The best way to approach security is to shift away from 'trust but verify' to 'don't trust, always verify', says Sharat Sinha, Vice President APAC, of Palo Alto Networks.
What shortcomings do you see in the cyber security scenario today in terms of preparedness?
- Larger than necessary sphere of cyber security risks - Companies should reduce the sphere of their cyber security risks and only allow the traffic they need to operate their businesses on their networks. This will immediately reduce the scope of their security challenges by eliminating opportunities for malware to get into their networks. In this way, their security tools and teams can fully focus on detecting and stopping threats.
- Selecting a cyber security platform that does not enable adoption of new IT initiatives, like cloud and mobility - Don't use yesterday's technology to address today's and tomorrow's security challenges; the security level provided by legacy security systems - often fragmented - can be broken when emerging technologies are implemented, leaving your organisation at risk. Invest in a cyber security strategy and dedicated systems that show innovation and flexibility to evolve with technology trends, like cloud and mobile computing, and tackle new forms of cyber attacks like advanced persistent threats.
- Viewing security as an impediment to the business - Companies should transform security into a proactive and systematic practice of safely enabling technology and business initiatives: Evolve security from being an impediment to the business to being an enabler and even turns cyber security into a competitive advantage.
Is there a best way to approach cyber security? What could it be?
- Assume the network is not safe - For many organisations, the LAN is both the most sensitive and least secured network environment. Anyone can plug in a device and get network access. The way to approach security is the changing mindset towards what's allowed on the LAN, which is shifting away from "trust but verify" to "don't trust, always verify" and organisations could make use of segmentation and better application and user-aware access controls to do it.
- Application whitelisting - The best way to approach cyber security is by application whitelisting where applications are identified before they enter the network at the next generation firewall platform. Next generation firewalls have the capability to address APT attacks and have appropriate security policies in place to safely enable the desired applications. To comprehensively address cyber security related threats, the network security platform should have an integrated next generation firewall with integrated APT as the platform must have the capability to detect, prevent and remediate in case of any breach of security.
What are some of the most active threats in the Asia Pacific region today?
According to Palo Alto Networks Application Usage and Threat Asia Pacific Report,
- 98% of all exploit logs were found in nine applications; seven of them are internal/infrastructure applications (databases, Active Directory, RPC, etc.)
- 99.99% of all malware logs were found in only four (out of 1,244) applications with custom/unknown-UDP representing the highest volume at 45%
- Most of the active threats come from business applications that were used as vectors by hackers, which include custom applications. In this case, threats refer to a combination of application vulnerability exploits (think IPS) and malware (spyware, botnets, adware, etc) - applications that everyone needs. Based on our Application Usage and Threat report, 98% of the vulnerability exploits in only nine applications and out of these, seven are running your business. Exploits are defined as injection attacks, code-execution, and overflows while malware is defined as botnets, adware, spyware and such. This tells us that the high value assets that run the business are heavily targeted by cyber criminals.
- Another source of threat are the applications that many enterprises choose to ignore - DNS and custom/unknown UDP - that are present in every network traffic. Both stateless in nature, Palo Alto Networks saw 71% of the malware logs in these applications, indicating that attackers have become adept at hiding in the shadows. Some of our findings are,
- 25% of the applications (317) use SSL in some way, shape or form
- 83 of the 317 applications that use SSL, never use port 443, nor do they use SSL defined ports (37 hop ports, 28 use tcp/80, 20 use ports other than tcp/443)
- Lastly, unknown and detected applications are also a significant source of attacks in the Asia Pacific market.
How would BYOD impact businesses in the Asia Pacific region? What is BYOD's implications in terms of risk management, data protection, and data management?
- The more devices connected to the Internet, the more opportunities there are for cyber criminals to break into the network - Whether it's connected cars, smart cities, telemedicine, the digitalisation of all of our information - business, and personal in the case of a targeted attack - offers more reasons for businesses to be hacked.
- BYOD is both a necessity as employees, partners and customers get access to the enterprise network from within and outside enterprise network boundaries, as well as a contribution to the increased productivity in enterprises. However, it also exposes enterprises to significant risk unless there are policies in place to safely enable these devices and applications on them. It requires security policy implementation so that there is uniform enforcement of security policy independent of which device is used to access enterprise resources.
How can local businesses change their strategy to cope with the new threats?
- A new way to practice security is to safely enable business relevant applications rather than establishing security as an afterthought: We enable organisations to take a proactive approach. For example, by bridging the communication gap between business needs and security staff with security policies designed so that security can be part of the business enablement process.
- Adopt a security platform that is more adapted to (1) today's use of the Internet and (2) modern cyber threats - Palo Alto Networks uses an unconventional approach, from the ground-up approach to build a new and innovative security platform
Details: Flip upside down the traditional approach to network security: from "Let all traffic in, then detect what's malicious" to "specify which applications can be authorised on our network to support our business, safely enable them, and block everything else, including known and unknown threats."
- A platform approach: With a platform that natively brings all security functions together and eliminates siloes, Palo Alto Networks empower security teams to focus on what matters and gain full control over the state of their network security - security teams become more efficient.
- Details: by identifying and controlling all network traffic, security staff can eliminate unnecessary traffic and immediately reduce the scope of the security challenge. They can then focus their efforts on what really matters: investigating suspicious traffic. By being able to inspect all suspicious traffic all the time, regardless of end-point/device, user location, source and destination, Palo Alto Networks can rapidly stop more sophisticated threats such as APTs that might stay dormant for months.
What can governments do to help organisations become more secure?
- Governments need security infrastructures that have the capability to safely enable the applications being used in their environment and for citizen services to protect their own infrastructure. At the same time, they should have recommended infrastructure security requirements for enterprises as in a targeted and coordinated APT attack, one breach can lead to another, impacting the IT infrastructure of the country. An infrastructure for safely enabling applications in both government and enterprises allow countries to leverage IT to improve productivity. It requires the capability to detect, prevent and remediate a security problem, in case of a breach.