Shift from 'high wall' to 'body armour' security
The traditional approach of 'high walls' is clearly flawed. We are seeing a shift away from perimeter security to a 'body armour'-type of approach, of security being put around every object within the data centre.
So said Gareth James, network and security specialist at VMware, discussing some of the results of the ITWeb, VMware security survey, aimed at gauging the current state of cyber security readiness in South Africa, by polling CISOs and equivalent C-level executives.
When asked if they suffered any attacks, 76% said they had been victims of impersonation and phishing, although only 8% said there was actual penetration of the network. "The tendency towards human error and tailgating by latching on, using phishing and suchlike, is becoming front and centre. The big question is, how do we prevent people hoaxing and getting into our organisations?"
Time to respond
Once an organisation knows there has been a security problem, how quickly can they respond, was one important question posed by the survey.
Only 32% said they can respond extremely quickly, with another 45% saying 'somewhat' quickly.
"Unfortunately, the time a threat lingers inside a network is typically 18 months," said James. "Lack of visibility within our data centres is a major problem. Getting that visibility is key."
When asked what other tools and solutions had been implemented within their organisations, James said CISOs had the usual anti-malware solutions (93%) and firewalls (94%) in place. "However, 6% said they don't have firewalls, and I'm a little worried about those guys. I hope that's a typo," said James.
A further 94% have end-point protection solutions, 76% employ intrusion prevention software, and 53% have device protection in place. Less than half (49%) of those surveyed have data leakage prevention (DLP), and only 40% employ mobile device management solutions.
Ransomware changes security posture
"We are also seeing that in terms of attacks by outsiders, malware and ransomware top the list, with more than half the respondents (52%) saying they had experienced malware attacks, and 46% saying they had fallen victim to ransomware."
Although ransomware was revealed as a prevalent threat, 76% of those surveyed said they were not affected by WannaCry at all; 20% claimed they were somewhat affected, and only 4% said they experienced drastic effects.
James said that irrespective of these findings, WannaCry had a knock-on effect, and definitely changed security postures for many organisations. "Again, it raised the profile of the lateral threat within our organisations. Once it was inside, it propagated. It was a lateral movement from vulnerable XP machines."
The survey also posed the question about whether virtualisation limits visibility. "This was particularly interesting to me, as I work in that space. We are moving away from a physically defined world, to a software-defined world."
According to James, most companies realise that making everything software-defined, whether that be operating systems or even container-based applications, means that they have to move the monitoring and visibility from the physical layer into the software layer.
"If you consider that two virtual machines or two containers communicate within a server using overlay networking, and those communications will never touch a physical network, how relevant are physical packet sniffers in that environment? In my view, not at all."
The survey found that 'microsegmentation' has been adopted by almost one third of the respondents. "Protecting against lateral movement between virtual machines inside a data centre, and between applications, has been taken far more seriously than before," said James.
View the the full results report in PDF format:
ITWeb's 2018 Information Security Survey, in association with VMware