In this Cyber Talk article, expert Ilan Uriel discusses the status quo in network security and why organizations should rethink their network security strategies. These are security insights for the new normal and beyond.
About Ilan Uriel: Innovation evangelist at Check Point Software Technologies. Over 25 years of experience in the computer industry as a hands-on developer, designer and architect of security, virtualization and IT products. Focuses on innovation of new cyber security solutions and integration of Check Point security solutions in cloud environments and modern frameworks. Inventor of various patents related to virtualization and security. B.A. in computer science, law and management. Join Ilan Uriel for a dynamic cyber security discussion, right here:
EXECUTIVE SUMMARY:
As my mother received her first dose of the coronavirus vaccine, a friend of mine just started a treatment to balance his cholesterol, using a medicine that was invented in 1971.
We are as healthy as our weakest organ in our body. Put it in other words: There is nothing to celebrate if you are negative for Covid-19, but about to be knocked out by a cholesterol issue.
When it comes to our health, everyone understands the “weakest organ in our body” concept. Therefore, we constantly strive to ensure that our entire bodies are healthy.
Since health is complicated, we manage it with our health partner, also called our doctor. Together, we constantly define, audit and, if necessary, treat our health condition.
This simple reality is identical for network security: Your network is as secured as your weakest link in your security system. There is nothing to celebrate if your Kubernetes repository is constantly verified by the best cloud scanners, but it’s about to be knocked out by an exposed laptop, lacking essential endpoint security.
Unlike our health management, some of us tend to ignore/ forget /miss the “weakest link in our security system”. We require a security partner, a “security doctor”, to work with us in order to define, audit and, if necessary, treat our computer systems.
Unfortunately, there are many misconceptions leading decision makers to relax about their security status much too early; they end up adopting the wrong concepts and missing important steps in the security management lifecycle.
Here are examples of misconceptions:
- I am deploying my product in the cloud, therefore using a cloud security product means I am fully covered – wrong
- I am using Kubernetes, therefore limiting access to my containers means I am fully covered – wrong
- I do not need a firewall unless I am securing my physical on prem network – wrong
- Agents belong to the past, sidecars and side scanners are the future – wrong
Now let’s correct those misconceptions:
- I am deploying my product in the cloud, therefore adding a cloud aware security product is mandatory –correct
- I am using Kubernetes, therefore adding container aware limiters on top of the network and host limiters is mandatory –correct
- I need a cloud enabled firewall –correct
- Sidecars and side scanners should be balanced against agents just like roentgen is balanced against an optical camera; none can control the internal organs domain alone –correct
See the difference?
A simple rule in math is that if you add something to the left side of the equation, you should do the same on the right side to keep it valid.
Now let’s be honest: We added cloud computing to our world and continued to use our previous systems. So security now means cloud security + traditional security. Our mobiles, laptops, hosts, VMs and operating systems we run in the cloud are all “traditional”, which are now combined “with and into” the cloud. They don’t invalidate each other.
How to conceptualize cloud security in relation to traditional threats
If you are running a new framework in the cloud, it makes as much sense to ignore traditional threats as it does to ignore cholesterol issues due to concerns around Covid-19.
Unfortunately, this security misperception is widespread. It’s been perpetuated by those who can provide you with a specific security solution as opposed to those who can provide you with a security partnership.
The latter are dealing with broadening their products, so they embrace everything: new and “old”, cloud and on prem, mobile and static, as this is what it takes to achieve total security.
The luxury of dismissing what you cannot offer as something “old” or in favor of promoting the “new thing”, belongs to those who cannot sell you total security and at the same time, have to answer only for their small little corner in the wild area called: “security threat land”.
So how do you get a security partner and not a security solution provider?
- Your security partner should be able to offer you all security products, head to toe.
- Your security partner does not ignore traditional threats in favor of new ones – it is a malpractice, just as avoiding a medicine is because it treats an ‘old’ disease.
- Your security partner enfolds new security technologies into existing ones instead of excluding existing security technologies.
- Your security partner maintains full coverage of the entire security landscape, at all times, and not just specific spots in it.
- Your security partner balances between different technologies where needed by diving with you into the smallest details instead of claiming that in some magic way, one single thing can now do it all. Next time you hear words like “agent”, “scanner”, or “instance”, think about blood tests, roentgen and tiny cameras and allow yourself to be impressed by the doctor who best utilizes each one.
To retain your network health, treat it in a similar manner as you would treat your physical heath. Do not avoid/ replace your security partner with a security solution, just as you would not replace your doctor for a bottle of vitamins.