Internal IT Networks Hostile Environments


My prediction is that in 2016 the new IT Security paradigm based on viewing and designing internal corporate networks as if they are a hostile environment will gain traction.

Current State of Affairs

With the implementation of Next Generation Firewalls the perimeter walls of our IT networks have never been more robust. As a result, criminals are finding it increasingly difficult to penetrate networks by storming the walls.

This security model based on fortifying the perimeter has been prevalent for many years, but much like the famous Maginot Line, has been found wanting. Cyber Criminals have reverted to old techniques and are simply walking around the defensive wall.

The primary mechanism for this is targeting what many security professionals derisively term as the weakest link in the security chain – People. And in 2015 the malicious email (Phishing) came back in vogue.

Various methods are employed. Malicious code embedded in attached documents, instructions within the email to click a link leading to a website which injects code into the user’s browser, or alternatively, spoofed websites with the appearance of familiar login pages.

Whatever the tactic, the results are the same – the criminal gains a foothold in the network.

Yes, we can employ user training and awareness which has shown to be effective in reducing the number of successful phishing attacks, but it only takes one user mistake. One click, one moment of distraction and the criminal is inside the network.

And no longer can we necessarily blame the user. With the explosion of social media there is a smorgasbord of juicy information on the Internet for the criminal to leverage in meticulously researching and carefully targeting their email spear phishing attack.

This is just one problem.

The network perimeter itself is becoming fuzzy with the adoption of Cloud Technologies and the explosion of mobile devices. Not to mention the malicious and non-malicious insider-threat.

I could go on in this vein, but I wanted to make the point that the the hardened security perimeter model is not working. Worse still, this model has birthed internal networks based on trust relationships. The key assumption being that those on the network can be trusted.

Once within the network criminals are leveraging these trust relationships against us. It is now trivial to escalate privileges, bypass access controls, spoof administrative rights, move laterally, and ultimately horizontally, ever upwards through the chain of trust to the data “crown jewels”.

A New Security Paradigm

2016 will see a new security paradigm take hold, one based on viewing and designing the Internal Network as a hostile environment. This model will be based on an “Assume Breach” assumption. This might sound negative, but will have several advantages over the traditional school of thought.

Firstly, networks will be designed with breach mitigation in mind. Implicit, baked-in trust relationships and privilege will diminish and micro-segmentation of networks and application sandboxing will grow.

Secondly, enterprises will move towards fine-grained control over all devices connecting to the network. Devices themselves will not be implicitly trusted. Only identified and known devices – fully encrypted, authenticated, authorised and in the correct “state” – will be permitted access – and then only to carefully managed “unprivileged” micro-segments of the network.

Thirdly, security focus will move back from the perimeter to the internal network. Emphasis will be placed on what is happening inside the network and who is doing what. Utilisation of baselines of device and user “normal activity” and behaviour biometric technologies will grow.

These are the logical outworking of the new IT Security paradigm I believe will gain traction in 2016 and beyond.