MACAU—In an era of mobile, cloud and Internet of Things (IoT), experts from global enterprise networking solutions provider Aruba warned businesses that security threats are everywhere—including their very own backyard—so they need to act now or be sorry.
“The risk is increasing inside the enterprise. Security is now frontage center for most corporations,” Aruba Senior Vice President and General Manager Keerti Melkote told members of the media from the Asia-Pacific region during the recently concluded Aruba Apac Atmosphere 2017 summit held at a Macau hotel.
Insider threats are increasingly becoming a dominant risk vector for most enterprise customers, according to Melkote. As online attackers are becoming more and more sophisticated and smarter, he noted that they are not interested in just bringing down the network.
“They’re interested in your corporate asset, whether it’s financial information, intellectual property, credit-card information, or patients’ medical record,” Melkote said. “They’re going after very valuable information, which they can then trade on the black market to their advantage.”
Even though there are myriad examples of cases where organizations have been impacted by a loss of such high-value assets, organizations are not adequately considering the risk from their trusted users, per Gartner’s “Market Guide for User and Entity Behavior Analytics [UEBA]” research in 2016.
On a positive note, however, the American research and advisory firm fielded almost a 100-percent increase from clients looking to address the insider threat issue, of which, UEBA is one of the primary technologies.
These finding shows that security not just matters to the information-technology (IT) department, but is now also the bone of contention for most of the top executives within an organization. Beyond understanding its level of exposure to their entities, they’re more keen on risk mitigation or management as they digitize themselves.
“This is really [a concern on] cyber criminals that are aiming this thing, which is why it’s a ‘boardroom topic’. It’s not just a teenager that is trying to have some fun at your expense. It’s really a very, very, very big issue,” the SVP and GM of Aruba said.
Security architecture
ENTERPRISE vulnerability continues to rise given the more points of entry for attackers to thrive within an organization, per results of a survey conducted by Aruba in February.
From the 3,000 respondent-companies, 72 percent and 56 percent of them have introduced and deployed IoT into their workplace, respectively. While 78 percent saw an improvement in user experience, 84 percent have unluckily experienced security breaches. One-third of the participants said successful attacks on their enterprises would be coming from shadow IT resources.
“If you look at the security architectures that have been prevalent over the last decade or so, it’s basically a hard, crunchy exterior but a very soft, gooey interior. What we did was we hardened the perimeter by installing security devices like firewalls, intrusion detection system, [or] anti-malware platform; and we deployed this either [on the] edge of the network facing the Internet or we deployed technologies on the endpoints where it was possible,” Melkote noted.
“But the network in the middle was mostly an open network that was transporting data between these two areas. So what we started to look at was how do you create an architecture that has a lot more defense in them, which means you have to take that gooey interior and hardy for security. Because what’s happening [or] where these attacks originating is on the inside. And once they get in through into the device, it starts to proliferate laterally,” he said.
Inside attackers find weak targets—typically with IoT devices that don’t have strong operating environments or software. Based on the Aruba study, 80 percent of advanced attacks use legitimate credentials.
“These attacks—because they’re going after very high-value assets—are very targeted [and] very low profile,” the top executive said, while citing that typical tools that look at traffic types of their offense are not sufficient to actually track them.
Time-wise, the survey revealed that the attack develops around eight weeks or more before damage is done. Almost all, or 99 percent, of exploits will be vulnerabilities, which have been known by security and IT for at least a year. The median time from compromise to discovery of breach could reach about 146 days.
“That is scary, in that detecting these things takes close to five months. So for five months, you have something that’s on the inside of your network that has a free range before you detect it, you discover with a shadow account,” Aruba Chief Technology Officer Partha Narasimhan told the BusinessMirror at a sideline interview during the regional conclave.
‘Inside out’ approach
INSIDER attacks on businesses are growing regardless of their size and location, according to Aruba Product Management Vice President Karthik Krishnan.
“I’ve been in many countries in Europe, as well as in Asia, and I think it all comes back to use cases and to security concerns that people have,” he shared, while pointing out that there have been no region-specific barriers to these kinds of incident.
“Security tends to be a lot more common across these regions. The use of cases tends to be more vertical-focused, meaning, the government customers in Asia probably share the same concerns as government customers in the US, and some other financial customers across the world tend to have very similar concerns. So it tends to break down more into sort of verticals, and less about regions,” he added.
“Businesses, whether big or small, should always consider frontline detection and prevention to combat insider threats. Perimeter security, while useful, certainly has limitations because more and more of these threats are now on the inside,” Krishnan said.
“So investing in security controls on the inside of network is probably gaining an importance. And I think all the recommendations for the enterprises will be that they start to allocate a lot more of their budget on looking at things on the inside, versus just trying to have a perimeter security,” he said.
Value over money
MONETARY issue should not be a hindrance for companies to protect themselves from such risks, especially small and medium enterprises (SMEs) with limited financial resources.
In the Philippines, for instance, where the economy is mainly driven by SMEs, he advised them to prioritize the value of protection in the long run.
“If you’re a midsized bank, your concerns are probably very similar to a larger bank. Because if you have things to protect, if you have things to care about, you tend to worry about it, no matter what your size is, because the risk-case proportion [does not correspond] to the size of the company,” he explained.
“I think each enterprise would have to make a determination as to what it is that they want to protect, how important the security to them. And if there are things that you need to protect—sensitive information that you need to make sure doesn’t get into the hands of their own people, then you have to be able to prioritize and [allocate a]budget for it. Because, otherwise, often what happens is the budgeting ends up being a small proportion of the eventual cost that you have to pay when a data breach actually happens,” he added.
Aruba, a Hewlett-Packard Enterprise company, has launched during the Apac Atmosphere 2017 a security framework that provides complete analytics-driven attack detection and response to help organizations reduce risk in today’s changing threat landscape.
Called the Aruba 360 Secure Fabric, it offers security and IT teams an integrated way to quickly detect and respond to advanced cyber attacks from pre-authorization to post-authorization across multi-vendor infrastructures, support. The multinational, likewise, innovates in UEBA by expanding the Aruba IntroSpect product family, enabling businesses to easily and rapidly scale machine-learned behavior detection from small projects to full enterprise deployments.
Other components of the Aruba 360 Secure Fabric include Aruba ClearPass and Aruba Secure Core. The former being a proven network access control and policy-management security solution, while the latter pertains to essential security capabilities embedded in the foundation across all of Aruba’s Wi-fi access points, wireless controllers and switches, including the recently introduced Aruba 8400 campus core and aggregation switch.