Ransomware, zero-day exploits keep network security pros scrambling
“When attackers are in the system – and many are already infiltrated – the name of the game is preventing and containing lateral movement,” Patel said.
“What do we need to do in order to contain lateral movement? We need to take security, melting [it] into the fabric of the network, so that we have distributed enforcement points. Every single place that could be exposed, we need to put a little bit of a mini security stack in there to stop the spread,” Patel said.
But that’s not a simple task for security practitioners.
“The first challenge is that segmentation is really hard. Because if you’re thinking about protecting lateral movement, you have to contain the lateral movement by segmenting the attacker from making too many hops,” Patel said. “It was pretty easy to do segmentation when you had a three-tiered architecture, and every tier of the architecture ran on a dedicated piece of hardware. But now when you have a completely distributed environment, with thousands of microservices running on hundreds of Kubernetes clusters of containers, and VMs, it gets to be extremely difficult to go out and do any kind of segmentation rules in any kind of efficient manner.”
Another issue is enterprises’ response time after a vulnerability is announced or an exploit happens.
There’s a window of time when an enterprise is exposed, before it deploys a patch for a vulnerability that has been announced, Patel said. “Now, it’s one thing to go out and patch infrastructure that you have within your organization. But what about things that you need to patch outside of that data center that might not even be designed to be patched?”