Cybersecurity is rapidly changing – that's something most of us intuitively understand. But there's more to it than that. New technology companies and IT leaders are trying to boil down the concept of their new cybersecurity models by making things clear to the average user. In that effort, they often talk about “perimeter security.”
Perimeter security, in the traditional sense, means using firewalls to filter traffic into a private network. It means hardening systems and presenting thin attack surfaces and vetting information as it proceeds from the public internet into the private echelons of a network. (To learn more about network security, see Making Networks More Secure in the Age of Cybersecurity.)
“The manner in which enterprises conduct business has changed drastically over the past two decades, but approaches to security have not,” writes an analyst at Covata in a piece that does a good job of broadly addressing perimeter security.
During the advent of e-commerce, businesses focused on network firewalls, system hardening and network intrusion detection systems to protect web servers from compromises or denial-of-service attacks. As businesses made this environment more secure, cyber attackers changed tactics … Today, despite the near total dissolution of the network perimeter and the evolution of threats, security teams are still using a perimeter security mindset – they’ve just changed the definition of the perimeter.
The traditional way of thinking was that network administrators could keep hackers and malware operators out simply by stopping traffic at the border. But this digital version of a wall around a private system is really not effective anymore, at least in most use cases.
“Due to advancements in the cloud, perimeter security has lost much of its power,” wrote MOQdigital marketing analysts early last year, explaining the company's reaction to security practices.
The solution to this is to employ multi-layered security, intelligence-driven network monitoring, as well as thorough incident response and recovery strategy. Old methods, such as firewalls and standard intrusion and prevention systems … still have a place as part of this strategy and should not be discarded. In fact, modern firewalls have adapted to meet the needs of the current market and are an excellent addition to any network security.
So how is perimeter security changing? Here are some trends that show how security professionals and IT leaders are getting serious about making perimeter security more sophisticated, to try to keep up in the security game.
Endpoint is the New Perimeter
Instead of trying to create a wall around an entire private system, more security professionals and companies are focusing their security efforts on the user device, which is the endpoint of the system.
In the age of bring your own device and the internet of things, there's the general realization dawning on people that the device itself is the most vulnerable point. Devices get lost, they get stolen. People share them. They lie on a table with the screen open.
By essentially barricading the endpoint device, security professionals tend to get much further than they would by hardening an entire private network system and allowing devices to be more hackable. You can't completely eliminate the vulnerability of a shared device, but engineers can design new types of security into these devices to make them much more resistant to endpoint hacking.
Edge Computing – The Cloud is the Gateway
A principle called edge computing assesses and monitors data as it filters into the edge of a network, again, at that endpoint user device's position.
Another major way to try to control private network traffic is through a cloud gateway.
Using cloud vendors, companies are often in the business of shuttling massive amounts of data to and from a cloud system from their own private networks. So it makes sense in a lot of ways that that cloud transition point would be where you put your security apparatus or “gateway.” Many companies choose to encrypt data at an endpoint, so that it is shielded as it moves through the cloud. Others create elegant service-level agreements with vendors that include proprietary cloud security.
Active Threat Management
Another trend that's taking place in the security community is the idea that active threat management is more valuable than passive perimeter security, or that both of these must be used in tandem.
For example, security professionals are looking closely at spear-phishing attacks. A spear-phishing hacker doesn't rely on penetrating a system with bits and bytes. Instead, they get inside the legitimate user's head and try to trick that person into giving them access unwittingly.
The antidote to spear phishing is end user awareness. There are also, again, things engineers can do to build spear phishing resistance into user setups. Some of these have to do with system permissions, user account calibration, and cybersecurity guidance for a person who is absentmindedly typing away on a device trying to accomplish some business task.
Another aspect of this is called browser isolation – some companies are investing in a system where data traffic flows into a walled-off “safety cage” or “vestibule” before being transferred into a private network. Browsers are the window through which the internet delivers information into private networks, at least in a desktop user scenario. So browser isolation provides that extra layer of security. It's a perimeter approach – but it's a new and innovative perimeter approach. It's not just a firewall. (For more on browser isolation, see The Top 6 Qualities to Look for in a Browser Isolation Solution.)
Artificial Intelligence, Machine Learning and Outlier Event Monitoring
You may have heard of this last trend if you've been around security professionals lately.
Artificial intelligence and machine learning are rapidly changing all sorts of industries, and one of them is cybersecurity. Using heuristics and Bayesian statistics and all sorts of other algorithmic activity, new artificially intelligent tools claim to be able to spot potential threats by looking at network activity through the eye of machine learning. As the system takes in the usual traffic flow, it learns to distinguish between that routine legitimate network activity that happens every day, and some black swan event that looks very much like an active threat.
All of this really exemplifies how the vanguard of the security community are preparing clients for today's world of cyberwarfare. Threats and hacking efforts are more sophisticated than they used to be – security has to be more sophisticated as well. These perimeter innovations do a lot to accomplish that goal.
However, in order to really accomplish these kinds of complex security goals, companies need significant dedicated IT talent with specialized skills. The new frontier calls for career professionals who are well versed in industry goals and challenges, conversant on coding principles, and tuned to the dynamic trends in our new digital world. Look for these types of professional roles to become more valuable and important as the next generation enters the workforce, and enterprise continues to refine its digital operations.