RIP Perimeter Security: Critical Infrastructure Breaches Demand New Approach

The ongoing spate of breaches against critical infrastructure and government entities underscores the vulnerability of this sector. In July 2022, officials announced the federal court system had experienced a major data breach via its document filing system – back in 2020. In September 2022, the IRS admitted that a data leak exposed the personal info of more than 120,000 taxpayers. A cyberattack that same month disabled the computer systems of the Los Angeles Unified School District. These are just a few of the recent high-profile incidents.

All of them highlight an ongoing problem that’s plaguing organizations across sectors: Perimeter security isn’t enough. The old “castle and moat” approach isn’t sufficient for today’s threat landscape. The perimeter has expanded to such a drastic extent that it no longer exists in its traditional form.

This makes it very difficult to secure. As an IT or security leader in charge of keeping your organization safe, you still need perimeter security, but you must go beyond traditional defense strategy to ensure that even if your perimeter is compromised, you can remain protected. And this is where having improved network visibility and detection throughout the network plays a key role in protecting the network in its entirety.

Understanding the Underlying Challenges

The common theme with the breaches above is that each affected party is a massive organization that employs many people. No matter what you have in place from a security perspective, the reality is that employees pose a risk. In most cases, it’s unintentional and non-malicious, but a risk nonetheless.

In fact, 82% of the breaches analyzed in the 2022 Verizon data breach incident report involved some sort of human element which included “social attacks, misuse and error.” It’s not just employees who pose an inside threat, it’s also suppliers and third parties.

The report showed that 73% of breaches had an external origin, which would lead one to think that insider threat is a lesser risk. But not so fast. The report goes on to reveal that the average number of compromised records in an insider-related breach is 375,000 compared to an external breach’s 30,000 records – more than a 10-to-1 difference. And the average partner-involved breach affects 187,500 records. This drastic difference underscores the harm that those with privileged access can cause.

When you have a threat surface that many people are connected to, you must start from the position that your digital environment is going to be compromised–and implement a security structure that is predicated on this assumption.

Moving Beyond Perimeter Security

There are still far too many organizations relying too heavily on perimeter security. This is happening for a few different reasons. For one thing, the cost of implementing more pervasive protection is always a consideration. For another, organizations tend to get comfortable with the status quo and become reluctant to try new methods or tools.

Complexity is another factor. The technology underpinning network detection and response (NDR) is inherently more complex than that required for perimeter security, but it has to be to manage a network without bounds. A perimeter-based situation typically has whitelist/blacklist constructs, but when you’re talking about a trusted user, that changes the game.

Networks have become highly complex as they have evolved over time and across environments. IT teams are challenged with lack of network visibility, security expertise, and the need to understand the network gaps and security weaknesses before a breach occurs. But you don’t get the needed degree of full visibility from only endpoint or perimeter security solutions. This is where NDR can change the game.

Understanding the Role of NDR

Organizations need help understanding where vulnerabilities exist within their security stack. They need a solution that detects and responds to zero-day threats that are lurking deep within their network. Organizations need a simple way to understand the threats as they are identified, and a way to organize them accordingly. This simplifies threat hunting and allows organizations of all maturity levels to understand the sophisticated attack techniques as they are identified. They also need the ability to recover quickly when a compromise or breach has occurred.

Next-generation NDR allows NetOps and IT teams to unlock the value of current investments and develop new lines of revenue made possible through digitally transformed infrastructure, the flexibility to adapt to market demands and the ability to launch new services at speed.

By extracting deeper context and more granular insights from tools already implemented in network infrastructure, NetOps and SecOps teams can manage performance and security with unprecedented operational efficiency and time to value. This creates significant business resilience when, not if, systems are breached and enables rapid resolution and recovery.

Securing our Infrastructure

As major attacks against government and infrastructure continue to surface, a significant amount of budget needs to be diverted to security spending. It’s not acceptable that, in the case of the LAUSD for instance, the systems that care for our children can be compromised.

Organizations must take a new approach; the status quo isn’t working. They must operate on the assumption that the weak point is the employee or third party. If you’re counting on perimeter or endpoint security, you have left yourself vulnerable. While historically, NDR might have been cost- and skill-prohibitive, a variety of technologies and services have made it so that a fuller analysis of your traffic is reachable and accessible. This will help you protect your whole network, which today stretches far beyond the “perimeter.”

Avatar photo

Richard Piasentin

As chief marketing and chief strategy officer of Accedian, Richard Piasentin guides the company’s leadership in performance analytics and end user experience solutions to unlock full network potential. He oversees investment priorities and fosters a consistent brand communications and marketing strategy for our customers. Richard also drives our commercialization efforts in the areas of global product pricing, solution marketing, and business development. Richard began his career at Nortel Networks in 1992 as a test engineer for their public carrier switching division. From there, he segued into focusing on the wireless industry, taking on a variety of senior roles at Nortel within sales, operations, and supply chain during his 17 years at the company. After Nortel, he was vice president and general manager for BlackBerry’s North American business, and general manager of Viavi’s Visibility, Intelligence and Analytics (VIA) business unit. He holds a bachelor’s degree in electrical engineering, RF specialization, from Queen’s University in Kingston, Ontario.

richard-piasentin has 1 posts and counting.See all posts by richard-piasentin