Last year — also known as Cybergeddon — was rife with data breaches, ransomware, weaponized data. The explosive growth in the number and seriousness of cyber-attacks was reflected in the sense of urgency at RSA Conference 2018. During the keynotes, we saw the price of cyberwarfare and heard testimonials by doctors and patients who were affected by the WannaCry attack, when attacks against machines had a direct consequence on human health and safety.
In his keynote, Christopher D. Young, CEO of McAfee, looked to the airline industry and how “the literal hijacking of air travel changed the ways in which the world connects.” Chris stressed to us that “it’s time to we learn from the past in order to go farther, faster in protecting the digital world” in order to prevent a digital 9-11. Since the daily and weekly hijackings of the early 1970’s, air travel has undergone a security transformation. It’s moved from not requiring identification at all to requiring full body scans, from low access control to risk-based security. The defense perimeter has evolved, and the end user is under increased scrutiny.
Cyber-attacks are approaching that same one-a-day frequency, but will it be the tipping point that pushes cyber-security towards a people-centric approach? The need is evident when reviewing the 2018 Data Breach Investigations Report (DBIR) in which Verizon tracked over 53,000 incidents and 2,216 confirmed data breaches. Among many points, the report states that:
Even given all the vulnerabilities out there, credential attacks are still the number one means the attackers attempt to get all up in your servers.
Besides credential-stealing malware, the report discusses two varieties of social engineering attacks — phishing and pretexting. Both exploit the end user’s trust to capture credentials, either through an email attachment or false narrative designed to influence behavior. Additionally, the use of stolen credentials is still the top variety of hacking in breaches involving web applications. But what I found most telling about the DBIR was the exclusion of data sets due to how they would skew the numbers.
“We have received a considerable amount of breach data involving botnets that target organizations’ customers, infecting their personally owned devices with malware that captures login details. Those credentials are then used to access banking applications and other sites with authentication. These are legitimate breaches, but due to the sheer number of them (over 43,000 successful accesses via stolen credentials), they would drown out everything else.”
Clearly, the perimeter must evolve to be people-centric, as threat-centric, network-centric, and app-centric designs alone do not suffice. Given the number of credential-based attacks, we must look past the security provided by a series of gates and locks and look deeper at user behavior — a series of detectors. For decades, enterprises have layered security onto the endpoint, network, application, and the cloud. VPNs connected users to internal LANs and to the applications running on them. They gave endpoint clients access to the network, using firewalls and network access controls to curtail access. But the applications are no longer running on just the LAN — they are in the cloud, on mobile endpoints and sometimes running in shadow IT. In fact — the client LAN is no longer a trusted network and organizations are moving to cloud based zero-trust security models where endpoints or end users must be validated for access. What’s required is to expand security by applying “follow the user” security policies that go where today’s user goes — the user’s workspace. This is critical in a multi-cloud, app-based, bring-your-own device world.
Besides winning awards in application and cloud security, Citrix has been enabling secure digital workspaces for years. This is clear in high security and compliance use cases — HIPAA, SWIFT, NERC, GDPR, and PCI-DSS to name a few. Access security, secure collaboration, and workforce continuity, are what Citrix provides for 400,000 customers globally every day. An essential enabler of the Citrix Secure Digital Workspace is the Secure Digital Perimeter (SDP). The SDP is a new approach that focuses on real-time user behavior and context derived from known interactions with the network, applications, and data, rather than reacting to unknown threats. The SDP protects information and applications by understanding the user and segmenting the clients and servers to protect the applications and data in the data center. Furthermore, the secure digital perimeter encompasses SaaS, hybrid, and multi-cloud environments.
Combining my RSA and DBIR takeaways produces the following: “It’s an idea whose time has come, because what matters now, is that now matters more than ever…” “so dust off that segmentation project proposal, because no matter how well you do in your external vulnerability scans, if you mix clients and servers, you’re going to give the attackers the shot they’re looking for.” Users, applications, devices, and networks are protected by the secure digital perimeter by adding the human element and evolving the digital perimeter to risk-based security.