Visibility into networks and applications have become a critical need for security managers and CISOs grappling with COVID-19 induced threats. Attack volumes have increased across all industries and corporate networks have drawn increased attacker attention. NetScout’s semi-annual 2019 threat intelligenceOpens a new window title=”Opens a new window” target=”_blank” target=”_blank” rel=”nofollow”> reportOpens a new window reveals enterprises were hit with more than 8.4 million DDoS attacks targeting IT infrastructures, cloud, mobile networks, and IoT devices.
Amid the lockdown, CISOs are caught between legacy network architectures and downsized IT staff. From the boardroom end, there is a huge clamour for building cyber-resilience capabilities and implementing solutions that are secure-by-design into the organization’s goals. And in the current environment, traditional practices are proving to be inadequate against modern threats. Organizations need to acknowledge that absolute security is simply not possible.
Toolbox catches up with Jeff Hussey, founder-CEO of Tempered Networks and F5 Networks co-founder who is evangelizing the network security landscape with a new technology, dubbed Airwall that can make companies’ networks completely invisible to hackers. The premise is simple — old school networking heavyweights like Cisco tout visibility about what attack will happen as the best measure to improve security posture. Tempered positions Airwall technology as the next-gen networking gear that makes networks invisible to bad actors — a feature that heavyweights don’t provide currently.
Learn More: 10-Step Checklist to Buy Next-Generation FirewallOpens a new window
Key takeaways from this interview:
- How cybersecurity budgets will be sliced post COVID-19
- Steps CISOs should take to modernize security with zero-trust framework
- How to build post COVID-19 security roadmap with frictionless tech that can scale
- Why pivoting to scalable solutions should be the new best practice for CISOs
Here’s the edited transcript of the interview with Jeff Hussey:
1. Can you describe why firewalls are no longer adequate and why organizations need to look beyond firewalls to tackle modern cyberattacks?
Typically, organizations build network segments via firewall rules, ACLs or VLANs, using up to a thousand course-grained policies to control each segment. Increasingly, managing security Opens a new window based on network characteristics is an ineffective approach to isolation given today’s extensive use of public cloud and containeOpens a new window r environments. Using firewalls to attempt to segment the network is not an adequate cybersecurity strategy — it’s expensive, complex, not sustainable at scale, and can create gaps in policies that patient bad actors will be ready to exploit.
To effectively mitigate against modern cyberattacks, organizations need to understand the difference between segmentation and micro-segmentation. There are significant differences between the two approaches to isolating network resources, and they are not interchangeable. Micro-segmentation is often called a “zero-trust modelOpens a new window †of virtualized security, meaning that only necessary actions and connections are specifically enabled in a workload or application and everything else is blocked.
It reduces the network attack surface by limiting east-west communication through the application of very granular security controls. This creates a Software-Defined Perimeter (SDP), regardless of whether it involves a virtual machine (VM), container, or function, which is not possible using traditional networkOpens a new window segmentation techniques.
2. The current situation has made cybersecurity a top priority for everyone and COVID-19 has exposed gaps in network security and over-reliance on VPNs. How should CISOs rethink security and what steps can be taken to modernize security?
Let’s face it, security is often an afterthought. This became very apparent when COVID-19 Opens a new window hit and organizations were forced to go from a 5 percent remote workforce to up to a one hundred percent remote workforce. It’s not like you can run down to your local Best Buy, grab a bunch of VPN concentrators and be up and running with secure remote access in a few hours with traditional VPNs. There is a great deal of planning, installing, testing, and expense to ensure remote workers maintain a given level of security posture compliance while enabling access to company assets and information required to keep staff productive. Unfortunately, many organizations have traded security for business continuity which adds stress to IT and security teams, while raising cyber risk exponentially.
For this reason, as the number of remote workers continues to increase, CISOs and their organizations must consider zero-trust alternatives. With zero-trust network access, no user, system, application, cloud provider – nothing – is trusted. Instead, each component is whitelisted and authenticated, even if access has previously been granted.
There are essentially three steps they can take on a path to modernize security:
1. Change your teams’ mindset from the traditional status quo
First, visibility is not security. Second, VPNsOpens a new window are brittle and 25-year-old technology. They weren’t built to scale to the connected world of 2020 and beyond. And last, using a security approach based on location, instead of identity, is a bad idea. These outdated approaches need to be modernized and recognising that is the first step.
2. Know what is on your network
Yes, there is a time and place for visibility. Knowing what is on your network, what is connected to what and tracking that for anomalies is essential for network modernization.
3. Incorporate Software-Defined Perimeters (SDPs) into your security strategy
By incorporating an SDP strategy, organizations can effectively micro-segment—if the SDP solution is based on identity, not location.
Learn More: Achieve a Zero Trust Network with a Software Defined PerimeterOpens a new window
3. What are Airwall’s advantages over traditional firewalls and why should CISOs invest in it? Is the Airwall also effective against internal threats?
