printer friendly version

Getting the basics right

Making the right decisions when it comes to cybersecurity is not easy if you don’t know where to start. While the ideal starting point is up for debate and dependent on the organisation concerned, Hi-Tech Security Solutions asked three experts for their opinion on securing your cyber environment in four basic areas. These areas are not applicable to every company but offer a starting point upon which one can build.

The four areas we focus on are:

1. Network security.

2. Application security.

3. Cloud security.

4. IoT and edge security.

The experts we approached were:

• Pankaj Bhula, regional director, Africa at Check Point Software.

• Simeon Tassev, QSA and MD at Galix and

• Paul Williams, country manager, southern Africa at Fortinet.

Hi-Tech Security Solutions: What are the risks companies face when focusing on securing their data communications internally and most importantly, externally? What types of solutions will be needed to handle these problems?

Pankaj Bhula.

Bhula: The growing Covid-19 pandemic is providing plenty of new opportunities for cyber criminals to exploit unsecured technology systems and information technology (IT) staff. In an evolving cyber landscape, businesses need to do everything they can to reinforce their digital defences.

Having the tools is important. Knowing how to use them simply and effectively is critical. Check Point Software cyber solutions are designed to enable businesses to control who accesses their network, prevents attacks and threats and secures communications within the business from remote employees or additional business locations.

Just like enterprises, small businesses need to ensure that only authorised traffic and users are allowed to access the network. They must also ensure that users access only appropriate websites. Policies span various capabilities that are used to protect the network, which extends into the cloud.

One data breach could be devastating to your company or your reputation. Protect your data by encrypting sensitive data and make it easy for your employees to do so. Ensure encryption is part of your corporate policy.

Tassev: There are various technologies available to protect data in transit and especially communications internally and externally. From an internal point of view, one needs to ensure that the systems always use secure transmission protocols (such as HTTPS, SSH and SFTP) and users are authenticated before any access is allowed. The same rule applies for external communication with the addition of some secure messaging recommendations. Secure messaging technologies are available to encrypt email and to ensure the authenticity of the originator.

Williams: All companies should consider both internal and external as equally important, as each user will move between the internal corporate networks and be seen as a safe environment to work in, but before the user is allowed access, they are challenged on their security posture to identify themselves and the devices to access that network.

Externally is as important, this is when the user connects to the Internet via Wi-Fi lounge or hotel room, for example, they are connecting to an open platform and the user has to use a solution like FortiClient to provide a secure VPN access through an encrypted tunnel and authenticate themselves with a two-factor authentication method. In addition, the hybrid work model creates a broader threat landscape, organisations’ security needs become more challenging and complex. More off-site workers mean a greater emphasis on zero trust, least-privilege principles to keep network access secure.

The Covid-19 pandemic has surfaced as the forcing function that greatly expanded the work-from-anywhere model. At the same time, multi-stage sophisticated attacks like ransomware are plaguing organisations at an increasing rate. It’s imperative that zero trust, endpoint and network security are all unified by a common set of APIs and integration points to ensure users can seamlessly shift from one location to another, enjoying a consistent user experience that is adequately protected with contextual security. Fortinet is capable of delivering this unification to enable customised security depending on where users are and what they are accessing.

Hi-Tech Security Solutions: What do companies need to be aware of in terms of application security (on-site and in the cloud) and what tools are available to assist?

Bhula: Application control tools provide the security and identity control to organisations of all sizes. Integrated into the Check Point Next Generation Firewalls (NGFW), Application Control enables businesses to easily create granular policies based on users or groups – to identify, block or limit usage of applications and widgets.

With Check Point DevSecOps, businesses are able to incorporate security and compliance into how they build, deploy and run applications, without sacrificing their agility. With the added power of Check Point Software automated DevSecOps tools, teams can not only test, but enforce security policies and prevent threats.

Then, through solutions such as Check Point CloudGuard, contextual AI is used to prevent threats with absolute precision, without any human intervention as the application is updated. This protects your web applications and APIs, eliminating false positives and stopping automated attacks against your business.

Tassev: Application security is typically divided into a few areas: application development (coding), application dependencies (OS, databases, .NET, Java, IIS or Apache Web Server, IaaS, PaaS, etc.) and application access.

In terms of application development, the principle of the secure development life cycle is the same for onsite and cloud applications. The best approach, in this case, is to build all the security in the application development from the start and to test the code as much as possible. The testing is typically done with a code analysis tool (static or dynamic code scanning) as well as peer review.

The application dependencies are very important as typically this is where we find most of the vulnerabilities and misconfigurations. There are various vulnerability and patch management tools available to address these issues, as well as technologies such as Web Application Firewalls (WAF) that can prevent some of these from being exploited. In some cases, the tools will vary between onsite and cloud, but the technologies will remain the same.

