< PreviousSecurity must also be high on the agenda Security is also a major concern for enterprises operating a hybrid model of work, particularly after the UK’s National Cyber Security Centre reported an increase in attacks following the pandemic-driven introduction of hybrid working. The shift to hybrid gives criminals an extended attack surface that may include hundreds of connections to employees’ homes. Many domestic networks use easily guessed or default passwords or may be configured without encryption, providing an enticing point of vulnerability for an attacker seeking access to a corporate network. Applying security policies to each remote worker to prevent such ingress can be complex and expensive. For example, applying the same policies and controls could require the deployment of a firewall at each employee’s home, which is not only costly but creates substantial management overheads. Alternatively, each employee could be provided with a remote VPN connection back to a central office location. Yet routing back through an office location hardly makes sense as organisations increasingly move to decentralised services through SaaS models and public cloud deployments. How SD-WAN makes networks application-aware Organisations now need to resolve these considerable challenges through the implementation of application- aware networks using SD-WAN technology (software- defined networking in a wide area network). This cloud-ready solution gives visibility over applications and enables organisations to control and direct traffic intelligently and securely from a central location across the WAN. SD-WAN separates the control and data planes and monitors performance, prioritising applications in line with an enterprise’s own, defined policy. Unlike traditional WAN architectures which lack the central visibility and control required for distributed IT environments, SD-WAN delivers a step change for businesses, providing the agility to configure and make changes to multiple devices at the push of a button, saving time and increasing efficiency. Organisations can enforce their own policy, based on user experience, with network priority given to the most business-critical applications so they avoid problems such as jitter, lag, or brownouts. And because they are able to reduce the time required for configuration and troubleshooting, businesses employing SD-WAN benefit from significant operational cost savings. Rolling out new applications becomes quicker and less costly across multiple sites. As more organisations adopt SaaS and cloud-based services, SD-WAN and application-aware networking are becoming business-critical necessities. From a security perspective, SD-WAN dovetails with the zero-trust model of security and the use of multi- factor authentication. In this approach, each network application and user must verify itself at thresholds, while the technology monitors how data moves around. It is also capable of supporting end-to-end encryption into the cloud and makes the installation of firewalls much quicker and simpler. Where edge computing fits in SD-WAN is the cornerstone of the application-aware network. By understanding the applications used across the network, organisations can classify and apply appropriate application tuning to ensure optimum performance for each user. However, application-aware networking can also work alongside an edge computing strategy to drive further efficiencies. Edge computing is where the cloud and physical data come together, where the digital and physical world intersect. It enables organisations to collect data and process it close to the end-user to create new value. Until relatively a few years ago, it would have been impossible to sustain high-speed data transfers necessary for edge applications using AI in most of the UK. The creation of edge data centres now enables organisations to run analytics locally once models have been trained on masses of data in the public cloud. These advanced capabilities open the door to industrial IoT applications such as digital twin technologies. These are the Industry 4.0 advances that reshape manufacturing and logistics operations through advanced automation, transforming the efficiency of manufacturing, extraction and refining processes, even in isolated sites. The beneficial relationship of edge and SD-WAN Edge either works independently of SD-WAN and application-aware networking or in conjunction with it to enable organisations to identify and prioritise application traffic. The latter has proved to be well- suited to the multi-cloud environment. SD-WAN in the core network of an edge platform and at the on-ramp to the public cloud will underpin high application performance for an organisation regardless of its location, overcoming any potential application aware networks www.networkseuropemagazine.com 70latency or congestion problems with the data that must be backhauled to a hyperscaler’s hub for processing. Security is significantly strengthened through monitoring and encryption between different sites. Although edge does not depend on SD-WAN, the increasing use of software to define and optimise network performance will inevitably accelerate the full operationalisation of edge computing platforms. The advantages of application-aware networks have become obvious From efficiency, optimisation and security perspectives, the gains of application-aware networks are becoming obvious. Businesses that implement or benefit from SD-WAN have access to far greater levels of