Information security in a new realnostyu Marsovin | 28.09.2020
Over the past six months our life has changed dramatically. Changed and the usual working style of companies and enterprises. In a situation when the pandemic has literally turned the world upside down, creating new
threats and trends are particularly acute security issues.
During the round table for the European press, the information security specialists Cisco shared his view on the approach to security in the new reality. Overall security now
time is divided into several trends: the desire to improve the security of remote work, the application of artificial intelligence and machine learning security and future of authentication and
new methods in this area.
From control to collaboration
For decades security experts have suggested that working equipment will be used on the job. It was before the pandemic: the Manager introduced a clear framework for staff that have
to do, and what is not necessary, needed only to follow his instruction. Also IB Directors had free access to devices, possibility of full control of the perimeter. But that was earlier, in
“darowizny” period. In March, it all collapsed overnight.
As emphasized by Wendy Rubbed (Wendy Nather), who heads a team of consultants on information security at Cisco, in a situation where remote work was not periodic, and severe
by necessity, the data protection system had to change. At home there is no boss that will tell you what to do and how. And the Director of IB is not above the soul with the directions. Now
responsibility for information security is concentrated in the hands of employees working remotely. And not all were ready for it. Corporate data has become much more
vulnerable.
Richard Archdeacon (Richard Archdeacon), consultant in information security Cisco in the region EMEA period of a pandemic, too many security Directors complain of vanishing control. I suggest to look at information security through the prism of business. The struggle for security should not threaten the business, is not an end in itself.
Moreover, information security professionals often need to persuade their players to use certain security tools and implement the necessary controls. But if IB-specialist you need to convince
any key employee, for example, the General Director of own company, go for the organizational victims in information security? What to do if the Director says
no? And if the Director is still working from home? It remains only a belief?
In any company in it-security there is a subtle point associated with psychology. This fact stopped security consultant Cisco Gerlich Wolfgang (Wolfgang Goerlich).
Employees who IB Department banned the use of third-party applications in the workplace, are inventive, and still find the possibility to silently install and run.
The ingenuity of the staff grows as you increase the number of bans. The more prepared the employee from the point of view of the restrictions, the more dangerous it is for IB Department.
Therefore, security specialists in any case should not oppose himself to the collective, with employees to work solely from the position of friendship. Otherwise, employees will find how to bypass
“those stupid rules” that they try to impose threats and from a position of strength. Especially if they stayed at home “unattended”. And this idea of cooperation and not total control is the basis for
which builds its security products by Cisco.
Therefore, the focus shifts from one Central point of control, which determines all the policies and conducts security monitoring to a large number of control points, among them information security specialists
enterprises, cloud providers and the users themselves bearing part of the responsibility and involved in the process.
In a situation of a pandemic, when employees began to work from home, most companies it was not possible to give everyone a safe corporate structure. People worked on what is — at its
his own technique. The level of security was very different. The BYOD paradigm took root, so to speak, by force. And many, many employees, especially in Europe, was critical of the fact that
their device will monitor “from the center” and define security policy for the device that people bought for himself. The majority of the Directors at security had to take this into account and change
control of the trust to the employees, flexibility, cooperation, report your positions are not authoritarian methods, and beliefs.
Security when working remotely
The transition to remote work in the beginning of this year happened very quickly. Enterprises were forced to resolve all issues on the fly. It was stressful for everyone from executives to ordinary employees. This
it was stress and to experts in information security. According to research, in times of stress, people subconsciously are drawn to what they know to those they trust.
Gerlich Wolfgang (Wolfgang Goerlich), information security consultant Saw period of stress, when everyone is working remotely and specialists in information security try to figure out what to do, this is not a time when they want to take advantage of the latest cutting-edge technology, they return to the tried and true security.
Given the changing model of work, had to completely rethink what is absolutely necessary for control of the company and that are no longer able to control. And fast adoption
decisions and uncertainty most of the leaders IB gave preference to the checked priority safety technologies, continued Wolfgang Gerlich. Came to the aid of well-tested
techniques like multi-factor authentication for secure user authentication and DNS security. No need to have full access to the user’s device to know whether it
the malicious code. All this can be done at the DNS level. But it remains under the control of the security service of the company.