Lastly, application access is essential for the security of the system. The access is done using various technologies such as a client or using a portal and various types of authentication mechanisms. The recommendation here is to use secure communication protocols and multi-factor authentication.

Paul Williams.

Williams: Cloud-based applications are vulnerable to threats as well as compliance issues. The Fortinet Security Fabric goes beyond traditional point security solutions by using open standards and protocols to integrate multiple security devices into a single system that can span a multi-cloud environment. This, in turn, prevents security gaps and siloed solutions while making it possible to manage and automate security features from a single dashboard.

Solutions of particular value that can be integrated into this approach include FortiWeb, a web application firewall that secures web services APIs. Additionally, FortiGate-VM (the virtual cousin of FortiGate Next-Generation Firewall) enables central enforcement of security policies and increased visibility. Finally, the FortiSandbox cloud service allows for dynamic analysis to detect previously unknown threats. These tools additionally enable security for all stages of container deployment and support faster development.

Hi-Tech Security Solutions: Cloud security is a category on its own. What cyber risks will companies face when opting for cloud services and how should they deal with them? What can the service provider be relied on to handle and what must the company control?

Bhula: As companies migrate and expand their applications and services to multi-cloud environments, security teams face growing challenges, ranging from corporate policies and budget constraints to compliance fines and new threats of attack. Threats to cloud data security can come from many areas, both internal and external, ranging from valid users misusing data to bad actors attempting to use stolen credentials.

Any content that is moved to the cloud is no longer in your control and cybercriminals are taking advantage of weaker security of some cloud providers. Organisations migrating to the cloud must understand the importance of data analysis, intrusion detection and threat intelligence to protect sensitive data while preventing threats.

Look for Cloud Security Posture Management (CSPM) tools that can automate security management across diverse infrastructures, including IaaS, SaaS and PaaS. CSPM tools empower companies to identify and remediate risks through security assessments and automated compliance monitoring. CSPM can automate governance across multi-cloud assets and services, including visualisation and assessment of security posture, misconfiguration detection and enforcement of security best practices and compliance frameworks.

Simeon Tassev.

Tassev: The key here is to define the roles and responsibilities between the service provider and the client. Typically, service providers will be responsible for the infrastructure components, but even this needs to be defined properly and the client will mostly be responsible for their data and any application development and maintenance. So, the biggest risk is to leave a ‘grey’ area where no proper security controls are implemented due to misalignment of roles and responsibilities and the client assumes that the service provider is responsible for that.

Williams: According to the 2021 Cloud Security Report from Fortinet and Cybersecurity Insiders, organisations continue to rapidly adopt cloud to meet key business objectives. At the same time, given the similarly expanding digital threat landscape, security remains a concern. Virtually all respondents indicated that they were at least moderately concerned about the security of public clouds, nearly one-third being extremely so.

That said, it’s not threat actors that top the list of cloud security threats, misconfiguration wins that vote. Misconfiguration of cloud security remains the biggest cloud security risk according to 67% of cybersecurity professionals. Further, the complexity of managing multi-cloud environments is clearly adding to what is already a challenging task. 58% of those surveyed noted that their biggest concern when securing multi-cloud environments was ensuring data protection and privacy for each environment.

Considering these challenges facing their organisation, 78% of surveyed cybersecurity professionals would find it very to extremely helpful to have a single cloud security platform offering a single dashboard while allowing for configuration of policies to protect data consistently and comprehensively across the cloud.

Hi-Tech Security Solutions: How does one secure the edge? Whether the edge is a laptop, mobile or some device sending and/or receiving data from corporate systems – even a surveillance camera or access control reader at the gate?

Bhula: It is an undeniable trend that workers are more mobile and applications are now delivered as Software-as-a-Service (SaaS). Traditional network security models of backhauling traffic from branch offices and remote workers to the enterprise data centre, where the Internet egress point was typically located, adds latency and results in a poor user experience.

While edge computing offers numerous benefits to businesses, it also increases the risk for cybersecurity threats to enter the corporate network. Deploying hundreds of edge computing devices creates hundreds of potential entry points for DDoS attacks and other security breaches – an especially big concern since many endpoints feature built-in Internet connectivity.

SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.

Security can be consolidated to enforce user and device role-based access controls and continually assess risk and compliance-based upon real-time context throughout the duration of the connected session.

Companies are able to deliver services faster than it takes to provision similar physical systems and can scale up and down as services are needed. Ongoing user authentication is automated, with access control policies in place to make sure users are who they say they are before access to company data is granted. With network edge security, the Internet becomes a trusted method for connecting to enterprise resources. This important component provides the security features companies need to secure access without compromising performance.

Tassev: The recommended approach for corporates is to align with a security framework such as Secure Access Service Edge (SASE) and to start adopting the various technologies that form part of this framework. This includes security technologies such as:

• EDR: Endpoint detection and response.