application intelligence to improve connectivity, efficiency and performance. They achieve faster resolution of the network problems hindering application performance and reducing the strain placed on their workloads. All businesses with access to SD-WAN, including managed service providers, can use edge platforms to offer new levels of customer experience and service. They benefit from the operational and visibility benefits of application-aware networks and SD-WAN on the one hand, and the low latency and high bandwidth of edge computing on the other. Confident in their own performance, they can provide SLAs to guarantee that their customers enjoy consistently low latency and high reliability. This becomes possible almost regardless of the strength of their network connection. Enterprises gain considerable cost and performance advantages, deploying and updating powerful new applications almost at the push of a button. These are major advantages for service providers and enterprises alike, transforming user experience, creating value, and advancing digital transformation as the world of work continues to evolve and demand greater agility and efficiency. application aware networks www.networkseuropemagazine.com 71Next-generation mobile technologies are bringing an evolutionary shift in connected devices and 5G usage. However, these new services have also caught the attention of cyber attackers, with DDoS activity rapidly increasing since 5G non-standalone (NSA) networks were first launched. Carriers have since begun to deploy 5G standalone (SA) networks, which is consequently providing attackers with an even greater attack surface with even more valuable targets. How CSPs Can Protect 5G Expanded Services Ted Curtis, Senior Engineer at Netscout 5G expanded services www.networkseuropemagazine.com 725G expanded services www.networkseuropemagazine.com 73The greatest threats for 5G service providers For 5G service providers, the greatest threats involve network availability or downtime, loss of data, and being unable to meet regulatory or compliance requirements. When launching a DDoS attack, the primary goal is to prevent an online service from functioning by overwhelming it with traffic. The resulting impact of DDoS attacks on network availability is, therefore, a big concern for 5G providers. The impact of DDoS attacks also affects their enterprise customers. In a survey by Accenture, 35% of business decision-makers expressed concerns about 5G security, and 62% feared that 5G will expose them to further attacks. 5G expanded services www.networkseuropemagazine.com 74However, it is ultimately the direct impact of DDoS attacks on network availability that service providers are most concerned about. In the event of a significant DDoS attack, both 5G service providers and enterprise customers face the biggest implications in the aftermath. Key areas of concern It’s clear that communications service providers (CSPs) have much experience with DDoS attacks, often being among the most targeted industries globally. However, the deployment of 5G presents specific concerns for service providers. Firstly, 5G SA networks are currently in the early stages of deployment and allow mobile services such as massive machine type communication (MMTC) and enhanced mobile broadband (EMBB). Combining the potential vulnerabilities of developing networks with communications that have minimal interference from humans is exactly what cyber attackers find so appealing as a target. Secondly, the expansion of Internet of Things (IoT) devices has grown tremendously in recent years. Each connected device produces its own expanding attack surface, making it more vulnerable and easier for DDoS attackers to compromise. The demand for new and expanded services through 5G networks is likely to increase as time goes on which, as a result, will drive the use of 5G devices and network usage upwards, leading to more attacks. How CSPs can stop attackers Throughout the Covid-19 pandemic, service providers have managed huge spikes in legitimate network traffic – with additional video conference calls, streaming and gaming – as well as defended critical network infrastructure from an increase in attacks. Moving forward, for 5G networks to deliver new revenue opportunities and services, operators will need to take more proactive steps when it comes to safeguarding the critical aspects of their business – customers, services and networks. Firstly, CSPs must ensure there is end-to-end visibility of service traffic inside the packet core, as well as when traffic enters and leaves. To be able to identify risks in context, it’s crucial to have a complete and consistent view across control and user plane activity inside the core. Providers also need to be able to view traffic to or through key infrastructure. CSPs should also take a risk-based approach to protecting services. Services drive return on investment, but they don’t all have the same requirements or risk levels. Deploying visibility, service and security assurance capabilities should focus on ensuring the right capabilities for the right services. Furthermore, threat intelligence is a vital tool for service providers with regards to threat detection and mitigation, identifying compromised devices communicating across a network, and automating responses to specific attacks. As mobile malware continues to proliferate, and as more IoT devices are deployed, botnet population monitoring has become even more important. It's also recommended that CSPs automate