Paul Mah recently had the opportunity to sit down with Sugiarto Koh, the regional director of Sourcefire in Southeast Asia, and quizzed him about the security threats faced by businesses today, and his thoughts on how businesses can defend themselves.
Sourcefire is a security vendor specializing in network security solutions that spans a broad spectrum of organizations, including finance, defense, health care and the IT sector.
CIOs and IT managers will probably identify more readily with some of the open source security projects that it spearheads, which include the Snort network intrusion detection system and ClamAV, an antivirus engine widely acknowledged as the de factor standard for email gateway scanning.
Connected Devices Are Vulnerable Devices
One of the key issues that Koh talked about is the importance of defending the entry point against security incursions.
Anything that has an IP address can be an entry point, says Koh, which includes PCs and laptops, or network devices such as VoIP phones, or even gaming consoles such as PlayStations that are connected to the network. Essentially, there are always ways to gain illicit access into systems once they are connected to the network.
Koh couldn’t have known, since the interview was conducted earlier, but researchers from Malta-based ReVuln recently uploaded a video that shows how they successfully hacked into a Samsung Smart TV – a network-connected television – to remotely access the contents of any connected USB drives. (Samsung has responded and promised a security patch in January.)
As devices are increasingly connected, this obviously leaves a lot of exposure to defend against hackers. How should businesses get started?
Defending Your Network
The level of security that an enterprise should put into place depends on a number of factors, according to Koh. Bigger organizations will obviously have a bigger budget, he says, though spending of 6 to 8 percent of the overall IT budget on security appears to be a fairly typical figure for companies with more than a thousand users.
However, he was quick to emphasize that actual figures can vary depending on the value that individual companies affix to their digital assets. In addition, whether a particular firm is “highly targeted” by hackers, as well as the overall budget of the organization, also has a part to play. As an example, Koh noted how a relatively small organization that does a lot of research may have critical digital assets that require robust protection.
Koh outlined a fairly basic doctrine of security: There should be a firewall on the parameters, and some kind of endpoint security. As users can’t bring the corporate firewall home, enterprises will need to put adequate protection around endpoint devices such as laptops.
One point that may be missed by many enterprises is the need to properly train staffers to deploy and use security appliances and software. An emphasis on training will allow businesses to fine-tune their security tools instead of relying on the default configurations, and also equip them to properly operate these tools over the long term.
“Attacks are becoming increasingly sophisticated and cybercriminals are constantly changing their tactics to evade existing defenses,” he noted. “Training IT staff to manage security equipment is vital in maximizing the investment that organizations make in protecting their digital assets and intellectual property.”
Finally, businesses should look into providing basic training regarding the changing nature of security threats. This is important because attackers are continuously refining their methods to circumvent existing protection mechanisms, which include tricking hapless end users to load malware into the network. By being able to identify common attack vectors, users can serve to help enterprises stay safe and avoid exposing their computers to malicious threats.
The BYOD Consideration
BYOD is obviously a trend that IT cannot resist, fueled by rising ownership of smartphones and tablets. While there might be certain sections that can “say no” to BYOD from a compliance angle, observed Koh, this is probably a losing battle for most firms. “So you are probably better off embracing it, but putting a bit of control there,” he noted.
So while mobile devices are allowed, for example, controls could be put in place to disallow web browsing on them, or allowing it to happen only through a specific app with restrictions. Moreover, businesses may want to reduce their risks by allowing only smartphones that are not jail-broken or rooted, or to only allow certain versions of the Android operating system.
With BYOD, devices such as tablets, smartphones and even laptops invariably connect through Wi-Fi networks. On that front, Koh noted that most companies may want to consider enforcing a separation between wireless devices and the wired network – the latter is where servers typically reside – by restricting the wireless network to a separate segment of the network.
Other suggestions offered by Koh include creating a baseline of devices, operating systems and network behaviors, then leveraging this to track mobile device usage and identify potential security policy violations, as well as the creation and enforcement of policies to regulate data transmitted to BYOD users.
“While the productivity, efficiency and convenience benefits [of BYOD] are significant,” says Koh, “we must open our eyes to the security gaps the mobile enterprise presents and embrace a combination of security tools and techniques to bridge these gaps.”
Know Your Network
Koh shared how Sourcefire approaches security, which he says is “a bit different” from others. “You can’t protect what you don’t know,” emphasized Koh, who recommends that enterprises first determine what runs on their networks. The challenge here has to do with the dynamic nature of the network, in which things can change by the minute.
Sourcefire adopts an approach that attempts to give as much visibility as possible into the network for its clients. This includes building a profile of the network by listening into the local traffic, which helps pick up devices currently connected to the network. Moreover, a file analysis can also be done using the cloud to determine if specific files are good or bad.
Knowing the weaknesses that exist on your system is obviously critical, and system patches should be applied as soon as possible. On this front, Koh advocates the use of an IPS, or Intrusion Prevention System. The presence of an IPS will allow administrators to schedule proper downtime in order to patch systems, he notes.
The sheer number of security breaches and new vulnerabilities discovered may make security a daunting affair at times. While powering down and disconnecting a computer may sometimes seem like the only way to defend against hackers, it is evident that there are steps that enterprises can take to bolster their security and properly secure BYOD.