Competing in today’s digital economy requires investing heavily in digital acceleration. Businesses that rely on applications need networks to interconnect users and resources across campuses, data centers, branches, multi-cloud, home offices and even mobile worker environments. This ensures every user has reliable and consistent access to the critical resources they need to do their jobs, regardless of where those devices, data or users are.
However, while hyperconnected networks are ideal for business, they are a severe challenge for traditional security devices. Visibility and control can be severely compromised when point security devices are deployed across a hybrid environment. Disparate solutions are often unable to share threat intelligence or orchestrate and enforce policy end-to-end. The results have been predictable, with a dramatic rise in ransomware and other cyber incidents in the two years since networks were inverted and work-from-anywhere became the new norm.
Moving To A Cybersecurity Mesh Architecture
As Gartner, Inc. notes, “IT leaders must integrate security tools into a cooperative ecosystem using a composable and scalable cybersecurity mesh architecture approach” if they hope to protect their networks from ransomware and other malicious attacks. That means replacing their legacy security systems with an integrated strategy by 2024 if they hope to “reduce the financial impact of security incidents by an average of 90%.” Rather than using siloed security devices to protect separate network segments, Gartner argues that “a cybersecurity mesh enables tools to interoperate by providing foundational security services and centralized policy management and orchestration.” This allows them to function as a single solution, including extending security controls beyond the traditional network perimeter.
To be effective, security capabilities must mirror the network they are protecting. Legacy security systems operate the way they do because yesterday’s networks were static, with clearly defined perimeters and access points. Traffic was predictable, and most assets were tucked safely behind the firewall. While that has now all changed, security has not kept up. IT teams now struggle to secure new wine using old wineskins.
How To Change Your Approach To Security
Of course, declaring you need a new approach to security is far easier than making it happen. While such a change certainly involves upgrading and replacing technology, it begins with a paradigm shift in how we think about security. That includes three key ideas.
1. Move to a zero-trust model. The first shift involves changing how we think about trust—who and what we trust, how much we trust them and how we know whether they have broken that trust. Most networks were designed using implicit trust, which allows users and devices to move freely around the network to access resources. While few networks are entirely wide-open—though there are more than you might suppose—most users and devices still have a lot of latitude to move around within their network segment. Perimeter controls may have been sufficient at one point, but that approach is now increasingly dangerous.
Today’s malware is quite proficient at evading detection and escalating privilege to move laterally across the network, looking for data and resources to target. It’s why ransomware attacks can be so devastating. Attackers usually gain access by breaching the perimeter through a new network edge like a poorly secured home network.
This implicit trust approach must be replaced with a zero-trust model that assumes that every user, device, application and workflow may have already been compromised. That simple shift in thinking changes everything. Every user and device anywhere on the network must be explicitly authenticated and granted specific, per-session access to only those resources they need to do their job. Those connections must then be continuously monitored to ensure ongoing compliance.
Complicating things further, applications, workflows, transactions, devices, users and other resources no longer exist in a single permanent location. As a result, isolated security devices struggle to enforce policies as users, devices and applications travel across or between network environments. It gets even more complicated when the underlying network constantly—and sometimes dramatically—changes as it scales and adapts to evolving requirements.
2. Converge security with the network. The next critical change involves convergence. Security and the network need to be deeply integrated because most security configurations and policies are unable to keep up with dynamic network environments. This leaves gaps in protection that can easily be exploited. A converged strategy that integrates security and network functions can eliminate that risk.
Because many networks cannot correctly recognize and securely route application traffic end-to-end, security must also be able to understand and inspect all types of data—and it needs to do this in real time so that securing applications does not affect user experience. By combining application-aware security with network functions, organizations can ensure and maintain optimal user experience without compromising on defense.
3. Consolidate and integrate security solutions. The third shift requires consolidating security solutions to reduce vendor sprawl and then integrating them to work as a single cohesive system. Manually correlating threat intelligence between disparate management consoles means many threats get overlooked—and those that are found don’t get discovered until it is too late.
Successful consolidation requires three critical steps.
• Select an integrated, universally deployable platform from a single vendor. Tools that share a common operating system and centralized management and orchestration can see, share, correlate and automatically respond to threats found anywhere in the network in ways that are impossible using disparate solutions.
• Additional solutions must use common standards and open APIs to ensure interoperability.
• The system must be augmented with AI and ML to ensure that security can detect and respond to increasingly sophisticated threats at digital speeds.
You Need To Start Now
Cybercriminals have already begun targeting today’s growing attack surface. Waiting to address that risk or trying to forge ahead using an outdated security strategy is a formula for disaster. Organizations planning to compete successfully in today’s digital marketplace must take the necessary steps now to build and deploy a fully integrated cybersecurity mesh architecture. Those that don’t will be left behind.