Guest blog post from Jeffrey Bazar, Chief Strategy Officer, Deepfield
How is network security changing, how are attacks impacting infrastructure and what action is required?
Enterprises are moving their services and applications from their own data centers to the cloud, leveraging services like AWS and Rackspace. On one hand, the cloud gives enterprises more options to deliver services and scale easily to millions of customers. On the other hand, hybrid clouds firstly give attackers new options to launch larger more damaging attacks, secondly bring to an end the enterprise perimeter .
If you are leveraging VMs in the cloud, you potentially have a compromised VM or IaaS account. These compromised VMs can be used to launch volumetric attacks with cloud scale resources—1000s of 10 gigabit links at an attacker’s disposal for much bigger attacks. Also, the enterprise perimeter is crumbling. The days of protecting your infrastructure with just a firewall are over. Specific components of your services have moved outside the castle walls to third-party database services, hosting providers, and transaction servers. Attackers can focus on identifying one weak link in the cyber supply chain to take down mission-critical services.
Security professionals need to build a hybrid approach to security. They should invest in infrastructure solutions that provide context to better baseline and protect their network.
What is the role of telecom operator in Internet and cloud security?
The age of dumb pipes is over. The data center cloud is the new Internet, the CDN is the new Internet, and cloud computing is the new Internet. Telecom operators now play a critical role in delivering and protecting the new cyber supply chain of cloud services. As a consequence, it is not just about protecting and ensuring delivery of traffic over the top through peering connections, but it is also about doing so for traffic originating from the data center requiring improved granular monitoring—that is, every session, every conversation, every server. If a VM or container in your own cloud is compromised, you need to block attacks in the DC. With the adoption of IoT and cloud, operators need a more scalable and context-aware visibility solution that enables the operator to proactively detect probing endpoints looking for vulnerabilities and new attacks.
What are the security challenges represented by IoT?
Scanning has always been a part of the Internet traffic since the days of Morris worm. But today we see scanning on an industrial scale. In large networks and data centers, we are seeing every IP Address scanned for ports multiple times a day at scale. Scanning was a problem in compromising PCs during the 1990s and early part of the century. The problem today is everything else, 10s of millions of IOT devices.
You can’t run anti-virus on these devices to thwart attacks. Worse, even if you proactively find a vulnerability in the software running on these devices, there really is no efficient way to patch the software. Moreover, many of these devices use clear-text passwords and have outdated software, making it easier to compromise these devices. In terms of examples, it turns out the scale in our office sends personal weight data to servers in OVH (data centers in France). Since these servers change over time, it is really hard to detect attacks or enforce security policies with no context.
How can an operator help with IOT security?
Again, this is where the ability to have granular monitoring capabilities—that is, every session, every conversation, every server—could help baseline normal IOT behaviors. If the end points don’t have sufficient security, an operator could possibly leverage these insights to alert its customers about anomalies and potential attacks.