Like the Night King, Perimeter Defense is Dead

Castle walls

If you’ve been following the return of Game of Thrones (warning: show spoilers ahead) then you know winter has arrived.

Last season, on the back of some serious firepower in the form of an undead Dragon, the White Walkers finally breached the Great Wall and descended upon the seven kingdoms. The iconic scene and subsequent fallout this season reminds me, in many ways, of how the castle-and-moat strategy has also failed against the growing sophistication of today’s cybersecurity threats.

For so long, cybersecurity has been an industry driven by barriers. Perimeter defense was king, and so were the technologies that established walls, gates, and moats that kept evil forces at bay. But today, the number and scale of cyber attacks continue to grow. The Great (fire)Wall is no longer the end-all, be-all to stop threats and keep the kingdom safe. Here’s why…   

Like a Wight Dragon, the Cloud has Blown Up the Perimeter

In the age of digital transformation, a growing number of business resources must now exist outside the traditional perimeter. As companies embrace more cloud services — and move everything from infrastructure, applications, and data to the cloud — they’re blowing more holes (or at least introducing more weak points) in their own firewalls. With so many new entry-points, even the strongest perimeter defense strategy today can’t alone keep the castle from being infiltrated.

While the majority of company leaders prioritize reinforcing their cybersecurity defenses against malware, bad guys continue to walk right through the front gates. Eighty-one percent of breaches today involve compromised credentials (weak or stolen passwords). These are essentially the “keys to the kingdom” since traditional castle-and-moat strategies were never meant to account for what happens once the walls have been breached. Once they’re inside, what’s in place to stop them from accessing even more services?

Information, the Secret Weapon Against the Dark

None of this even takes into account the growing sophistication of today’s cybersecurity threats. Like the Night King’s undead army, threats from malicious actors have grown in number and power. Whether it’s phishing, brute force attacks, or keystroke loggers, they don’t even need a fire-breathing zombie dragon to put a hole in your barriers and leave the business at risk of being overrun. So if perimeter defense is dead, what can be done to stop their march?

In the absence of effective barriers, the biggest weapons companies have to wield against malicious actors is information. The future of identity relies on having enough information, or “context,” to verify every user, on every device, for every login. With growing cloud adoption and more apps, users, and devices seeking access on the go, from across the globe – there’s so much now that exists beyond the traditional perimeter. Security today can’t be as binary as determining whether an access request came from within or outside of the firewall.

Winter is here, and the wall has been breached. To win the ultimate battle of good and evil, we’re going to need to regroup and rethink our approach when it comes to identity and access management.

One increasingly popular approach to cybersecurity is Zero Trust. Click here to see more on the importance of this strategy today, then tune in for our next installment of this blog series where we’ll break down the core tenets of Zero Trust, starting with how to verify every user.



*** This is a Security Bloggers Network syndicated blog from Articles authored by Corey Williams. Read the original post at: https://www.idaptive.com/blog/Perimeter-Defense-Is-Dead/