This interview is an excerpt from GovLoop’s recent Guide to Government’s Critical Cyberthreats. This research guide explains the various cyberattacks government endures and provides steps to safeguard your information systems.
In a recent interview, Anthony Lauro, Senior Enterprise Security Architect at Akamai, a content delivery network and cloud computing services provider, shared how organizations can build new, more effective cybersecurity strategies to combat growing threats.
The Changing Cyber Landscape
The way we use the Internet has changed. According to Lauro, military sites are an example of this change. Originally, they were primarily used for marketing, but now the sites offer more services, like tracking personnel and providing a customizable user experience. In order to provide those services, the site needs to collect and store identifying data. Today’s Internet is a massive network of data warehouses, and attackers aim to access those datasets.
The changing landscape also affects the magnitude of attacks. With the ever-increasing toolset available to hackers, such as malicious stressor sites, DDoS attacks can overwhelm an organization’s web services. Another factor is the number of online services to which web systems are connected. Attackers can use valid servers and valid responses as weapons, making it difficult for the target to identify malicious actions.
Organizations’ current cyberstrategies are often not enough. One explanation is that it is not economically feasible organizations to build an infrastructure that can withstand massive DDoS attacks without help from a third party. What also leads to the failure of current strategies is the focus on assuming a breach and basing the security strategy around that assumption. Implementing a reactive security strategy does not help reduce attacks in the future.
Creating a New Cyber Strategy
Instead, Lauro advocated for a forward-facing defensive posture that puts emphasis on offloading traffic and providing a security layer to filter what makes backend services and tools, such as the log correlation servers in the datacenter. By removing the noise that exists within data requests and blocking or validating the requests through several security layers, the backend software can more easily detect threats.
Lauro proposed a strategy focused on three main areas:
Domain Network System (DNS): DNS availability is a major factor in website performance and security. It is important to have a distributed DNS server model, to be able to keep up with new standards, withstand DDoS attacks that aim at taking down this infrastructure, and to answer DNS server requests quickly so the site functions properly.
Web Presence: A website is the face of an organization’s digital presence, so reliability is essential. Is the server online? Is it responding to requests? Are the requests trustworthy? How is the site responding to the requests? Going through this checklist using a mixture of network layer and application layer inspection and controls can provide additional security by eliminating potential attacks and dangerous requests.
Infrastructure: Digital infrastructure consists of many parts: the IP address for a router, the server that hosts an or- ganization’s mail, and more. It is impossible to hide certain parts of the infrastructure from attackers and still have it be functional, so identifying and rerouting malicious direct to origin requests away from the infrastructure is important or the precious assets that are protected with a cloud based solution could be disrupted if the entire datacenter becomes unavailable.
IMPLEMENTING STRATEGIES & BEST PRACTICES
Akamai’s security platform addresses these three areas. The platform takes inbound traffic and redirects it to scrubbing centers, where bad traffic is cleaned and attacks mitigated and good traffic is sent back to the client with minimal delays. This multi perimeter model protects the DNS and the website, as well as the infrastructure. By creating a forward facing security posture and collecting information on attacks, organizations can learn to identify and validate users and requests before they reach the site.
For organizations revamping their own strategies, Lauro recommended following a security framework that defines current organizational needs, future goals, and strategies for improvement and assessment. According to Lauro, successful cybersecurity strategies need three parts: “Understanding how are you going to maintain service under theoretical attack types; training your teams to identify the nuances of these different emerging threats; and looking at the external dependencies that your organization has.”
Organizations should also have a set of best practices to guide their strategies. Lauro cited the U.S. Computer Emergency Readiness Team’s cybersecurity framework and cyber resiliency review as starting points for developing best practices. These documents break down the lifecycle of a cyberstrategy into five functions: identify, protect, detect, respond, and recover. Each function has guidelines organizations can adapt and implement, such as mapping data flows, training users, and updating strategies.
Despite the rapidly changing cyber landscape, Lauro shared good news: “By following basic practices and sticking to them religiously, organizations can raise their security posture quite a bit.” Building a forward-facing security strategy, and developing a set of best practices, like asset management, secure development process and regular training, can help organizations tackle growing cyber threats.