Cybereye: Don't neglect the perimeter in your rush to secure data
I am hearing from a lot of people these days that perimeter security is passe, that 'data security' and 'insider threats' are the current buzz phrases in cybersecurity. The perimeter, they say, has disappeared.
Don't you believe it. The perimeter is still there, it's just a little harder to find. And it still needs protecting.
Most of the warnings seem to be coming from vendors hawking security products that work either further inside the network or outside of it. I think what they really mean when they say the perimeter has disappeared is that perimeter security has matured to the point where it's difficult for them to grab additional market share, so they're looking elsewhere for new sales.
This is not to say that new products from these security companies are not good or useful. Data and applications should be protected no matter where they live, and insiders do present a threat that must be guarded against. They make the case for the layered protection of a defense-in-depth strategy. But you still need firewalls, intrusion detection systems and other filters at the edge of your networkThe medieval wall
Defending the perimeter used to be easy (or at least easier). The network was like a medieval walled city. The wall kept the barbarians out and was your primary line of defense. But over the years, suburbs have been built up outside the walls (those are your wireless access points, mobile workers, business partners). Today you have to open more gates to let these people in and out, and the population inside the city is getting more heterogeneous. Some might be barbarians.
Others might have a grudge or just be careless. Either way, the guys on the wall now have to watch their backs, too.
Given these conditions, it makes sense to put extra protection around your valuables inside the city and keep an eye on what's going on in the suburbs. But the wall is still important.
It is not just the data in your network that is valuable. The network itself is a resource that must be protected. A denial-of-service attack can reduce the productivity of your workers and cut you off from your customers or partners without touching your data. Compromised machines can be used as launching pads for attacks on others, consuming resources and raising the possibility of liability for your organization.
Traditional perimeter defenses, though admittedly insufficient on their own, remain a necessary part of your security mix for these and many other threats and exploits. Don't let the fact that firewalls and antivirus platforms are becoming commodities lull you into thinking they're not as important as they were when brand new. Buttress them with newer tools and integrate everything into a seamless whole, if you can, with security information management. Encrypt important and sensitive data both in transmission and at rest, and use effective identity management and access controls.
Don't imagine that the perimeter is any less important than it used to be.William Jackson is a GCN senior writer. E-mail him at firstname.lastname@example.org.