Shift from Reactive Security to Proactive Security

table of contents

There is no doubt that cyber attacks are going to increase in number and sophistication over the coming years. A study by the Ponemon Institute on the cost of cybercrime found that the average annual cost of cybersecurity per organization increased by 22.7% from US$9.5 million in 2016 to US$11.7 million last year. Statistics show that cyber attacks across the world affect small businesses and large enterprises alike. To secure themselves from any serious damage, businesses must begin to rethink their security posture.

Some of the most common cyber attacks in 2018 were:

  • Ransomware
  • Internet of Things
  • Social Engineering and Phishing
  • Man-in-the-middle
  • AI Weaponization

Over the last few years, several attacks have made news because they were able to breach supposedly well-protected enterprise data centers to cause disruption, siphon sensitive data, or steal money. From the Equifax attack where hackers stole the personal data of 145 million people to WannaCry, which affected more than 150 countries, it is becoming clear that the existing security solutions are not able to identify threats fast enough to stop them from penetrating and spreading across the network.

Reactive Security Doesn’t Help When Attackers are Proactive

Traditional security solutions are reactive in their basic approach. They detect the threat that has penetrated the network and then react based on pre-set security protocols (for example, signatures, known patterns, perimeter firewall solutions, etc). The primary function of this model of security is to establish a strong perimeter to prevent breaches and attacks.

But as cybercriminals are using increasingly sophisticated methods, they are able to easily bypass perimeter defense and get into servers and endpoints. Once inside, the internal defense mechanisms are mostly dependent on hardware centric-solutions like firewalls and VLAN/ACLs. Meanwhile, network administrators are grappling with updating thousands of firewall rules and maintaining extensive access control lists.

In a situation like this, all hackers need to do is find an open post or a gap in the firewall to move laterally within the network. Because there is very little visibility of the East-West network traffic, they can remain undetected, for months, while looking for vulnerable servers and exfiltrating data. A report from the Ponemon Institute has identified the time from when an organization identifies a breach to when an adversary gains access as 191 days. So, it is no surprise that many of the biggest data breaches were discovered many months after hackers had infiltrated the network. As the sophistication of cyber attacks increases, reactive security solutions are proving to be inefficient in preventing threat actors from gaining entry into the network.

Taking the Proactive Approach

As the name suggests, a proactive security approach means setting up a defense architecture that is designed to prevent the breach rather than react after it has happened. This approach has paved the way for zero trust security, a concept where no connection is trusted unless they have been explicitly allowed. A variety of security tools like real-time monitoring, enhanced network visibility, and segmentation at various network levels help in setting up a robust zero trust network. Using these tools, security policies are orchestrated and driven down to the host level so that every user, application, and workload can be monitored and verified.

Recent developments in security technology have also played a big role in making proactive cyber defense viable. A software-defined security architecture allows for micro-segmentation and visibility down to the individual host level. Basically, what this means is that the attack surface can be limited to a single host. Even if an employee falls prey to a phishing attack or clicks on a malicious link, the damage can be contained within that host or network segment. Any attempt by these compromised hosts to communicate with servers they are not authorized to is prevented and immediately flagged.

Considering the magnitude of damage caused by cybercriminals, organizations are beginning to look for alternatives that can prevent large-scale attacks. Implementing microsegmentation to create zero-trust networks completely denies all unverified network communication and reduces the attack surface to the bare minimum.

ColorTokens Xtended Zero Trust Platform enables microsegmentation down to the host level in both local servers and hybrid cloud environments making it easier for enterprises to effectively secure dynamic application workloads. Here’s more information on how we can help protect your company from cyber threats.