Ravi Chauhan, MD, India and SAARC, Juniper Networks, reiterates the importance of assessing high risk areas
The greatest risk areas need to receive adequate attention and assessment on how they can address serious security threats. In conversation withN Geetha, Chauhan emphasizes how security should be aligned with business functions to make the environment truly secure
Why do you think the efficacy of emerging network security technologies is questioned?
One of our studies along with Ponemon Institute indicated that a majority of the respondents, who include senior IT practitioners, agreed that emerging network security technologies are not as effective as they should be and do not minimise attacks that bring down web applications or block unwarranted internet traffic.
The security chiefs argue that emerging security technologies only address a part of the cyber security threats facing their organisation. The primary reason is that the emerging security technologies fall short of vendor promises; also, organisations focus on the inside-out threat and, hence, do not take a more holistic approach to managing cyber security risks. Their experience indicates that the new technologies are most effective in minimising general malware, advanced malware and botnet attacks. What is considered less effective is minimising hacktivism.
One of my concerns is also about how much the existing tools are safe--which could address new sophisticated risks. Companies remain focused on the inside-out threat. However, the rise of external attacks suggests security technology investments need to be more comprehensive and holistic.
What are perceived as the greatest risks to network security and threaten their network security posture?
These are a lack of system connectivity/visibility, malicious insider risk and mobile devices (such as smartphones and tablets). Whats considered to pose the least risk are the network server environment, data centres and lack of organisational alignment.
Users believe their organisations should raise awareness about emerging threats, increase visibility to web traffic and expedite the move from on-premise to cloud environments. Minimising false positives is of less priority. Efficacy of emerging network security technologies securing web traffic and increasing visibility to applications and the cloud are important. A majority believe that securing web traffic is by far the biggest network security concern for their organisations. Just half of the respondents say their organisations use emerging network security technologies to heighten visibility to applications and the use of cloud services.
NGFW offers pluses and minuses. Fifty-seven percent of respondents say their organisations NGFW suffers performance degradation when deploying the IPS feature while 14 percent are unsure. Intrusion prevention systems (IPS) and firewalls are considered the most effective features in the control of the security of the organisations network. The application control feature in NGFW is most often configured say the majority.
For many organisations, the reasons for not having granularly configured application controls is that concerns about settings that are too granular and management set the level. Concerns about false positives curtail use of WAF. Most say their organisation deploys WAF in block mode. The biggest concern is that its use will affect revenues. Sixty-one percent of respondents say that if they dont use WAF, it is because of the high false positives that sometimes block real customers. This is followed by the difficulty in setting and updating blocking rules or policies.
A significant amount of time is spent setting up, configuring and updating rules or policies for WAF. Only 21 (9 + 12) per cent of respondents say they can immediately (or within a few hours) set up and configure their organisations WAF. The majority of respondents say that it can take at least a few weeks to accomplish these tasks. It is said that technicians spend less than four hours each month to update rules or policies for each WAF. It can also take days each month to update rules or policies for each WAF.
Many believe blocking of IP addresses is an effective security measure.
Does the blocking of IP addresses make users uncomfortable?
A majority believe such actions make their organisations uncomfortable because of possible false positives which could block legitimate traffic and the need for a more granular identification method than simply IP addresses.
By far, the two most serious types of cyber attacks are web-based and denial of service attacks. The least are viruses and hacking.
What are your thoughts on projecting data centres against global attacks?
Today, companies are struggling to keep pace with the increasing volume and sophistication of cyber attacks, particularly those aimed at web applications and servers, which deal in high-value traffic and typically reside in data centers.
This leaves significant exposure to the most concerning attacks, and protecting against these attacks requires security systems that incorporate real-time, definitive and actionable intelligence about attackers.
To effectively secure data centres, Juniper believes companies must possess knowledge of the attacking devices, not just the IP address, and quickly disseminate that intelligence across the data centre and into the network.Juniper Networks can deliver this intelligence through its Junos Spotlight Secure global attacker intelligence service, which acts as the consolidation point for attacker and threat information, feeding real-time intelligence to Juniper's security solutions. The first products to leverage Spotlight Secure security intelligence areJunos WebApp Secure andJuniper Networks SRX Series Services Gateways.
Juniper Networks security solutions will also be incorporated into security service chains, as outlined in the company's recentSoftware Defined Networking (SDN) vision and strategy announcement.This approach will allow additional intelligence to be shared across network layers and enable the quick deployment of security services as part of the SDN service chains.Juniper's vision forimplementingSDN includes four steps, beginning with centralised management, which is available today with Juniper NetworksJunos Space Security Director.
Where do the emerging network security technologies work best?
The emerging network security technologies are most effective in minimising general malware, advanced malware and botnet attacks. What is considered less effective is minimising hacktivism. Most argue that the organisations should raise awareness about emerging threats, increase visibility to web traffic and expedite the move from on-premise to cloud environments. Of less priority is minimising false positives.
CISOs need to periodically evaluate and assess the age of firewalls which are largely static and rope in dynamic tools, as it is found that 60 percent of the current IP related security tools are not fit to prevent new threats. The volumetric attacks are easy to detect, but sometimes the flow rate/size of attack can be hard to manage. L7 or application attacks can be very difficult to detect and if you cant detect them, you certainly cannot manage or mitigate them.
This hinders security professionals from preventing attacks and wastes resources as they chase false-positives. So while the industry has, for some time, had data about potentially dangerous IP addresses through reputation block-lists, this simply isnt enough. In fact, its a very ineffective way to identify and deal with attackers in the datacentre.
Junipers first-of-its-kind Spotlight attacker intelligence service doesnt rely on IP addresses. It is capable of uniquely identifying attackers even if they are NATed or proxied on the same IP address or if attackers change their IP.
Using Intrusion Deception, a technique that uses fake code to trick attackers into exposing themselves, we are able to detect attackers when they are in the process of attacking. After preventing the attacker from getting to any sensitive information, the system gathers various non-personally-identifiable device attributes as part of the standard interaction with Web applications to create a fingerprint.
The attacker fingerprints are then shared with the Spotlight attacker intelligence service so they can then be propagated to all other subscribers of the service. This means if an identified attacker visits another site, they can immediately be tracked and prevented from forging subsequent attacks.
How do you create business value out of security?
IT is important for security officers to bring in innovation and sell security differently within the organisation. Selling IT security is often seen as an insurance policy. Things can go really bad in your network, with your assets, devices, applications and so forth. All the bad guys are out to get you. At the same time, organisations need to be more agile, increase their speed of innovation to be competitive in their respective industry without losing productivity and control of their security. It is critical to align the IT capabilities to business needs and then security can make much sense.
To establish credibility within the enterprise, CISOs must focus on understanding his or her world. What is their business value focus? What is our strategy in context of their agenda? Can we demonstrate what similar organisations are doing in the industry? What did they learn?
The same principle applies to the vendors to make the technologies that they represent effective. We at Juniper believe that security is as much about prevention, defending and compliance as it is about being a business enabler. By demonstrating the breadth and strength in the security capabilities, it is also possible to visualise the real business benefits for the customer by understanding their world and their needs. Basically, what capabilities are we enabling for the customer by leveraging our technology? Too many times, I see sales guys approach a customer by starting to sell without really listening to the customer before talking.