The enemy of security is complexity

Few people would argue that IT security is an easy field to work in. There are numerous hurdles to contend with, from an alarmingly high rate of burnout to long working hours, but among the most challenging aspects of the industry is the staggering rate of change that security teams are expected to keep up with. Security is one of the most complex parts of any organisation, and its parameters can change at a moment’s notice – which can make it an incredibly complex task to manage.

To see this in action, we only need to look at the network perimeter. The gradual growth of cloud services over the last few years has been introducing progressively larger holes into the concept of the traditional network perimeter, as defined by a corporate WAN protected by firewalls and gateway appliances. As line-of-business teams began using more SaaS applications, the amount of potential entry points into the business for attack methods like phishing have dramatically increased.

Now that COVID-19 has necessitated the mass adoption of remote working, that perimeter is no longer the primary point of concern. Instead, security teams have had to pivot rapidly to a fully remote environment. This has involved not only making sure that every single employee has access to a properly secured laptop in order to get their work done, but also that the proliferation of cloud accounts which are now essential for day-to-day business operations don’t become compromised. All of this had to be done in a matter of weeks, if not sooner.

This presents a huge challenge in terms of identity and access management; accounts need to be guarded with multi-factor authentication to prevent hijacking, proper monitoring needs to be used to ensure any account compromise is swiftly detected, and role-based access permissions have been utilised to ensure that any potential insider threats are neutralised. These measures also need to be applied to cloud accounts and data centre assets, as well as endpoint devices, and keeping track of that many systems and resources is not easy.

RELATED RESOURCE

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

FREE DOWNLOAD

Cyber criminals are well aware of this, and are exploiting the recent changes in working practises to try and prey on ill-prepared businesses.

“We're very much seeing the entry point being focused more towards users, than infrastructure previously,” says Trend Micro principal security strategist Bharat Mistry. “Hackers know there's a raft of remote workers out there, and what they're relying on is misinformation. They’re using the easy tactics to get in, so not the sophisticated attacks that we've seen in the past; they're not looking to use zero-day vulnerabilities or anything like that. But what they are doing is using phishing and highly targeted spear phishing campaigns, leveraging the fact that humans want that emotive reaction.”

Complexity equals risk

Infrastructure sprawl is another problem, but one that existed prior to COVID-19. Companies spin up new infrastructure to deliver different capabilities, and before long they can end up with a multitude of environments spanning public clouds, private clouds, hosted locations and more. This is compounded by the fact that many organisations attempt to establish their public cloud infrastructure while still using an on-premise mindset, which results in systems that don’t talk to each other.

“What invariably happens is, you end up with a siloed approach,” Mistry says. “You have a siloed set of infrastructure for your on premise data centre, you have a silo approach for, let's say, AWS, and you have another silo for Microsoft. The problem now is that you've got three separate tool chains, which don't talk to each other, have different processes, have different runbooks across them as well. And from an operational point of view, you've got a multitude of consoles that you need to then swing across.”

“Complexity equals risk. The more complex you are, the higher risk you've got, because any changes could have a high impact. A very quick example of that is if you think about an endpoint like a laptop,” he says. “Let's say you've got four or five security agents on there; when you make a change to one of them, what's the impact on the others? How's that going to work? It's things like that, that cause the complexity.”

Patch management is another area in which complexity can have major negative impacts. With a homogenous, single-vendor infrastructure – whether that’s data centre or endpoint hardware – all security patches will be applied with the same set of tools. You can also generally assume that the compatibility between them won’t be broken by the content of any of the patches.

With a complex and diverse IT estate, however, there are no such guarantees. Security patches frequently introduce moderate to severe compatibility issues, and managing multiple vendors’ patch deployment tools and release schedules can turn even the simplest fix into a headache-inducing operation. It also makes it much easier to lose track of which systems have outstanding security updates that need to be applied, and as we’ve seen with numerous data breaches over the last few years, all it takes is one forgotten patch for hackers to find their way into a network.

What about the staff who are actually applying these fixes and monitoring this infrastructure? IT security teams are frequently understaffed and stretched, and the more complex the estate they’re asked to manage, the longer the time it will take each team member to complete a given task. This means that things can easily fall through the cracks, which can lead to unfortunate consequences. As the economic shockwaves of COVID-19 continue to be felt, many teams are even being forced to downsize, making the problem even more acute.

Automating as many manual tasks as possible can be a great help in saving security teams time, streamlining their work and making them more efficient. Another option is to centralise as many monitoring and maintenance tools as possible, so that security operatives can cross-check all relevant systems in one place, rather than having to bounce between multiple different admin consoles.

So how can organisations combat this growing complexity without radically redesigning their architecture and increasing the size of their security teams? One option is to invest in an enterprise security platform like Trend Micro’s Apex One, which creates a comprehensive framework including full-stack protection capabilities such as endpoint detection, response and investigation capabilities and anti-malware, as well as advanced capabilities like AI-driven analysis and insights, while the Smart Protection Complete suite adds content filtering and email scanning.

This also addresses the challenges of managing a large estate; centralising all of your protection under one platform gives security teams a single-pane-of-glass management console from which to monitor and remediate security issues. Combined with Trend Micro’s Cloud One platform for network and workload security, it allows admins to retain simple control and visibility across the full scope of an organisation’s IT assets.

Finally, Trend Micro’s XDR package delivers a true multi-layered solution for threat mitigation, combining data streams from across your organisation with smart AI intelligence to create genuine, actionable insights. This allows security teams to cut to the heart of problems by delivering meaningful insights and preventing wasted cycles.

To find out more about how Trend Micro can help you consolidate your security solutions to save time, money and resources, please click here

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.