• SWG: Secure web gateway.

• CASB: Cloud access security broker.

• FwaaS: Firewall-as-a-Service.

• SD-WAN: Software-defined wide-area networks.

• ZTNA: Zero-trust network access.

Williams: Over the past few years, the traditional network perimeter has been replaced with multiple edge environments, SD-WAN, multi-cloud, data centre, remote worker, IoT and more, each with its unique risks. One of the most significant advantages to cyber criminals in all of this is that while all of these edges are interconnected, many organisations have sacrificed centralised visibility and unified control in favour of performance and digital transformation.

A secure SD-WAN solution, for example, can run natively in every major public cloud environment, be able to scale to support large data centres, sit on a WFH (work from home) desktop and be deployable to every corner of the network. This can enable fast and secure connections from anywhere to anywhere, to all edges: SD-WAN to LAN (SD-Branch), OT, data centre and cloud (SASE).

Many edge-based computing devices, especially IoT devices, are produced with limited security forethought. All of the devices on your network, no matter where they reside, need to be configured, managed and patched using a consistent policy and enforcement strategy to ensure they remain compliant and secure. In addition to using next generation firewalls, network access controls and encryption to classify and segment data flow, security teams should also consider behavioural-based analytics to detect anomalous behaviour of cameras, thermostats, controllers, sensors and other edge-computing devices.

For optimal business outcomes and end user experience, it requires the network, security and compute to all work together. Outcomes and experiences can only be delivered when all three elements are working together. Bringing security and network together, where security is embedded in the core, will close the gaps in visibility, automation and control. And that ultimately will ensure all your edges are secure.

Hi-Tech Security Solutions: Since we are starting with the basics, this question is: where does one start?

Bhula: First of all, implementing a high-quality cybersecurity solution and cybersecurity practices is essential. Today, Check Point Software offers cybersecurity solutions that small businesses can leverage to defend their business. This involves implementing processes that work to mitigate the possibility of attacks, for example, by reducing potential entry points and vulnerabilities in your system. In contrast, threat response actions work reactively, only acting once an attack has taken place.

The next approach any business can take to strengthen their prevention practices is to continually monitor and evaluate their current cyber architecture. To prevent the generation of gaps in your security, you should ensure that your cybersecurity strategy is properly managed and updated.

Often a simple human error, such as not following best practices or not deploying your tool in the most suitable way for your environment, can be the reason vulnerabilities appear. Ultimately, any cybersecurity tool can only take you so far – achieving the full benefit of your solutions requires organisations to use and maintain their tools properly.

Tassev: The recommended approach is to start with a baseline assessment, identify security gaps against an internationally recognised standard, such as CIS or ISO and build a security roadmap to improve their security posture and maturity.

Williams: Many SMBs struggle to implement strong, holistic security across their business for a variety of reasons and too often rely on piecemeal security cobbled together with multiple vendor point products that don’t operate cohesively. Here are four steps to follow for future success:

Step 1: Create a secure office network. Even as most companies pivoted to support a hybrid workforce, the main office remains a cornerstone of the business with the next-generation firewall sitting at its heart, protecting and controlling traffic going in and out.

Step 2: Support a work-from-anywhere, hybrid workforce. When Covid hit, many businesses continued to grow by pivoting their infrastructure to support an entirely remote workforce. VPN technology enabled secure access for remote employees to company resources and better NGFWs were purchased to handle the sudden demand for greater VPN throughput.

Step 3: Secure cloud applications and email. No matter your business size, taking advantage of the operational savings and scalability the cloud offers is often on the top five strategic priorities IT teams have on their list.

Step 4: Control costs by streamlining and simplifying security, management and ongoing operations. While best-of-breed solutions can be stitched together with security information and event management (SIEM) technology or by creating a security operations centre (SOC), these require significant resources to deploy and maintain.

Hi-Tech Security Solutions: What are your top tips executives should be aware of when it comes to cybersecurity?

Bhula: Secure everything. All it takes is one open door to allow a cyber criminal to enter your network. Just like you secure your home by locking the front door, the back door and all the windows, think about protecting your network in the same way.

Prevention is better than a cure. Threat prevention helps organisations build business resilience. Organisations can use these techniques to stay ahead of cyber threats and keep their technologies, teams and processes up to date, to respond to changing environments in a timely manner. Preventing the attack protects both the business and customer security. Taking preventative steps gives businesses a proactive way to reduce their cyber threats instead of responding to them once the damage is done.

Tassev: Understand your cybersecurity risks and drive the security policies from the top and implement a security awareness programme. Measuring security posture and maturity is key and we recommend clients engage with a specialist to assist in achieving these objectives.

Williams: As all executives in business today have a responsibility for the operation of the business on a day-to-day basis, so do the digital and security officers – if not more in this modern age of cybersecurity.

Share this article:

Further reading: