Page 76 - Cyber Defense eMagazine for September 2020
P. 76
Think outside the network
The persistence of a siloed mentality, complete with an insistence on treating network segments as
though they had perimeters (and as though those perimeters mattered) consistently limits our thinking.
This puts us at risk. The compromise of the most minor system can lead to the compromise of
significantly more important systems, and an inability to think holistically will ultimately lead to
compromise.
Consider, for example, the caching of credentials. In many cases, merely logging into a system with
administrative credentials once (and then forgetting to wipe the cache) is enough to leave a copy of those
credentials on the system in question. That cache can be exploited by attackers to then compromise
other systems that are part of the network and which share those credentials.
In this manner the compromise of a small edge node located on the other side of the world could result
in a devastating compromise of central databases. What's worse, these sorts of compromises happen
not because anyone along the chain of responsibility between those two systems does anything wrong,
but because their areas of responsibility were so disconnected that the security implications of how doing
something to A would affect B were never even considered.
Machines managing machines managing machines…
This is the challenge of the 2020s. In order to cope with perpetually increasing scale we must begin to
turn the definition and daily management of policies, profiles and templates over to machines. Machine
Learning (ML), Artificial Intelligence (AI), and other Bulk Data Computational Analysis (BDCA) tools are
a must.
Initially, these tools will make suggestions, and automate very simple tasks - the sort of things we're
seeing from AIOps vendors today. But this is only the beginning; in order for the networks of tomorrow
to even be possible, virtually everything that IT administrators do today must be done by BDCA tools
without any form of human input.
This is not about replacing IT personnel. It isn't about an attempt to save money. The problems we're
running up against are the limits of human capability.
Humans can only hold so many things in working memory at a time. Call it a RAM limit, if you will. We
can only conceive of so many nodes on a network. We can only wrap our minds around so many
permissions interactions. Enterprise networks are already bigger than we can fit in our brains, and that
means we are running up against human limits in terms of even being able to architect these networks,
let alone defend them.
For security to be effective, it needs to be holistically integrated into network architecture decisions.
Network and security are inseparable, and the challenge of the next 10 years is going to be redesigning
how we represent these networks for human consumption, and how we translate human-scale
architectural and security decisions into the practical application of configuration for a literally
incomprehensible number of systems that, even for small businesses, can span the entire globe.
Cyber Defense eMagazine – September 2020 Edition 76
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
