{"id":53773,"date":"2023-09-21T10:15:00","date_gmt":"2023-09-21T10:15:00","guid":{"rendered":"https:\/\/www.networkworld.com\/article\/3707308\/how-network-security-can-save-security-dollars.html#tk.rss_security"},"modified":"2023-09-21T10:15:00","modified_gmt":"2023-09-21T10:15:00","slug":"how-network-security-can-save-security-dollars","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/how-network-security-can-save-security-dollars\/","title":{"rendered":"How network security can save security dollars"},"content":{"rendered":"
<\/div>\n

For the last twelve years, 100% of CIOs have said that they expect to spend more on IT security, making security the only category that just keeps on absorbing investment. Every year in the last three years, over 80% of enterprises have said that their IT security still needed improvement. So, like death and taxes, is security spending growth inevitable? If we keep on the way we have, it sure seems like it. But what might change?<\/p>\n

Let\u2019s start with what\u2019s important to users. External threats, meaning hacking, are a problem for every CIO. Internal threats, from badly behaving employees, are a problem for three out of four. Data theft is a universal fear, and malware that interferes with applications and operations is an important problem for over 90% of CIOs. As far as approaches or targets are concerned, 100% say access security on applications and data is essential and so is regular malware scanning. If you ask CIOs to pick a single thing they think is essential for IT security, it\u2019s access security.<\/p>\n

Access security, according to CIOs, is ensuring that applications and data are accessed only by those with the right to do so<\/strong>. If you have it, they believe, then hacking poses little threat because hackers won\u2019t be authorized. Malware that impersonates an authorized user may still have to be addressed, but access security can limit the scope of what malware can do. It\u2019s no wonder that every security vendor offers something in access security, and it\u2019s no wonder that the hottest topic in security, zero-trust security, is a form of access security. Given that access is almost always via a network connection, it\u2019s reasonable to ask whether network security features could enhance access security and zero-trust, and maybe even slow the growth of security spending overall. If you can\u2019t connect to it, you can\u2019t hack it.<\/p>\n

Let\u2019s dissect that by starting with a critical statement: Zero-trust doesn\u2019t mean there is no trust, it means that trust is never assumed. That which isn\u2019t assumed is explicit, and that means that all true zero-trust strategies<\/a> depend on deciding what information connections are valid. One way to do this is to require explicit log-in to access something, another is to provide some sort of firewall protection in front of the assets you want to protect. Most enterprises will use one or both these strategies.<\/p>\n

One potentially serious problem with these approaches is that they don\u2019t see the whole picture. Many attacks consist of scanning for assets that can be attacked, and tools that are related to a specific asset will never recognize that pattern of attack. Because of that, it\u2019s possible that a hacker or a malware-compromised company computer will find something bad to do before anyone recognizes it\u2019s active. If this sort of look-around attack is recognized, it might be possible to tag the offending system as hostile and prevent other attacks. \u201cMight\u201d is the operative term here, because unless access control technology is based on a centralized directory, the distributed nature of the assets means you may well not keep them all up to date.<\/p>\n

So what can the network do? Well, the network creates relationships<\/strong> between users and assets like applications and databases, even among assets themselves. These relationships, sometimes called \u201csessions\u201d represent accesses, so if you could control them, you could provide access control at the network connection level. Since network control is typically centralized anyway, it wouldn\u2019t be an impossible step to add a directory of permitted sessions.<\/p>\n