How have you secured your network in a perimeter-less context?

Question

Answer

I spent 5 years at Illumio, so I'm a little biased towards micro-segmentation as a security strategy. If you could segment your applications, networks, and endpoints from each other, you should. If you don't have a need to access that web server, then why do you have the ability to access it? So obviously some segmentation is critical.

Answer

I've directed my teams to really secure the endpoint and user. The breaches I've seen are with edge computing, the biggest example being that you get phished and your user’s local endpoint gets compromised. The bad actors have access to it, and depending on your configuration, if the user had local admin rights, now the bad actors can get hold of the network and do all kinds of things by running scripts and PowerShell.

First, separate local admin accounts from normal users and don't allow login using those admin accounts. Then restrict the ability to run scripts so that it’s extremely difficult for bad actors to take control of the endpoint, which has become the source of unauthorized access to the network. Your intrusion detection system (IDS) and your intrusion prevention system (IPS) are going to work. That's not how bad actors are getting in. They're getting in through the endpoint. I'm focused on implementing two-factor authentication and making it hard for intruders.

Take away local admin rights. If they need local admin rights, then create a different ADM account and don't let them log in with those. Disable PowerShell and scripting. If you're going to enable it, make sure you're monitoring it. If you do those things, you're making a breach that much harder and protecting your network because you're securing the number 1 source of breaches. It's never fully secure, but you're increasing the difficulty for intruders.

Answer

The critical thing is the ability to actuate. So from the network standpoint, the internet was built on 4 million IP addresses, IPv4. And now you have IPv6 and all these ads. It's getting huge. No matter what, there has to be something that says at that node, I know who it is in there, what permissions they have and I can lock it down as quickly as possible. You need the zero trust aspect coupled with cognitive AI, and I use cognitive very specifically. Because if a bot's going through a script, it isn't cognitive.

It's doing these steps in that manner. But if there's something that can understand, adapt and interpret, learning as it goes, then you've got people that can see what it's learning to do, and you see the threat factors come back, then you can tune it further and truly scale. I see it as a combination of those two, because the network is absolutely critical. I remember Scott McNealy at Sun saying this in 1992 - There is no privacy, get over it.

Every network node, doesn't matter what it is, has to be secured in that manner. And you have to scale using cognitive AI to handle it. People aren't going to be able to do it themselves, there's no way to scale with humans.

How have you secured your network in a perimeter-less context?

Content you might like

Conversational CRM is lacking in most CRM applications.

There are so many types of social engineering attacks – how should we determine which ones to focus on for employee security awareness training?

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

Does it actually make sense to have multiple cybersecurity point solutions that serve the same purpose? Or does that added complexity just weaken your overall security posture?

In terms of your incident response strategy, are employees required to have the org’s instant messaging platform (Teams, Slack, etc.) installed on their personal mobile device in case their computers become nonfunctional during an incident?