Perimeter Security Isn't Dead: 4 New Solutions to Consider
Perimeter security isn't dead -- but it is changing. Luckily, new innovations are emerging to help the enterprise evolve its methods to keep up with cybercriminals.
Cybersecurity trends have advanced and shifted drastically in recent years, particularly due to the COVID-19 pandemic. This "new normal" we find ourselves in has rendered many current perimeter security measures obsolete.
Luckily though, new innovations are emerging to address these circumstances. For one, traditional measures -- such as foiling spear phishing attempts through training and using Bayesian analysis and heuristics to show what types of user behavior is likely a threat -- are supercharged and ready to go for businesses. But there are also brand-new tools helping businesses evolve.
Here are four solutions to consider in your business' approach to perimeter security:
1. Ubiquitous Backups
Many companies are investing in more data backups so they can take the teeth out of a ransomware attack. In addition to good cybersecurity practices, business leaders are increasingly assuming there's always a threat on the horizon -- and without data backups, ransomware attacks can be sadly successful in disrupting business and forcing hard decisions. (Also read: How Should Businesses Respond to a Ransomware Attack?)
By contrast, when data is securely backed up, ransomware attacks don't work as well. While ransomware attacks will disrupt business to some extent regardless of how well data is backed up, secure backups mean data recovery is possible. Moreover, a solid incident response plan can help minimize the length and severity of the disruption ransomware attacks cause.
It's also important to note that, no matter how well data is backed up, it can still fall into the wrong hands, which is why all of the other cybersecurity work is so critically important.
2. In-depth User Behavior Analysis
Tools like Teramind’s analytics suites focus on identifying network activity according to all kinds of useful metrics and determining, with a high degree of automation, whether something is likely a threat.
That's it in a nutshell -– companies want the ability to filter all user activity anywhere on the network through a monitor that will help them spot incidences where that behavior could be more threatening or pose a greater danger to a business. (Also read: How Can AI Help in Personality Prediction?)
Then they get serious about addressing those black swan events and closing loopholes.
3. Physical and Cyberphysical Solutions
Cyber-physical security -- known formally as cyber-physical systems security -- addressed
Security pros have coined the term “cyberphysical security” -- known formally as cyberphysical systems security -- to talk about the combination of physical, on-site security and cybersecurity hygiene. More specifically, cyberphysical security addresses security concerns for the physical systems which maintain and implement cybersecurity solutions. These physical systems include internet of things (IoT) and industrial internet of things (IIoT) devices, operational technology (OT) systems like supervisory control and data acquisition (SCADA) and industrial control systems.
Cyberphysical security might involve things like locking down work stations and shredding important documents. It may have to do with creating better identity and access management systems for physical card-carrying employees or their user accounts online.
Password and biometric work is always applicable, too.
4. AI and ML-Powered Tools
New AI tools are at the forefront of current discussions about perimeter security solutions. They are the vanguard of cybersecurity systems and will determine how safe businesses can be as hackers also up their games. (Also read: Artificial Intelligence in Cybersecurity.)
Why We Need New Perimeter Security Solutions
1. Companies Are Shifting to Hybrid Network Security Models
One major effect the COVID-19 pandemic had on network security is the proliferation of networks serving both on-site and remote users.
It's no secret that remote work exploded during 2020 and 2021. Companies were forced to adapt their work models and learned how to do so quickly -- for the sake of preserving employee health. (Also read: How the Pandemic is Affecting Women in Tech.)
However, this creates a larger attack surface, as a recent Asmag article points out. In it, consultant editor Prasanth Aby Thomas talks about the “threatscapes” companies now face and offers up the concept of a “zero trust” model for a “secure dynamic perimeter” and network assessment tools that will foil cyber attackers. Aby Thomas writes:
“Through AI and predictive analytics, SOCs in mission-critical and highly dispersed security environments -- like critical infrastructure and transportation providers -- can anticipate threats in real-time and prevent risk scenarios. By supporting the integration of any device, service, or solution and combining data into one pane of glass, organizations achieve higher levels of awareness.”
2. Hackers Are Staying in Systems for Longer
Another warning call for new cybersecurity tools comes from a talk by VMware senior vice-president and general manager Tom Gillis at the 2022 RSA Conference.
“The nature and the objectives of attacks has changed,” Gillis says, referencing log4j as an example of new threat systems.
Today's hackers, he says, often want to stay active in systems instead of the more traditional “smash and grab” style -- which is often seen in distributed denial of service (DDOS) attacks, ransomware attacks and the like.
This calls into question dwell time -- how long an attacker remains active in a system -– as a key cybersecurity reporting metric. That's what some emerging tools are set up to address.
3. Companies Are Adopting Multi-Cloud Configurations
After the massive move to the cloud that transpired over the last decade or so, companies are moving into new multi-cloud situations where their online network is even more complex and more diverse. A single perimeter or gateway approach wouldn't work for a multi-cloud system –- at minimum, the business would need a particular gateway or perimeter for each cloud.
The COVID-19 pandemic changed things for all facets of business IT, including how businesses approach perimeter security. This new normal has forced us all to rethink current best practices -- and we need to come up with something fast. Luckily, new innovations are emerging to help the enterprise evolve its methods to keep up with cybercriminals.