MY TAKE: ‘Perimeter-less’ computing requires cyber defenses to extend deeper, further forward

Threat actors are opportunistic, well-funded, highly-motivated and endlessly clever.

Therefore cybersecurity innovations must take hold both deeper inside and at the leading edges of modern business networks.

Related: Lessons learned from Capitol One breach

Most of the promising new technologies I’ve had the chance to preview this year validate this notion. The best and brightest security innovators continue to roll out solutions designed to stop threat actors very deep – as deep as in CPU memory — or at the cutting edge, think cloud services, IoT and DevOps exposures.

Juniper Networks, the Sunnyvale, CA – based supplier of networking equipment, I discovered, is actually doing both. I came to this conclusion after meeting with Oliver Schuermann, Juniper’s senior director of enterprise marketing.

We met at Black Hat 2019 and Schuermann walked me through how Juniper’s security play pivots off the evolving infrastructure of a typical corporate network. For a full drill down, please give a listen to the accompanying podcast. Here are the key takeaways:

Deeper sharing

Wider threat intelligence sharing continues to advance apace. I was in the audience at Stanford in 2015 when President Obama signed an executive order urging the corporate sector to accelerate the sharing of threat feeds among themselves and with the federal government.

Since then, a number of threat intel sharing consortiums have either formed or expanded their activities. One recent example is how five midwestern universities – Indiana, Northwestern, Purdue, Rutgers and Nebraska – partnered to create a joint security operation center to gather, analyze and act on threat feeds.

Juniper gathers threat feeds via a security framework, called SecIntl, that runs off servers tied together by Juniper equipment deployed globally in corporate networks. Juniper has been stepping up its efforts to extend threat detection and policy enforcement that pivot off SecIntl threat feeds shared both wider and deeper into the networks of its enterprise customers around the world.

Schuermann

At Black Hat 2019, the company announced its latest initiatives to block threats at the router level. “We’ve extended our SecIntl reputation feeds to our routing platforms,” Schuermann told me. “We look at it from an infrastructure lens and try to block as close as possible to where the threats are coming in.”

Distributing blacklists of known malicious IP addresses and URLs at a deeper level results in a significantly cleaned-up signal getting passed on to systems sitting higher up the security stack, such as next-gen and web app firewalls, intrusion detection and prevention tools and SIEM systems.

“By filtering out the noise at the beginning, where you have high scale, we’re able to allow more meaningful inspection — on less amount of traffic,” he explained. “Once the noise has been filtered out to some extent, now you can take another look at the traffic in a more meaningful way.”

Containerized firewall

Cleaning up traffic at the router level makes good sense. But that does little to address fresh exposures spinning out of digital transformation, at the app development and app production side of the house.

Companies are diving off the cliff into hybrid cloud networks and Internet of Things systems. They are compelled to rapid and flexibly create the next-gen mobile apps needed to make this all come together, so they are leveraging virtual servers, DevOps, microservices and containers.

It’s a highly complex and dynamic environment, with a whirlwind of novel moving parts – and all of this translates into fresh attack vectors for opportunistic threat actors. In a production-oriented corporate environment, security often gets put on a side burner – or overlooked all together.

“Sometimes the groups in charge of rolling out applications have this charter to be agile and quickly move things out, at scale,” Schuermann observed. “If a security team, or net ops, gets in the way, you pull out your credit card and, voila, you’re in the cloud . . . But how do you create security policies that can stretch across to the cloud provider and have the agility that development is looking for?”

Juniper’s answer is its updated cSRX containerized firewall, which is designed to tie into legacy Juniper platforms and controls, including threat feeds from SecIntl. cSRX is capable of extending consistent firewall policies across physical, virtual and containerized workloads.

“We’ve just announced some enhancements that will allow our containerized firewall to boot up faster and also fit into those environments in a more efficient manner,” Schuermann told me. “As far as performance, if you have to spin up seven more instances of something, this will scale along with that. It’s instantaneous.”

It’s still very early. We’re going to need more and improved security innovations — both deep inside the infrastructure and at the leading edge. And there are larger questions in play, such as determining precisely who should be accountable for what, security wise, as digital transformation accelerates. I’ll keep watch. Talk more soon.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/my-take-perimeter-less-computing-requires-cyber-defenses-to-extend-deeper-further-forward/