By Tim Liu, Co-Founder & CTO, Hillstone Networks
Cybersecurity may seem an unending challenge, with new vulnerabilities, attacks and breaches announced almost daily. With all the loud headlines, and the potentially large financial and professional impacts of a breach or other attack, it’s easy for CISOs to feel a bit beleaguered.
Ransomware, for example, doubled in 2021 according to Verizon’s 2021 Data Breach Investigations Report. Most industries have come under attack, including education, retail, government, manufacturing, energy, healthcare, and financial services, among others. A notable development in 2021 was the rise of supply-chain attacks like the Kaseya incident, which impacted at least 1,500 customers.
Data breaches, while often a component of a ransomware attack, also occur separately. Like ransomware, breaches have increased markedly in recent years. According to the Identity Theft Resource Center, in the U.S. alone, data breaches through September 30 were up by 27% over the same period in 2020.
Further adding to the challenges of cybersecurity, the pandemic-driven proliferation of remote workers has dramatically expanded the potential attack surface, as has the increasing adoption of clouds, containers, virtual machines, and other distributed resources. Compounding these challenges are increasing compliance requirements, a growing number of regulatory policies, and the sheer volume of technologies on the market that can address at least some portion of these challenges.
While the challenges of cybersecurity are many and diverse, a few key strategies or principles can cut through the clutter and bring a greater degree of order and control for cybersecurity professionals. At a high level, think of it is see – understand – act.
Lack of visibility, or the ability to ‘see’ granularly across assets connected to the network, can be one of the biggest constraints on a successful security posture. To be effective, security needs visibility into all assets, including networks, servers and services, applications, users – and north-south as well as east-west traffic, including traffic between network components like clouds, VMs and containers.
A number of security solutions seek to fill the visibility gap, like the Secure Access Service Edge (SASE) that merges SD-WAN with other security capabilities to offer greater visibility into scattered assets and services. Yet another solution, Micro-segmentation, is designed to mitigate threats and vulnerabilities in east-west traffic between VMs and containers.
However, note that these technologies are most likely isolated from each other, or siloed. A newer solution called eXtended Detection and Response, or XDR, leverages other security technologies (like SASE, NGFW, WAF, and micro-segmentation) to aggregate data and deliver deep visibility into traffic into, out of and within the network and its assets.
The second part of the strategy, ‘understand,’ means gaining insights from traffic and other data that allows accurate analysis and characterization of potential attacks, threats and anomalies. For example, multi-stage, multi-layer attacks have evolved to camouflage themselves as normal traffic to elude security tactics, but usually leave subtle traces that can lead to their discovery and mitigation. By aggregating and analyzing data across the entire network and assets, these threats can be detected much faster and with far greater accuracy.
This step of the strategy also addresses a challenge faced by many security teams. As point security products have multiplied in typical networks, the number of alerts and alarms has risen dramatically, leading to a syndrome dubbed “alert fatigue.” Security teams often struggle to keep up and discern legitimate threats from false positives.
Over the years, a number of products have been developed to address these dual concerns, however many of them are cumbersome and costly. Here, too, XDR offers a number of benefits in threat correlation analysis. Using AI and ML-enhanced methods as well as cloud-based threat intelligence, XDR evaluates the aggregated data it gathers from other network-connected devices and identifies potential threats with a great degree of accuracy – including disguised attacks that might otherwise be missed.
With granular visibility and thorough analysis in place, the final step of the strategy can be enabled. ‘Act’ refers to the ability to automate security responses to well-defined threats, relieving security staff of many manual interventions. An XDR solution, for example, can orchestrate security ‘playbooks’ across multiple security products, like NGFWs, WAFs and others, to provide a comprehensive response to threats.
Playbooks, or templates, optimize workflows for security incidents, and XDR solutions typically include multiple predefined playbooks and allow custom playbooks to be defined by security teams as needed. The XDR solution continues its operations of see, understand and act in an infinite loop, allowing rapid incident triage and containment for improved cybersecurity.
This high-level strategy gives CISOs and other security team members the visibility, swift incident detection, and far-reaching response that’s needed to secure network assets from endpoint to cloud.
Recognized in the Gartner Magic Quadrant for network firewalls for 8 consecutive years, Hillstone Networks was recently named to the ‘visionaries’ quadrant. Founded in 2006, the company’s infrastructure protection solutions provide enterprises and service providers with the visibility and intelligence to comprehensively see, thoroughly understand, and rapidly act against multidimensional threats and attacks. Trusted by global companies, Hillstone protects from the edge to the cloud with improved total-cost-of-ownership.
About the Author
Timothy Liu is the Co-Founder and Chief Technology Officer of Hillstone Networks. In his role, Mr. Liu is responsible for the company’s product strategy and technology direction, as well as global marketing and sales. Mr. Liu is a veteran of the technology and security industry with over 25 years of experience. Prior to founding Hillstone, he managed the development of VPN subsystems for ScreenOS at NetScreen Technologies, and Juniper Networks following its NetScreen acquisition. Mr. Liu is also a co-architect of the patented Juniper Universal Access Control and holds an additional patent on Risk Scoring and Risk-Based Access Control for NGFW. In his career, Mr. Liu has served in key R&D positions at Intel, Silvan Networks, Enfashion and Convex Computer. He Liu holds a Bachelor of Science from the University of Science and Technology of China and a Ph.D. from the University of Texas at Austin.
Tim can be reached online at @thetimliu and at our company website https://www.hillstonenet.com/