While remote employees are often on their devices that have different operating systems, applications, and level of protection. The company has no control over these
devices and may not require full access. How to ensure the proper level of security? Had to completely rethink what is absolutely necessary for control of the company and that
it is impossible to control.
According to Wendy Rubbed, we can leave it to the user, relying on his responsibility. But the service remains the prerogative of the IB to set the rules of access to corporate resources.
Now, even if you’ve never seen the device in a corporate environment, but it’s trying to access, you can, based on a risk assessment, require you to upgrade to the latest version
Or to install the necessary applications. The update will depend on users. But access to resources and the desired level of security will still depend on the company.
In April all hoped for a speedy return to the offices, but the situation is not changing much, remote work will last much longer than expected. It is possible that it is generally
will gradually become the standard for many organizations. Therefore, setting the necessary level of security for remote work becomes of a temporary solution to a strategic problem. And here
said Wendy Rubbed, you can use any proven tools – from the VPN and control at the DNS level to securely connect to resources over a secure http Protocol.
Artificial intelligence and machine learning
Wendy Rubbed (Wendy Nather), the team leader of consultants for information security of the company ISY intelligence (AI) and machine learning (ML) are increasingly part of our life and become popular in various industries. When used properly, these technologies can help to solve the problem of processing large amounts of data, especially when monitoring when users are scattered in various places, and the applications are either in the cloud or in the data center.
But the wrong approach to these technologies can bring more problems than benefits. According to Wolfgang Gerlich than specifically machine learning, the faster you can learn it, and the
faster will be the process of learning and adaptation to changes in the business.
More General tools to analyze the behavior of users who rate a variety of aspects of the user actions may require a longer study period and a significant set
data. Interestingly, according to Wolfgang, it would be impossible to quickly reconfigure the algorithm in case the situation changes, in that case will have to abandon AI-applications in the security system.
Examples of this, according to Wolfgang Gerlich, was more than enough in the last six months. In January and February, all was well, the algorithms perfectly cope with their tasks. And in
March-April, everything started to work from home. AI applications literally went crazy. And that meant a huge number of false positives, a huge number of additional warnings. In the end
many instruments based on AI and ML had to pause to support a quick change model of the workflow.
If you have something to automate, said Wendy Rubbed, you need to be absolutely sure it’s what you really want to automate. You should know exactly what you want to get, and that it
will not affect other systems. You need to be prepared for the fact that AI or ML, will work for quite a long time without any settings. The whole point of automation is and is
you will tune the process and allow it to just work.
According to experts from Cisco, a security Director is still skeptical about these “new-fangled” things – artificial intelligence and machine learning. Not all to the present
the time began to use similar tools. But IB Directors are attacking a promotional offer of some sort, at one, then the other tools based on AI and machine learning,
progress does not stop. The challenge was to take the best from these technologies, accurately presenting their capabilities and limitations.
A future without passwords
The password is still the cornerstone and, at the same time, the Achilles heel of security. Users forced to remember and enter a large number of passwords. They often store them on
the stickers glued to the monitor. So if we can solve this problem and to get away from passwords?
Director of information security also want to know how we can increase confidence and simplify password authentication, said Wolfgang Gerlich. If we move away from a password, how can we fight fraud?
One of the promising technologies, which have already been mentioned, is machine learning, such applications could identify trusted devices, would have helped, and approaches “zero
trust” (the”zero trust” is an integrated approach to the protection of any access networks, applications and environments, it provides secure user access, end user devices,
APIs, devices, Internet of things, microservices, containers, etc.).
We already use today to identify? Passwords, cryptographic streams, biometrics, tokens. If we can just reduce the number of authorizations, for example, using single sign-on
the user’s life much easier.
The world has changed, changed approach business and users to the workflow. Today, we must be able safely and to work productively from anywhere, from any device. We simplify
for users to access corporate resources and applications while simplifying the authorization process and use the easy to operate devices. This is the world around us. And it causes all
us to change.
information security, Artificial intelligence, Machine learning
Journal: Journal IT-News [No. 09/2020], Subscription to magazines
Cisco