Cybersecurity: Security at the Edge Must be an Integral Part of Companies’ Defense-in-Depth Mentality
Margaret Arakawa, CMO of edge cloud provider Fastly, explains how companies can and should respond to challenges posed by evolving methods of cyberattack.
Whether it’s state-sponsored groups, cyber criminals with financial goals, hacktivists, or insiders looking to make a destructive statement: Those who carry out cyberattacks want to do some form of damage, whether financially or simply to cause chaos and disrupt normal operations. Whether in retail, entertainment, gaming, healthcare or finance – companies that operate digitally are particularly affected. Every organization utilizes web apps and APIs to enable their customers to transact business or exchange data with partners—and if data is the lifeblood of any organization, then those same apps and APIs are all that stands between a threat actor and that valuable data. So it’s no wonder that over 70% of all breaches involve exploiting a web app or API, making them the top means by which companies are breached. Web attack methods include the abuse of stolen credentials, SQL injection, remote command execution among other tactics that take advantage of vulnerabilities and misconfiguration of web applications and their underlying servers. Experts predict that the damage caused by cyberattacks could rise to $10.5 trillion by 2025. While some companies are already well positioned in the area of cybersecurity, others are still taking the threat situation lightly.
Cybersecurity: Taking stock
Threats from attackers, no matter what motivation drives them, will always exist. Cybersecurity managers must therefore implement their security strategies in three different key areas: people, processes and technology. Proactive organizations have already invested in all three areas, but they also invest in regularly reviewing their security status:
- Do those responsible have the necessary skills to manage the company’s protection and respond to changing situations?
- Do employees have the knowledge and training they need to make the best use of investments in security tools, policy creation and enforcement, and are there breach recovery plans in place?
- Is their security technology modern enough to detect and respond to threats? At the same time, is it providing the needed visibility that empowers employees to avoid risks and prevent the company and its valuable data from being compromised?
Organizations should always keep in mind that the threat landscape is ever changing as attackers continue to evolve their tactics and techniques. Certain threats remain constant because some companies fail to educate their employees on how to avoid becoming victims of phishing attacks. Through these attacks, attackers can inject malware or compromise credentials using, for example, landing pages that pose as login forms for SaaS apps. They are basically looking for anything they can compromise to gain access to systems.
Effective “Defense-in-Depth” Must Include Security at the Edge
To keep up with this, security-conscious companies must therefore regularly examine their own infrastructure and applications for vulnerabilities and take the necessary steps to shore up these gaps. A typical response by decision-makers to the increasing complexity of their technology environments is to deploy new and (too) many different security solutions. But no tool can provide 100 percent effectiveness against new types of threats. Companies therefore need what’s known as a “defense in depth” mentality: they need to put up so many obstacles and layers that attackers cannot easily penetrate systems or compromise their applications.
A “defense in depth” strategy means investing in tools that are capable of automatically sensing, detecting, reacting, and responding to access requests, authentication needs, and outside and inside threats. These tools can prevent intrusion at multiple points where an organization’s infrastructure can be compromised. They include endpoint protection, cloud workload protection, vulnerability management, network firewalls, and web application and API protection. Fastly offers the latter with its next-generation WAF (Web Application Firewall), which can be deployed in the cloud, at the network edge, in data centers, or a hybrid of these.
The most immediate step companies should tackle when it comes to cybersecurity is a risk assessment – either by security experts in-house or with the help of an outside security consulting firm. This risk assessment serves three purposes:
- Determine if the company has already been compromised. Experienced consulting firms will develop a strategy to combat existing attackers and prevent further data theft.
- Perform analysis that prevents attackers from stealing financial assets, customer data, or intellectual property.
- Identify ineffective security practices that put the organization at greater risk.
As noted earlier, web app and API abuse is the top threat vector attackers leverage to breach organizations. As they have for the last five years, the Verizon security team that authors their annual data breach report cite web applications as the number one threat vector that results in a breach. And web app attacks are often used in conjunction with a high number of DDoS attacks. So it’s imperative that enterprises take a hard look at how they are defending their apps in production as part of any overall defense-in-depth security posture: if they currently have no web app or API protection solution in place, they need to factor that into their security plan and make the necessary investments going forward.
Unfortunately, Russia’s unlawful invasion of Ukraine has further increased the overall threat level and shown once again that conflicts are not just fought with weapons these days. We have already seen Russia launch attacks on Ukrainian banks and government institutions in order to take them offline. So it’s even more important that enterprise organizations improve their cyber resilience to prevent or detect and stop the next attack.
Outlook: State of Cybersecurity in 10 Years
In the long term, we see enterprise cyber boundaries becoming more ambiguous as they continue to shift from on-premise data centers to cloud or hybrid environments. Gartner predicted recently that by 2025, 85% of infrastructure strategies will integrate on-premises, cloud and edge delivery options, compared with 20% in 2020. While most internal private clouds are single-tenant or serve a specific internal use case or business unit, they are difficult to scale. Edge cloud platform providers can help enterprises protect all their apps wherever they operate due to multiple deployment options. A flexible software agent-module pair can deploy as a module at the web server or application or agentlessly on an edge cloud network.
Data no longer physically resides in the enterprise, and this trend will accelerate as more enterprises complete their digital transformation. While cloud and agile software development mean that companies can release new features faster to meet customer demand, it also means that those same applications and data can be misused or misconfigured, leading to unauthorized access.
Organizations that rely on cloud for efficiencies of scale can also realize cost savings when consolidating multiple vendors down to one that can provide both application delivery and security capabilities. Edge cloud platform providers are ideally suited for meeting both requirements. From a security standpoint, leveraging a platform that has security embedded at the edge is ideal for orgs that have embraced DevOps and rapid release cycles yet want to stay secure: having protection at the edge means detecting and blocking malicious traffic farther away from the app origin while making it easy for developers or security teams to enforce policy easily since the detection and prevention technology is easy to activate and operates in an “always-on” manner.
Again, taking stock of vulnerabilities in infrastructure, employee cybersecurity training and data handling is critical. Companies need to take the necessary steps to understand their own status quo and potential threats. By doing so, they are well on their way to stopping attacks before they even start.
Finally, evolving government guidelines are another area that companies must bear in mind. Companies must keep up-to-date with these guidelines and plan for – and budget for – how to comply. Therefore, effective, automated and compliant enforcement of security policies across infrastructure and ever-expanding application domains will be an ongoing focus.
As technology advances and organizations gain the means to develop and deploy high-performance applications and process and transmit even greater volumes of data, new attack tactics and vulnerabilities will emerge. Knowledge, experience and a strategic approach to securing the enterprise, its people and its data are key to overcoming the challenges posed by evolving methods of cyberattack.