Why ‘Thinking Small’ Is the Way to Stop Ransomware and Other Cyber Attacks

source: cyberdefensemagazine.com


Yuval Baron, CEO at AlgoSec, explains why micro-segmentation is one of the most effective methods to limit the damage of attacks on a network

On August 15, 2020, the cruise line Carnival Corporation fell victim to a cyber-attack that may have resulted in the loss of personal data of millions of passengers and crew members.

Carnival is the world’s largest travel and leisure company with approximately 13 million passengers per year. The company has not revealed how many customers or which of their individual brands were affected but what we do know is that law enforcement agencies were been notified because one of the brands reported a ransomware attack that broke through an encrypted part of their network.

This is not the first time that Carnival’s security measures have been circumvented by hackers. In 2019, a cyber attack on Princess Cruises and Holland America Line resulted in the loss of the personal data of hundreds of passengers and crew members. The criminals stole names, social security numbers, passport numbers, and credit card information.

Carnival’s experience will feel all too familiar to some businesses. In fact, we recently started working with two organizations who fell victim to high-profile ransomware attacks earlier this year and reached out to us after the event to help prevent and mitigate such attacks in the future by tightning their security posture and limiting the attack surface.

While many believe that looking at the big picture is the best way to find solutions to protect large corporations, the answer actually lies in something much smaller – the micro-segmentation of the network.

Damage limitation through micro-segmentation

Hackers are never going to give up targeting large corporations, and ransomware attacks like that on Carnival will never disappear. Moreover, as criminals become increasingly sophisticated, it has become difficult to fully protect your network. What companies can do, however, is limit the potential damage hackers can cause if they do gain access to sensitive company or customer data.

One way to do this is through network micro-segmentation, which is regarded as one of the most effective methods to reduce an organization’s attack surface. A lack of it has often been cited as a contributing factor in some of the largest data losses in ransomware attacks.

Micro-segmentation minimizes the damage that hackers can do if they gain access, by stopping lateral movement across your networks. Just as the watertight compartments in a ship should contain flooding if the hull is breached, segmentation isolates servers and systems into separate zones to contain intruders or malware as well as insider threats, limiting the potential security risks and damage.

Controlling the borders

Although micro-segmentation is recognized as an effective method to enhance security, some businesses have been slow to adopt it because it can be complex and costly to implement, especially in traditional on-premise data centers.

Moving to virtualized data centers with Software-Defined Networking (SDN) and cloud connectivity removes some of these barriers. The flexibility of the SDN enables more advanced, granular zoning, allowing networks to be divided into hundreds of micro-segments. To achieve this level of security in a traditional data center would be prohibitively expensive and too complicated to implement.

But virtualized data centers do not eliminate all the stumbling blocks. Enforcing security policies and firewall configurations on all systems and across different IT environments would still have to be done manually. But this is an enormous task for the IT security department. This time is then lacking for large projects. The use of a filtering policy enforced by the micro-segmented structure is therefore still necessary and writing this policy is the first and biggest hurdle to be overcome.

Simplification of micro-segmentation through security automation

Automated network management makes it much easier for companies to define and enforce their micro-segmentation strategy. It also ensures that critical business services are not blocked due to misconfiguration and that compliance requirements are met. It autonomously performs application discovery based on Netflow information and identifies unprotected data streams on the network that neither pass through a firewall nor are filtered for an application. It automatically detects changes in the network that collide with the current micro-segmentation setting, immediately suggests policy changes based on this information and, if desired, automatically and validated enforces them.

So although micro-segmentation can be a costly and time-consuming process, solutions are now available to significantly speed up, improve and reduce the cost of setup and maintenance. An SDN data center and cloud combined with security automation puts companies on the road to effective protection against ransomware attacks of all kinds.

“Hackers are never going to give up targeting large corporations…”