There is a significant change in the threat landscape – according to Online Trust Alliance, the number of cyber incidents doubled to 160,000 in 2017. This can be attributed to the frequency and sophistication of the attacks that are perpetrated on enterprises and government organizations by individuals or state-sponsored machinery.
The threat of re-purposed malware
What if potential malware like WannaCry and Stuxnet return, in different and even more destructive avatars? In the RSA 2018 conference, two noted security researchers raised concerns that the malware created by various governments can be repurposed/repackaged by cyber criminals and reused elsewhere.
The new repurposed malware may follow the same advanced persistent threat (APT) kill chain but may not necessarily have a command and control center.
Multiple attack vectors plus slow detection and response
Organizations, be it government or private enterprises, take a long time to detect APT attacks, as they are stealthy and take days to spread inside an organization through multiple vectors. There are no signature definitions to detect and stop zero-day malware attacks. Bad actors compromise perimeter security technologies or find ways to insert the malicious code from within the organization through email, phishing, USB pen drives, unpatched software vulnerabilities and SCADA systems.
Reduce the attack surface
Though there are several tools to detect and mitigate cyber threats, hackers have always found ways to by-pass them and infect the targets. Therefore, the best practice is to reduce the attack surface by creating several segments within the data center. Segmentation, or rather, micro-segmentation, helps you create zero-trust networks. With micro-segmentation, an APT threat that enters a network segment can potentially be trapped there, making it difficult for it to propagate laterally to other resources.
Why adopt software-defined secure micro-segmentation?
Software-defined secure micro-segmentation improves the security posture of your data center and provides granular visibility into your east-west traffic. Some of the advantages are:
- Platform-independence: Create zero-trust networks in multi-vendor data center environments without the risk of vendor lock-in limitations
- Comprehensive visibility: Gain granular visibility into cross-segment traffic that may happen in your on-premise, cloud or hybrid data centers
- Security automation: Enable intent-based security policy templates pertaining to dynamic application environments, workloads and resources
So, the next time an undetectable version of WannaCry or Stuxnet comes in, don’t count on your firewalls, IDS/IPS and perimeter security to protect your data center. Because, you won’t even know it’s in your network.