Let’s start with what our solution does. The Airwall solution makes things on a network invisible and protects against cyber-attacks. It is a comprehensive solution that is exceptionally effective at protecting critical ‘things’ and data while still allowing secure remote access. It can extend to cloud, virtual, and physical environments. The Airwall solution fixes the flaw in networkingOpens a new window that is TCP/IP—location-based—that was created over fifty years ago.
Our solution is based off of another protocol, the Host Identity Protocol (HIP). Hip is a host identification technology and separates the end-point identifier and locator roles of IP addresses. Essentially, you can’t hack what you can’t see and with the solution based on HIP, the network is invisible — as in gone. Only those that have permission can see them. It’s a whitelist instead of a blacklist approach and CISOs should invest in this solution because it is the only true zero-trust solution on the market today. Firewalls just can’t accomplish that, are complex and leave room for human error.
With micro-segmentation you can limit internal access to networks and assets to only the employees, vendors, and contractors that need to reach those assets. Our solution can also help automate network access so ‘doors’ or ‘holes’ aren’t left in the network once access is no longer needed. We are a very popular solution for those managing Building Access Systems. If a HVAC vendor needs access to our orchestration engine, Conductor can create a drag and drop policy to grant that vendor access for 2 hours. After that, the policy expires, and the door closes to the network. However, it is not suitable for physical security. If a hacker has physical access to a protected device, it can be vulnerable.
4. Compared to NGFWs that provide advanced intrusion detection and prevention, is Airwall an all-encompassing defense mechanism against sophisticated cyberthreats?
Airwall is an all-encompassing defence mechanism against sophisticated cyberthreats. As compared to a NGFW that actually just provides visibility and detection, most of the big players focus on seeing the threats and then being able to mitigate them after the fact. Prevention is not actually a tangible part of these solutions — on lessening the impact. Our solution is different because invisibility prevents the initial breach — that’s true zero trust network securityOpens a new window . Secure first, then connect.
5. How will security budgets change post coronavirus? Will there be a surge for threat intelligence and advanced intrusion prevention systems?
I believe this pandemic uncovered the need for a new strategy and a new network architecture. We watched VPN solutions crumble when everyone was forced to work from home and our customers made the transition seamlessly. A great example is our own company. Our DevOpsOpens a new window never lost a beat because they could securely access the servers they needed to continue to do their jobs, and that’s unheard of. Also, our customers that had on-premises networks that couldn’t be physically on-site were able to instantly connect those OT ‘things’ in an IT way so they were able to remotely manage operations from home.
Budgets might reduce but a new emphasis should be put on secure networking and updating infrastructure — and Zero Trust Network Access (ZTNA) with a Software-Defined Perimeter should be at the core of this new strategy. You won’t have to rip and replace, but you will be able to securely overlay networks, bolster security posture, reduce hardware costs of brittle VPNs and reduce complexity of hundreds of lines of code by reducing traditional firewalls.
6. What are the top considerations and best practices for CISOs shopping for network security solutions post COVID-19?
Beyond the obvious factor of cost to fit restricted budgets â — consolidation, vision, value, and velocity are the key factors recommended during the gap analysis. Re-evaluate what you need to keep security posture and what will need to be rethought to keep the flexibility required to keep business continuity. The vision of a well-thought-out solution that is secure by design. Look for frictionless technology that can aid in scale and is easy to install, configure and manage.
Can the solution be installed in hours or days, not months or years? The solution itself is only part of the equation. Scale also involves vendor maintenance of the solution – how often are features and patches created and how are they communicated? How agile is its technical support system? Is the solution intuitive or easy to learn? These types of questions should be top considerations. Moving to more flexible, scalable solutions should be part of the CISOs new best practices.
Learn More: Fortinet FortiGate vs. Check Point NGFW: Top Next-Gen Firewalls ComparedOpens a new window
7. What should be the long-term security strategy for IT teams for securing networks?
Long term, the security status quo needs to change. The old way of just throwing more firewalls at the network is not a long-term strategy, as mentioned before. The new normal means CISOs need to rethink their security strategies to reduce complexity, create network clarity and visibility — even if it’s ugly, and it usually is — and protect first, then connect. Usually, the connection is the priority and the security of the network is the afterthought. Having a security first strategy is key, but it does need to be flexible to not inadvertently prevent connectivity and mobility of devices, workloads, and data employees need to execute and not interrupt business as usual.
The rest of the long-term strategy can be built on the basic security principles — maintain compliance, have a formal IS governance approach, maintain an incident response playbook, provide ongoing cybersecurity training for employees and the IT team, keep software updated, replace out-dated hardware, and have clear policies for employees and third parties.
8. When it comes to deployment, how does Airwall deliver better security, QoS, reduced TCO, greater visibility, and network security at scale to IT buyers?
