CRN roundtable: The changing shape of cyber security

By on
CRN roundtable: The changing shape of cyber security
Page 9 of 13  |  Single page

In my research I touched on the cyber kill chain and how that overlays an existing zone model architecture that I’ve been a big proponent of for a long time, about how we have internal and external users and service presentation business logic storage. Nobody has direct access to the data. They must be mediated by some web server, some business logic server that then accesses the data on their behalf as a way to manage and control that. Because that’s how the attacker is going to get to it, and each one of those is a point where we can actually stop the attack and it’s not just getting the data, they have to then get it out along the same sort of paths – so that provides a way to overlay that. If our networks are compromised, you can’t protect everything, so it really means you’ve got to identify and protect that small bit. Even in somewhere like ‘air gap networks’, for example. Your master key and your HSM (hardware security mode) that should be a device that’s not connected to the network. That forces someone to physically go to it to do something, or other examples like that. It’s a new way, and we have to think about the problem differently, and to the NSA’s point, they operate under the assumption they are compromised and then say ‘what do we do?’ on a daily basis. Your 60 percent or 80 percent of organisations that have malware in there, how do we go about our daily business knowing that and we wouldn’t be able to define them, even with root kits and things like that, you might not always be able to identify where you’re compromised.

CRN  Can you give us a specific example of how the cyber kill chain might work for a typical organisation.  What about a retail organisation, for instance?

Keith  Okay so they are doing credit card processing. We talked a little bit about phishing and that’s where they do the initial analysis and targeting. Then they have to get in, typically using some malware that some legitimate user clicked on and activated from a legitimate website, but with cross-eyed scripting and eye frames and all these other vulnerabilities. It has its place in the world for those things that get infected, and then that attacker can then essentially go out the front door, use an HTTPS like you would go to your bank or something. If I was an attacker, I’d put banks somewhere in my control domain so it would slip through a lot of that, and then that’s how they establish a foothold, maintain persistence, go through to privilege escalation, identify the assets, exfiltrate the assets and then maintain the presence.

What the cyber kill chain is about is interfering with each one of those spaces. You have an opportunity to stop the attack, forcing the attacker to go back again. So if they’re already in the network, how do we stop them from going from our work station in the corporate network to the data. Again we go through a business logic.  We go through a secure storage and some database server that breaks connections with firewalls, RPSs, access control and all those controls, and each one of those point to get around is a kill point on the attacker. 

Sean  I agree entirely. The chains are fragile and if you can break any one of those points, there’s generally no robustness and no work around, if you break that, you’ve stopped it.

Keith  In an open flat network, once you’re there you can move laterally anywhere you want to, and essentially own the whole network. But as soon as you start segmenting that with security controls, we just increase the complexity of an attacker to move around. Think about it like an onion with concentric layers. To get to the middle, you’ve got to peel each layer of the onion down to get to that information in the middle, and that’s really how we should be looking at networks, and building and designing networks.

Peter  One of the issues is this mentality of security professional that he’s got to protect everything, and actually this is a perception of protecting everything, not just protecting the green zone, and it’s really that bit, the education of the security front is teaching people that yes some malware, some lack of security is acceptable.

CRN  A point you made in your white paper as well Keith is the increased complexity of vulnerabilities.  If you read all the headlines in the technology media, you would get the impression that the number of vulnerabilities is increasing exponentially.  Well yes it is, but as you point out the complexity of those vulnerabilities means that you don’t have to worry necessarily about all of them, but you have to understand which ones you have to worry about.

Previous PageNext Page
1 2 3 4 5 6 7 8 9 10 11 12 13 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
black swan group bridge point communications check dimension data keith price mcafee micro point rsa security symantec trend

Partner Content

Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?