The trend among enterprises to move to a more distributed and increasingly virtual operating model has had a profound...
impact on IT. Technology has underscored this evolution through the digitization of corporate assets and by providing flexible access to corporate resources via the enterprise network. As traditional physical boundaries have eroded, end users began connecting to networks from virtually any device anywhere, exploiting both cloud and mobility. This has forced the IT organization to rethink its network defense tactics as it protects high-value assets.
Enter network security. While networking gear itself is typically not the ultimate target of an attack, malicious code and other threats often travel through infrastructure devices to reach their mark. To that end, the network plays a crucial role as a multi-layer defense against threats: both as a source of data on malware and other threats, and as a mechanism to block attacks and prevent leaks. Within this landscape, what are some of the greatest threats to network security today and what can enterprises do to stave off attacks?
DDoS: Denial and diversion the biggest threats
Not surprisingly, some of the biggest risks to IT security today are tied directly to enterprises' increased reliance on their networks and their adoption of new and evolving access models that encompass mobility and cloud. With respect to the former, distributed denial-of-service (DDoS) attacks have come to dominate network security discussions.
The number of DDoS attacks -- designed to flood Internet-connected hosts with traffic, often malicious in nature -- has increased dramatically in the last several years.
In the last quarter of 2014, these attacks rose 57% compared to the previous quarter, and almost doubled from the same period in 2013, according to Akamai. At the same time, these attacks are consuming more resources and requiring more manpower for mitigation.
That's due in part to the nature of DDoS attacks; increasingly, these attacks are used as a subterfuge to distract IT so that those behind them can tap into critical assets. A DDoS attack may mask malicious code that's designed to breach internal systems and capture user credentials and gain access to valuable intellectual property, financial data and other sensitive information.
The good news is that the range and increase in the number of DDoS attacks has fueled enterprise awareness of their potential impacts. As a result, more organizations are enlisting the help of their network service and managed security providers to equip them with DDoS mitigation and prevention services to shore up their network defense. That said, the threat from these attacks still looms large as too many enterprises continue to operate in a reactive mode.
Exploiting user devices as a means to gain access
Cybercriminals have also eagerly exploited other access points into the network -- paying particular attention to remote and mobile devices. As businesses continue to make it easier for employees to use their own mobile devices, IT must be able to protect the network against techniques hackers may use to infiltrate the network perimeter via an unmanaged device.
A favorite technique is the use of social engineering to exploit one of the enterprise's biggest vulnerabilities -- the end user. A user can be tricked into buying what appears to be a legitimate mobile app, when it in fact contains malware. Once that malicious code is downloaded and the device is infected, the hacker can get access throughout the entire Wi-Fi network, including corporate laptops also running on that network. Hackers can potentially breach corporate systems via those enterprise computers.
Enterprises have a steep learning curve when it comes to protecting against mobile network-related breaches. IT needs to not just have policies in place that limit access to corporate resources from unmanaged devices, but it also needs to re-examine whether its controls on managed devices are truly effective.
Cloud insecurity comes as enterprises employ software as a service
Even as organizations develop broad-based enterprise cloud computing strategies, security concerns loom large. The expectation is that by year's end, more businesses than ever before will have deployed mission-critical application workloads to the cloud. But will that data be safe? Among the challenges is how application workloads can be protected as they are transferred between and among different clouds. Of particular concern is cloud traffic moving via the public Internet. In these situations, enterprises are rightfully worried about unauthorized access and if their workloads will be commingled with workloads from other organizations.
A number of service providers have stepped up to offer secure cloud connectivity products that leverage Multiprotocol Label Switching to secure data as it is moved to and from multiple clouds. Providers like AT&T, CenturyLink and Verizon are offering these services, often in conjunction with third-party cloud providers such as Amazon Web Services, Microsoft Azure, IBM SoftLayer and Salesforce.
Enterprises clearly still have much to consider with respect to secure cloud and mobility access and network security in general. What is most crucial is understanding that perimeter defenses alone are no longer sufficient. Instead, IT must develop an effective set of network defense practices and the right technology to protect access via the network and prevent the kind of attacks that can cripple operations. There are many tools to help with this process. The most important one may be realizing what the next big threat might be.
The battle beyond malware
Hybrid DDoS tools evolve
Overcoming cloud security issues