Today, most organizations use a broad and statically driven approach to network zoning and security management. This approach has also recently been seen as an obstacle to flexibility in our customers environments as web service integrations and new application models have pushed the limits of socket based controls. The strong perimeter presented by the predominant current model (firewall at the edge, soft chewy center) has many benefits. They are simple, they are well understood, they are easy to maintain.
They may no longer be sufficient.
In Cavalry’s recent architectural engagements, it seems clear that the use cases and requirements of the global user base have changed. More consumerization, Cloud integration, mergers and acquisitions, and increased system integrations have all been topics of conversation throughout our customer base over the course of the last 24 months.
Beyond the shifting requirements on our current perimeter security models from the original intended use by IT platforms, threats to the organization’s information systems continue to become more advanced and capable. In addition the influx of end-user devices and end-user experience improvements that can be major productivity enhancements to our users also presents new risks that must be considered.
To illustrate this, you could use the Maginot Line as a metaphor for the standard perimeter security model in use in most large organizations today. Most remember the Maginot Line as France’s failed (and costly) 940-mile obstacle to stop the Germans from invading France during World War II. In fact, the Maginot Line didn’t fail at the task it was built for; indeed, it held up well under several frontal assaults. When Germany changed the nature of war by employing new tactics, new weapons, and the Blitzkrieg style of attack, its motorized and mechanized infantry simply side-stepped France’s strong defenses. France was prepared for the last war they had fought, instead of the one they were actually in.
Our perimeters are comparable. We have strong, best-of-breed firewalls with rigorous risk reviews, strong least-use privilege standards in place, and change governance. We have Intrusion Detection Systems, Anti-X (anti-virus/malware/etc) platforms and appliances, and even day-zero threat prevention systems to identify, record, and stop threats as they attempt to traverse key network choke points. Finally, we have continual surveillance of our environment by external organizations to identify potential external risks quickly. But just like the Maginot Line, all our devices, files, and our own behavior are all ways (vectors) that can be used to side-step our strong perimeter and, once you breach those external defenses, our control and our ability respond to threats are greatly reduced.
By making more specific decisions about who, what, and where information is being accessed, modified, and retrieved, Cavalry’s customers can be better prepared to embrace a set of services for all applicable environments which is more focused on end-user experience while preparing and managing new risks with new, intelligent controls. We will prepare for the next the battle rather than the last battle while simultaneously managing our defenses against our current threats and building a new foundation for the next generation of segmentation within your organization.