How to Bolster Network Perimeter Defenses With Security Intelligence
February 26, 2020 • The Recorded Future Team
Cybercriminals continue to utilize remote code execution attacks that target edge devices as a way to breach network perimeters. To prevent these types of breaches, network security teams need to evolve their approach toward bolstering security postures at the edge.
Recorded Future’s security intelligence philosophy introduces three principles that work in harmony to help network security teams strengthen the policies and controls that govern and protect their network perimeters. By proactively planning and incorporating the principles of security intelligence, organizations can minimize the impact of cyber threats and improve the resilience of their IT networks.
The State of Perimeter Security
The use of IoT networks, personal devices, and the public cloud has exploded in recent years. While these activities take place outside of network perimeters, they also greatly increase the amount of activity that takes place on premises and in private clouds — inside of network perimeters. At the same time, perimeter security is susceptible to advanced cyber threats that can sometimes evade detection.
All of this makes protecting network perimeters more difficult than ever for security professionals, especially when non-IT management teams may hear that “the perimeter is gone” in various “digital transformation” marketing campaigns. In reality, at the operational level, there are simply too many data packets flowing into and out of the network for resource-strapped teams to keep up with. The perimeter is not, in fact, dead. If you are a network system administrator, you know this all too well.
How to Amplify Perimeter Security Effectiveness With Security Intelligence
So, what is security intelligence, and how does it amplify the effectiveness of network perimeter security teams? In short, adopting this philosophy empowers security teams to expose unknown threats and provide information that enables better decision-making. By producing a common understanding of external and internal threats, as well as threats related to third-party ecosystems, security intelligence can provide the context network security teams need to accelerate risk reduction exponentially across the entire perimeter.
This new philosophy could have a major impact on how effectively network security teams are able to defend their organizations’ perimeters. And it comes just in time, as network perimeters are becoming more vulnerable to remote code execution attacks that target publicly available edge services, which provide opportunities for breaching network perimeters.
Many edge services are vulnerable to attacks due to inconsistent patching and a lag in updating both the operating systems and the applications running on their servers. That means more and more attacks are getting through network perimeters and finding their way inside organizations — both on premises and in the cloud.
That’s why it’s now critical to leverage the security intelligence philosophy — or, more pointedly — the solutions that help teams take back control of their perimeter. Adopting this philosophy allows you to drive your perimeter security policies and controls with confidence, whether you are building them from scratch or simply tuning them up as the business needs and supporting operating environment expand or change.
The Principles of Security Intelligence
The security intelligence philosophy includes three principles that each stand alone to improve individual organizational needs, or work together to holistically accelerate your security effectiveness. Together, these principles can guide your network security team in building a comprehensive security strategy that leads with the perimeter, but also addresses the entire operating environment of which the perimeter is often the gatekeeper:
- Threat intelligence provides context around the who, what, and why of potential cyberattacks by utilizing machine learning and automation to consume and analyze massive amounts of threat data and technical research from open, closed, and dark web sources. By correlating relevant, real-time insights from all these sources with internal network data, perimeter security teams can drive faster and more informed security decisions specific to their on-premises and cloud environments.
- Brand protection enables security teams to quickly identify what’s being targeted by malicious threat actors and respond to reputational attacks against their brand, as well as the digital risks of the company and its customers. This includes fake accounts, services, apps, APIs, and websites that are set up to attract redirected traffic and provision inappropriate content that can harm organizations and their customers.
- Third-party risk management helps analyze and mitigate risks originating from ecosystems that share sensitive information with suppliers, partners, contractors, agents, temporary workers, and other third parties. Keeping a close eye on the third-party supply chain is critical — breaches to one entity can quickly infiltrate an entire ecosystem.
By leveraging the security intelligence principles, your network and perimeter security teams can improve threat analysis, vulnerability management, fraud prevention, and incident response capabilities.
Applying Security Intelligence to Perimeter Policies and Controls
You can apply security intelligence to several aspects of your organization’s perimeter security strategy. For example, consider an email gateway that accepts communications from designated locations, devices, and protocols. If the network security team receives intelligence from the dark web that a hacker is using a particular protocol and port to commit fraud, the team can adjust the policies and controls on that gateway before a compromise occurs.
Or, in another case, you might grant VPN access to third-party partners who place orders online for your products. If open source monitoring analysis enhanced through your intelligence feed indicates that one of the partners has been compromised, you can adjust the risk level and the policies for that particular partner. Or, if the entire VPN service has been breached, you can shut down that third-party service and re-route the traffic through another secure channel until the attack is mitigated.
In another example, firewalls can only do their job if they have access to the latest threat indicators; static rules just don’t cut the mustard these days. By integrating security intelligence with your existing security technologies, such as your next-gen firewall, you can identify and implement new, dynamic rules to ensure users and systems are protected from the latest malware, ransomware, phishing, and malicious URL attacks.
Digital Asset Protection for You and Your Supply Chain
Along with the continuous enhancements of digital transformation technologies, a host of new security risks will surely come along. With cyberattacks coming from IoT networks, mobile devices, public clouds, partner and customer integrations, and even internal threats, a sophisticated approach to improving perimeter security postures and cyber resilience is more critical now than ever.
Proactive security planning that incorporates the three principles of security intelligence will minimize the impact of cyber threats and bolster resilience. By addressing cybersecurity across your entire organization, including your own network perimeter and any third-party vendors you utilize to make it all work, your security team can enable your company to maintain its competitive advantage — by better protecting your digital assets — internally and across your supply chain.
Start making your move toward security intelligence today — download the second edition of “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program” and find out how the three core principles of the security intelligence philosophy can provide a comprehensive approach to your perimeter threat-mitigation strategy.