The Airwall advantage provides a frictionless “secure by design†purpose-built solution that avoids that gap between building a network and then securing it. Integrating the Host Identity Protocol (HIP) and Host Identity Tags (HIT), the Airwall effectively provides proven, unspoofable trust and security for your data and renders your in-scope critical business devices invisible. The Airwall’s micro-segmentation simplifies the technology landscape, increases user experience, and provides horizontal and lateral security while allowing the scalability required by today’s dynamic environment—all within your budget needs. You can get true Zero Trust Network Access (ZTNA) at scale giving IT buyers defense-in depth without expense-in-depth.
9. What are some of the long-term security trends you see emerging post COVID-19? There’s already significant buzz about zero-trust based tools and will this become permanent?
Long-term security trends do include Zero Trust, but it’s a phrase being thrown around that shouldn’t be taken lightly by IT teams. This means that just because the term Zero Trust is being used, it doesn’t mean that the solution is truly a Zero Trust solution.
We are seeing ZTNA and micro-segmentation trending over Software-Defined Networking as a topic because of COVID-19, and we don’t think that will change or slow down anytime soon. There is a lot of noise in the cybersecurity market today, and I think security professionals and IT teams need to remember to have a holistic approach to building a security stack and not approach this in a silo. We did a survey at RSA in February before the pandemic hit hard and 75% of respondent companies said they are relying on legacy network security technologies. That’s a staggering amount. I believe post COVID will bring a trend of re-evaluating networks Opens a new window and approaches by these teams.
10. In a similar vein, how will the IT buying landscape shift post pandemic—will there be more room for zero-trust solutions over traditional solutions like firewalls, and VPNs?
Cyberthreats have remained a chronic condition to our cybersecurity efforts during this pandemic. There are predictions that in the post COVID-19 period there will be a spike in security attacks due to the downturned economy and IT teams downsizing. But one of the major outcomes of COVID-19 is the increase in remote workforce. Before, only 5% of most companies were remote. After the pandemic it is estimated by Gartner that 41% of workers will remain working remotely—that’s a large shift.
These trends will help shift the buying landscape post pandemic, along with the economic damage the virus has caused. Security budgets will still be impacted as the economic recovery will be long and painful. Because of this, the IT buying landscape will have to adopt a “do more with less†discipline. Budgets may be stretched even tighter and will result in requiring a new approach that will help security teams do more with less. The highly complex, highly expensive approach of the past will be just that—of the past.
Learn More: Helping Employees Understand Cybersecurity: Clear Expectations Are the Key Opens a new window
11. In your discussions with business leaders, what were some of the key security challenges in remote work environments?
A few of the biggest issues have been how to secure thousands of remote users that are not security savvy quickly. Organizations were stuck, it wasn’t like they could run down to their local Best Buy and pick up more VPN concentrators and spin up remote workers that day. It was very challenging and disrupted business operations. One of the other major challenges was getting access to environments that had always been managed in an air-gapped network on-premises but now needed to be managed by remote workers. We have a customer that is a large city and because they could use the Airwall Solution to securely connect its public workers, they were able to manage SCADA systems remotely. That’s been a major challenge for organizations who are figuring out how to connect OT things in an IT way but not sacrifice security posture.
12. In closing, what are your top security tips for IT leaders for securing critical infrastructure and reducing threats surface. How can IT leaders maintain a strong security posture without having to spend big?
Be mindful in evaluating and creating a post-COVID IT and security roadmap. Plausible deniability will be more expensive and painful than not rethinking your strategy. Look toward new technologies that let you do more with less, simplify all the complexity of policy management and work with current systems that can be installed quickly for maximum impact. This will also help reduce the stress of your team in the future and ensure your organization stays flexible, efficient and secure.
About Jeff HusseyOpens a new window : Jeff Hussey has been the President and CEO of Tempered since August 2014. Hussey, the founder of F5 Networks, is an accomplished entrepreneur with a proven track record in the networking and security markets. He maintains several board positions across a variety of technology, nonprofit and philanthropic organizations and currently is the chairman of the board for Carena and chairman and co-owner of Ecofiltro and PuraVidaCreateGood. Hussey also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington.
About TemperedOpens a new window : TemperedOpens a new window is an innovative network security provider that reduces cyber risks by providing point and click identity-based micro-segmentation. Tempered provides Airwall, a Zero Trust Network Access solution that securely connects things at layer three, using a software-defined perimeter.
About Tech TalkOpens a new window : Tech Talk is a Toolbox Interview Series with notable CTOs and senior executives from around the world. Join us to share your insights and research on where technology and data are heading in the future. This interview series focuses on integrated solutions, research and best practices in the day-to-day work of the tech world.
Do you think security leaders will need to adopt a “do more with less†discipline in the evolving business landscape? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!