Fast-growing technologies are blurring the boundaries of the traditional perimeter and creating new opportunities for hackers.
The traditional security perimeter protecting most organizations is proving to be an ineffective cyber security control today. Fast-growing technologies like Cloud, Mobile and Virtualization have made the boundaries of the organization blurry, and this has not gone unnoticed by cyber criminals.
For many years organizations protected their valuable and sensitive information by building a fence around those assets using endpoint protection and firewalls, and all the data that flowed in and out of the organization was either via a single internet access point or on physical devices. This meant that a traditional perimeter was an effective measure because the boundaries were known.
This traditional security approach has been used for almost 30 years, but in today’s world it is no longer effective
As long as the internet access was controlled by the data that flowed through it, it was possible to protect, monitor and control that data. Organizations protected the internet access with firewalls, VPNs, access controls, IDS, IPS, SIEM’s, email gateways and so forth, building multiple levels of security at the perimeter. Then, on physical devices, systems management and antivirus protected those systems and kept them updated with the latest security patches. This is a traditional security approach that has been used for almost 30 years, but in today’s world it is no longer effective, alone, or even at all. This is a strong message from hackers.
Technology has significantly changed the world.
In the past 10 years we have seen the physical boundaries of an organization almost completely disappear. This is a result of mobility and connectivity, with almost every person in an organization becoming an internet access point. And with the ability to simply connect their mobile devices together and enable a personal hotspot, the task of controlling the cyber perimeter became far more difficult. At an average transfer speed of 50MB per second an individual can transfer almost 600GB of data out of an organization—within a day—via a connection that is not being monitored or secured. With technological advancements like these, we can see why both antivirus and firewalls are no longer an effective, relevant security control. The traditional perimeter urgently needs to evolve to meet organizations’ current cyber security requirements.
Why are traditional cyber security practices failing today’s organizations? Hackers expose the flaws.
When you want some insight on which security tools are the easiest to circumvent, talk to a hacker. That’s exactly what we did at Black Hat USA 2017—we surveyed nearly 300 hackers and produced a report on the results.
Our survey questions were designed to enable us to learn the hacker’s innermost thoughts and feelings about IT security. What we learned was unnerving; even to us. As we do every year, we have shared this survey information in a free, downloadable report. We consider it essential reading for any IT security professional.
For example, hackers told us these tools are so easy to breach, they consider them obsolete.
- Intrusion Prevention Systems (IPS)
The hackers also revealed which endpoint protection is the least effective at keeping them out:
- Email Gateways
And they shared with us that, in their opinions, these threat intelligence options offered organizations the least protection from hackers as they could find new ways to outsmart them:
- Reputation Feeds
- Threat Intelligence Providers (i.e. social media monitoring, active threat monitoring)
- Education and Awareness (i.e. employee trainings, cyber hygiene)
Get the full Black Hat 2017 Survey report here, and see who or what hackers blame for data breaches 85% of the time, and many other mind-blogging statistics.
JOIN OUR MAILING LIST
Get updates, free resources and in-depth how-to’s