attack detection, rate limiting and mitigation. Threats should be detectable across control and user planes and service-enabling infrastructure. The ability to quickly rate, limit or mitigate via either direct intervention or network policy functions is key. However, while threat detection capabilities are important, so is having an ongoing view of trends in network, service and user behaviour. Situational awareness via consistent visibility and smart data metrics plays a major role in getting ahead of threats and identifying outlier behaviours and misconfigurations. It’s clear that for every new opportunity 5G opens to service providers, it also creates new and lucrative opportunities for attackers. By taking a proactive approach to threat detection and mitigation, CSPs can respond faster to any detected threat, ultimately protecting 5G networks and accelerating the adoption of services running across them. 5G expanded services www.networkseuropemagazine.com 75For decades, cybersecurity has focused on creating a secure perimeter that is designed to keep adversaries out. But this creaky old paradigm has been on its last legs for many years, and during the pandemic, it almost disappeared. Cybersecurity Has Changed and Identity is the New Perimeter Joseph Carson Chief Security Scientist and Advisory CISO at Delinea cybersecurity perimeter www.networkseuropemagazine.com 76When lockdowns forced millions of people to work remotely, the concept of encircling walls and digital fences became yesterday’s news in a matter of weeks as organisations around the world were forced to find new ways of accessing corporate data remotely. The changes created by this reality have seen identity emerge as the new perimeter and organisations must respond to this or pay the price. A new perimeter is here and must be secured in a new way. So, what does this mean for organisations, and how should they prepare? What Happened to the Perimeter? The cybersecurity sector has been proclaiming the end of the perimeter for a long time. In 2003, a collective of CISOs led by Royal Mail security chief David Lacey, founded a group called The Jericho Forum to focus on the concept of “de-perimeterisation”. “The traditional electronic boundary between a corporate (or ‘private’) network and the Internet is breaking down,” it wrote in a research paper. The Jericho Forum urged the industry to wake up to a world in which the perimeter was dead, issuing a series of “commandments” for a “de-perimeterised future”. Today, that future is here. When the end of the perimeter was first declared, the trends contributing to its demise included Bring Your Own Device (BYOD) and a rise in phishing incidents targeting employees. These changed the nature of the perimeter as criminals were able to get inside the network by tricking staff into opening malicious emails or by attacking their vulnerable personal devices and therefore enjoying unfettered, privileged access without needing to bypass external defences. The attackers simply disguised themselves as employees to gain access. Today, a rapid rise in cloud migration and the increased importance of remote or hybrid working are the trends that have salted the earth around the traditional perimeter to ensure it will never grow back again. Recent stats from the ONS on the social impact of covid-19 found that 25% of UK employees spent some time working remotely, either full-time from home or in some sort of flexible hybrid arrangement. In this new working environment, organisations are no longer protected by the digital equivalent of thick walls around their fortress (the office). Instead, each staff member has their own entrance into the network, which is secured by their digital identity or by the device managed and secured by the company. This approach is convenient and well-suited to distributed workforces. Yet it also creates vast numbers of vulnerabilities. The Peril of Privilege For many organisations, passwords and usernames are still the most important part of identity-based security, and also a critical threat. The 2021 Verizon Data Breach Investigations Report (DBIR) found that 61% of all breaches involved attackers exploiting credentials. cybersecurity perimeter www.networkseuropemagazine.com 77Unfortunately, many organisations’ attempts to secure identities are bogged down by legacy infrastructure and technical debt, limiting their ability to respond to the threat. At the same time, there has been a significant increase of remote workers who have a privileged user account with extensive access rights and administration capabilities. These accounts are a major target for cybercriminals as they allow access to a wide range of assets and powers including the ability to access and alter sensitive material or even erase logs to cover their tracks. In fact, almost every user can now be considered privileged in some way because they can access at least some sensitive data or information. Unfortunately, this vastly increases risk because threat actors have many targets. The compromise of a single user’s credentials will allow cybercriminals to escalate privileges and gain access across the entire network. Attackers do not need to launch a full-frontal assault anymore, instead, they are quietly and patiently chipping away until they find just one credential which allows them to get inside the network. If we imagine an organisation as a fortress, the old model would see its crown jewels (data, apps and other valuable targets) surrounded by thick walls and deep moats. Attackers would have to brute force their way in, which is demanding and difficult. In the era of remote working, the castle has a myriad of entrances – each with its own key. Threat actors have many ways to get these keys and a vast array of targets, with both human and non-human entities such as applications or automated security systems holding credentials that will grant them privileged access. The castle walls are still up, but they cannot hold. So how should organisations secure themselves in the age of identity- based attacks? Identity Crisis The first step in securing identities requires a shift in thinking that recognises the fact that all users are privileged. However, they are not equal in access or risk. If a user only needs to access work email or non-sensitive documents, a password or multi-factor authentication may be appropriate. If they access sensitive customer data, the user should be required to undergo more rigorous authentication and verification to gain authorisation. A time limit could be placed on their access as one way of reducing risk. They could also be asked to file a digital request to interact with data explaining why they need access which includes a full audit trail. Once all users are regarded as privileged, the work must begin on training them to follow best practices and avoid sharing passwords or using the same memorable phrases across systems and maintain other basic cyber hygiene practices. We must help employees move passwords into the background using privileged access solutions that provide more automation and reduce the need for employees to remember passwords. Employees at all levels cybersecurity perimeter www.networkseuropemagazine.com 78within an organisation should understand the risks associated with the privileges they have been entitled to because the compromise of their account could be a steppingstone that lets adversaries extend their attack by accessing accounts with greater privileges. The techniques used to access accounts are frighteningly simple. Social engineering is a weapon that is never blunted, for instance. Threat actors can now gain open-source intelligence from social media reconnaissance and build highly convincing phishing emails which allow them to steal credentials and gain an initial beachhead. Once inside, they will linger and seek opportunities to move laterally, extend privileges, seed malware, exfiltrate data and establish back doors. The average dwell time currently stands at 24 days - which is an exceptionally long time in cybersecurity. Access Control Privileged Access Management (PAM) solutions can guard the new perimeter, which should be defended by a security solution that provides interoperability, automation and orchestration. It enables organisations to better protect user access with elevated access authorisation and admin powers. PAM solutions provide critical capabilities to protect privileged credentials and reduce business risk. These include secure credential management, tracking of privileged activity, password masking and rotation, as well as implementing session monitoring controls. Modern PAM offers security teams the ability to randomise and manage passwords, control access to privileged accounts and isolate, monitor, record and audit privileged access sessions, commands and actions. A PAM solution helps move passwords into the background and enables an organisation to move to non-persistent privileges also known as the principle of least privilege. The IT and security stack should be integrated to create a central control point that can manage identity across the company network. When solutions are deployed, they must be interoperable with existing technology to create a layered security system made up of products that work together effectively. Traditionally, organisations simply chose the best security solutions on the market and hoped for the best. This is no longer sufficient. Whenever a new solution is added to the mix, it must be interoperable with all other security systems and add value to the business. Value can be measured by simply reducing wasted time or helping employees do their job. Automation allows cybersecurity solutions to enhance the work of human staff, rather than slowing them. Secure access should be frictionless, with authentication, authorisation, monitoring, and other processes taking place automatically in the background. Users should not have their work hampered or interrupted by security. When identity security solutions are in place, the focus should be on orchestration so that all the products work together. PAM can take the lead here, allowing security teams to create a multi-pronged defence that allows seamless secure access when risk is low – and locks down systems or seeks further information when danger levels are high. A focus on interoperability, automation and orchestration will help mitigate the risk of a threat actor exploiting stolen credentials, but also provide a frictionless experience that allows the workforce to benefit from the productivity boost offered by a cloud- based, remote-ready environment. The traditional perimeter was doomed a long time ago – but now it is being replaced. Yet, in its place is a porous, flexible and ever-changing perimeter created by identity. Responding to this new reality is non-optional. Identity is already a battleground for threat actors. The decisions organisations make now will help them reduce the risks. cybersecurity perimeter www.networkseuropemagazine.com 79Next >