Protegendo ativos do governo australiano em 2020: Parte 2

Considerando alternativas para garantir as joias da coroa de uma nação

Embora a legislação obrigatória de notificação de violações tenha sido introduzida recentemente na Austrália e entre em vigor na Nova Zelândia até o final deste ano, os intrusos regularmente obtêm acesso a dados confidenciais e impactam as principais missões em segurança pública, finanças e segurança nacional. Eles também continuam manipulando dados em campanhas políticas, alterando dados de instituições de pesquisa e impactando a segurança da saúde pública.

In part one of this Securing Australian Government Assets series, we reviewed the recent findings of The Commonwealth Cyber Security Posture in 2019 report and the government’s announcements regarding increased attacks targeting Australia government agencies and enterprises.

A key element of those findings describes that whilst improvement is being made, we are still vulnerable to cyber offenses as a nation. There are existing tactical recommendations that focus on the types of threats recently seen, and long-standing advice around essential security disciplines that all non-corporate commonwealth entities should embed into their IT practices. However, planning beyond inevitable breaches and striving for Zero Trust under a holistic strategy to contain and prevent the damage of such events is paramount to limiting the exposure of personal, financial intellectual property and data in the national interest.

In response to the recent events, a government plan under the banner of “the best defence is offense,” designed to bolster the Australian Signals Directorate’s (ASD) ability to disrupt cyber criminals, has been announced. Recruitment and funding are earmarked to build offensive capabilities to go after cyber attackers offshore, as well as share intelligence about cyber activity to react in real time. But what can each agency or enterprise in Australia and New Zealand do to take proactive steps to limit the impact and spread of a breach so that reaction is left to examination rather than the panic associated with trying to stop the propagation?

We promote raising the priority of the Australian Cyber Security Centre (ACSC) recommended “excellent” but not yet “essential” practice of network segmentation that underpins the Zero Trust philosophy, to rethink the “keep the bad guys out, and detect them as quick as we can if they get in” paradigm to one of “the first system compromised should be the last”.

Todas as parcerias de patches, autenticação multifatorial e compartilhamento de inteligência do mundo não podem impedir ataques direcionados a infraestruturas críticas e sensíveis se continuarmos mantendo um modelo de computação ou rede em casca de ovo e confiando na detecção reativa para evitar danos.

Cirrus Networks’ Andrew Weir suggests that “As a defender, getting the basic mitigations right can save a lot of damage later on. As a stakeholder in your organization’s security you cannot afford to be complacent and should look at building coherent layers of ICT defense. Understanding how your applications work and minimizing the attack surface through segmentation significantly reduces the options and reach available to an attacker when they do manage to breach one layer of your defences.”

Microsegmentation is simply the application of the Zero Trust principle of “least privilege”, denying by default the machine-to-machine and application-to-application traffic inside a data centre (or the laptop to laptop, workstation to workstation traffic in client or employee space) that has not been explicitly authorized. Planning beyond a breach event changes the mindset to one of assuming that a breach will occur, but preventing the compromise of a system from spreading to any other. Put another way, practicing the principle of least privilege ensures that malicious malware or a bad actor accesses the least number of systems possible by applying the same approach to trust within our environment to outside it. The compromise stops with the first system it takes hold of, as it can’t spread anywhere else.

Com a evolução da tecnologia de segmentação longe das formas tradicionais, complexas, caras e dependentes da infraestrutura de firewalls, SDN, EDR e NAC, agora é possível frustrar ou se opor significativamente aos invasores isolando e contendo aplicativos e protegendo equipamentos emitidos pela empresa.

Not only did our recent report with Bishop Fox highlight the efficacy of microsegmentation as a security control, but it also uncovered forced changes in the behavior behind attack strategies that, without insider knowledge, may not be possible. Microsegmentation raised the resistance and detection levels to a degree that may mean less motivated parties would simply give up and divert attention to easier targets. The report also highlighted that the level of detection through an effective microsegmentation solution dramatically increases the efficiency of detection and incident response allowing for a “contain first, ask questions later” approach to keeping you away from the headlines.

Microsegmentation is no longer an emerging feature or niche solution available to only those large and mature enough. It should be considered a fundamental and essential capability for both networking agility and information security today. As Forrester, a leading advocate and definer of a Zero Trust framework states in The Forrester Wave™: Zero Trust eXtended (ZTX) Ecosystem Platform Providers, Q4 2019 report, “there’s now no excuse not to enable microsegmentation for any company or infrastructure. It’s no longer a question of whether you can do it.”

Weir, da Cirrus Networks, também enfatizou a necessidade contínua de soluções de segurança para facilitar o DevSecOps e impulsionar a simplicidade e a automação:” Durante muito tempo, investimos esforços significativos adicionando ferramentas e processos manuais aos aplicativos para protegê-los. Esses esforços, muitas vezes realizados isoladamente dos proprietários dos aplicativos, significam que erros de configuração e perda de tradução adicionam custo e tempo à implantação do aplicativo. Como profissionais de segurança da informação, devemos criar barreiras automatizadas e escaláveis para nossas equipes de aplicativos, que elas possam consumir em tempo real à medida que são implantadas. As organizações que efetivamente incorporam segurança em seus canais de implantação verão equipes mais rápidas e produtivas com uma mentalidade de segurança em primeiro lugar.”

Com o aumento de ataques rápidos e extremamente destrutivos, como o ransomware, que podem derrubar a infraestrutura global de TI das empresas em minutos, e o aumento da pressão e do interesse dos cibercriminosos e dos estados nacionais sobre as agências governamentais, a capacidade de conter a propagação de qualquer ataque não poderia ser mais urgente — e a oportunidade de fazer isso está mais acessível do que nunca.

Então, vamos permitir que as equipes de segurança se reorientem e meçam o sucesso de sua prática, deixando de manter os criminosos afastados, assumindo uma violação, mas tornando significativamente mais difícil controlá-la.

Ready to see the benefits of microsegmentation? Sign up for a free 30-day trial today.