Social Distancing Can Strengthen Your Network

Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.

We all know the role social distancing plays in combating COVID-19. Most people also understand why this is our primary line of defense; it's about slowing down the progress of the disease to prevent our healthcare defenders from being overwhelmed. Today's network security teams live in a similar shifting landscape and need to apply these same ideas to avoid getting overwhelmed. Here are three tactics to help "social distance" your network.

Tactic 1: Focus on Flare-ups
Networks bring a lot of value into our lives, but along with the value we get a lot of built-in complexity. As a result, network defense is complicated, whether your network is for commerce, healthcare, military use, or something else. All networks share one thing in common: the accumulation of complex, interacting parts. As a network grows, the number of things that can interact goes up very fast — quadratically fast. If your network doubles, the number of possible interactions goes up four times. At this rate, networks rapidly outstrip our ability to keep track of them and find problems.

Public health officials face a similar problem when combating a virus. On a planet with billions of people, it's impossible to accurately determine how many people have the disease. Instead, to protect as many people as possible, health officials focus on identifying symptoms and containing flare-ups.

Tactic 2: Without a Magic Bullet, Operate Wisely
With a pandemic, social distancing is a practical step we can take to save lives. Unfortunately, distancing is even more difficult in online security. When it's people versus a virus, people can change their behavior faster and more intelligently than the bug can evolve. The online world pits people against people, where the adversaries are clever and motivated. Tactics keep shifting, new vulnerabilities are continually discovered, and the rules for defense never settle down. This means our countermeasures must keep changing too. What was considered decent security yesterday is routinely out of date today.

It's no wonder that we have to plan for how we will handle breaches and how we'll quickly recover from them. Despite how security vendors behaved for years, perfect prevention is not an option you can buy off of a shelf. We must build security on the assumption that someone is going to get into some part of our infrastructure in the same way that we can't rely on travel constraints to keep a virus out. Social distancing has become the most important lesson to carry from the pandemic into online security.

Tactic 3: Quarantine or Zero Trust Is Not the Answer
Completely disconnecting from the outside world is not the answer to social distancing. Networks across all industries — from banking and finance to military, healthcare, and industrial operations — need to connect to perform their functions and deliver value and efficiencies. People also rely on connections, including social, emotional, and professional. For both networks and society, there will always be a risk of something nasty getting inside. The point of social distancing for your network is not to stop all contact with the outside. It's to increase the gaps between systems internally. Since we can't isolate our networks, we have to deal with internal segmentation, which intentionally keeps separate things separate.

Modern computing allows software to be run with wild abandon, sharing virtual machines and containers on limited physical resources. At first, IT shops saw this as a great advantage, giving them the ability to make one computer do the job of five and to reallocate inefficiently used resources to places where they can make a difference. Security personnel see it like public health personnel might: We know interactions — between networks or people — are necessary. So we manage the risk by asking for reasonable accommodations to a dangerous world. This compromise results in social distancing and network segmentation.

People don't like wearing masks and staying apart, and IT teams don't like limits placed on where they can run things. Security professionals must make the risks clear and avoid being too inflexible. An organization may have an innovative, cloud-first development team using cutting-edge tools. But while we don't want to remove their freedom to work quickly, we can require that they keep their fast-moving experiments in a confined cloud footprint, away from other operations that work at different speeds or face different regulatory requirements.

There are important security lessons we can take from the current pandemic to make modern hybrid business networks stronger and more resilient. We must prepare for events that haven't happened yet. And we must think about how to slow down spread by building in separation between different fast-changing areas.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dr. Mike Lloyd is CTO of cyber terrain mapping company RedSeal. Dr. Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.