Support
USA
Contact Us
August 4, 2019

Ovum Insights – Your company firewall isn’t enough

Mark Arnold

Navisite recently sponsored research conducted by Ovum, presented in a white paper – Tackling Increasingly Complex Security Challenges– which considered the extent of cybersecurity threats faced by businesses and their strategies for dealing with these threats. As part of a series of blogs looking at the key points raised by the research, we explore the issue of firewalls and why hacking victims are now investing in other, complementary, technologies too.

Your company firewall isn’t enough

Fifteen years ago, perimeter firewalls were considered an enterprise-only luxury, due in part to the astronomical cost associated with hardware security at the network edge. As more businesses have come online and the price of firewall equipment falls, almost every business now has one installed at the network edge.

But despite the prevalence of firewalls, the number of reported security incidents continues to rise year-on-year. The nature of cybersecurity attacks has radically changed over the years, and hardware-based solutions no longer offer sufficient protection on their own.

The rise of the APT

Perhaps the most concerning of all current cybersecurity incidents are advanced persistent threats (APTs). Slow, patient and methodical, an APT attack can take months to plan and execute, and it is this stealthy approach that makes them so hard to detect.

Usually starting with malware-infected email, hackers gain a foothold inside the network. They then probe known vulnerabilities behind the firewall, mapping your resources and looking for valuable data to steal – and opening channels that allow them to come and go as they need. Covert channels like HTTP proxies and DNS tunnels will be created to exfiltrate data – avoiding the detection routines of your firewall as they do so.

Misunderstanding the role of the firewall

Firewalls are an incredibly important aspect of network security, but they cannot be the only line of defense – especially in the modern hybrid cloud operating environment. Once they have breached the firewall, hackers are able to move between systems almost at will.

According to the research from Ovum, 90% of all organizations are investing in firewall technology – as you would expect. Those businesses who reported a breach have slightly different spending priorities however. 

Firewalls still top network security investments, but previous victims are also investing behind the perimeter. Spend on technologies like network traffic analysis, intrusion detection and behavioral analysis far outstrips those organizations who have not yet experienced (or more likely detected) a breach.

Network security needs to be smarter

APT attacks are so effective because they mask malicious activity using valid, albeit compromised credentials. Hackers will take great care to avoid raising suspicion – and to erase evidence that they were ever there. A time-constrained network engineer performing a cursory check of activity logs is unlikely to spot anything amiss; APT activity is often only uncovered by forensic analysis of logs from across the entire infrastructure.

It is for precisely this reason that user and entity behavior analytics (UEBA) tools are gaining in popularity – particularly for organizations that have experienced a breach. These systems employ machine learning techniques to monitor network logs and traffic to establish a baseline of what “normal” looks like. The system then constantly compares live activities against this baseline, looking for anomalies that warrant further investigation.

UEBA solves two problems. First, it is smart enough to detect anomalous behavior from authenticated accounts, indicating where credentials have been compromised by hackers. Second, UEBA can cut through the general noise created by thousands of alerts and notifications from your infrastructure so your engineers can focus on real issues. As security tool fatigue becomes an operational problem, any tool that can simplify management without compromising security should be welcomed.

Compromised organizations have had to learn the hard way that the security investment needs to consider safeguards behind the firewall too. Any business that has yet to experience a significant breach would do well to look at what their less fortunate counterparts are doing – it may just help maintain their resilient status.

The full white paper can be downloaded here. To learn more about building a holistic network security strategy – including the use of UEBA – please get in touch. For more information on cloud security, click here.

About Mark Arnold

Mark (CISM, CISSP, GWAPT, GXPN, Ph.D.) brings 20+ years of security leadership experience to Navisite. Previously, Arnold served in various security roles at Optiv, PTC, Thermo-Fisher Scientific, Computershare, TJX, and boutique security firm @stake. Mark oversees managed security services, the security and compliance product roadmap, and security strategy development. Mark is also active in the security community. He currently serves on the advisory boards for the SOURCE Conference (as content and speaker management), OWASP Boston, and InfoSecWorld (https://infosecworld.misti.com/). Besides holding industry certifications, Mark has degrees from Stanford University (B.S.EE, Princeton Theological Seminary (MDiv), and Harvard University (Ph.D.).