Back in the early days of the Internet, firewalls were invented to keep out the bad guys — similar to an electric fence around a building compound. But times have changed.
Evolution of network threats
Firewalls have evolved and become much more sophisticated. So, too, have hackers and malware. Organizations have more complex networks, ubiquitous Wi-Fi, mobile workers, cloud apps and bring-your-own-device policies. Enter the Internet of Things — where almost any inanimate object can have an IP address — and cyber-security is getting awfully difficult to manage these days.
A next-gen firewall should be part of every organization’s cyber-security arsenal, providing a basic line of defence by allowing or blocking access to the corporate network. NG firewalls are not the be-all-end-all, since hackers have found ‘back doors’ into even highly secure networks.
Using IT vulnerabilities or social engineering attacks, the bad guys are able to slip past the firewall and hover around, gathering data, and in some cases exit and enter at will. Most breaches aren’t noticed for weeks or months at a time — and that’s a lot of data gathering.
“Forget the gate and drawbridge idea, there are now hundreds of potential entrances to the castle because businesses are connected to customers, suppliers, and employees over the internet. Not only that, but it’s as if everyone who comes in and out of the castle has a key to unlock all the doors as well.”
Matthew Wall, BBC News
Social Engineering attacks
Social engineering attacks — which manipulate users into handing over sensitive data or clicking on malicious links — are becoming more commonplace, in part because they’re so effective. They’re also becoming increasingly sophisticated.
“One new employee, one new contractor, one new business associate. That’s all it takes to own a target. Keystroke loggers and botnet malware will do the rest.”Saryu Nayyar, InformationWeek
User training is helpful (and necessary), but it’s not 100 percent effective. “When a threat actor launches an attack that is planned to take months or years to carry out, all they have to do is spam and wait,” writes Saryu Nayyar in an article for InformationWeek’s Dark Reading.
She argues that security awareness alone won’t stop hackers. As all it takes is one individual falling victim.
Hackers can exploit vulnerabilities in software or applications (particularly older versions that haven’t been patched). Or, they can target BYOD devices that aren’t properly managed. They can even target air-gapped computers — ones that are physically isolated from unsecured networks — that are often used in military, financial and critical infrastructure networks.
Indeed, a recent Wired article points out that researchers in Israel were able to steal data from air-gapped computers. “To steal data from them an attacker generally needs physical access to the system — using either removable media like a USB flash drive or a firewire cable connecting the air-gapped system to another computer,” writes reporter Kim Zetter in Wired. “But attackers can also use near-physical access using one of the covert methods the Ben-Gurion researchers and others have devised in the past.”
Detect and resolve intrusions
It’s not all doom and gloom, though. Many industry pundits say the focus shouldn’t be on keeping hackers out. Instead, it makes more sense to stay informed of new threats, analyze vulnerabilities, recognize when a breach has occurred and stop it before any real damage is done.
In addition to a firewall and anti-malware, organizations should consider anti-exploit tools that can recognize when an attack is launched — so they can stop it before malware is installed. When it comes to backdoor attacks, network monitoring is key; network admins are flagged when something is ‘off.’
For many organizations, especially smaller ones, this is a tall order. It requires skilled expertise — hence, time and money — which they probably don’t have in-house.
It can be difficult for companies to find talent to secure each of their vulnerable areas, writes Sharon Florentine in an article for CIO.com. That’s where a managed security solution provider comes in. “An MSSP can cover all the security bases for a company: firewalls, intrusion detection and intrusion prevention solutions, security event and incident management, managed vulnerability and identity management solutions — even first-level incident response.”A next-gen firewall is a must. But relying on that firewall will leave you with gaps — er, back doors. Click To Tweet At some point, an intruder is going to find a back door into your network; the key is knowing when it happens, so you can take action before it’s too late.