Securing The New Network How Managed Security Reduces the Cost and Complexity of Protection from Cyber Attacks. Michael Harris Kinetic Strategies

Transcription

1 Securing The New Network How Managed Security Reduces the Cost and Complexity of Protection from Cyber Attacks Michael Harris Kinetic Strategies

2 01 Securing The New Network: How Managed Security Reduces the Cost and Complexity of Protection from Cyber Attacks 3 out of 4 organizations detected a security event in the prior 12 months Source: US Cyber Crime 2014 The power of the new network is unleashing opportunities for organizations to increase collaboration and innovation, improve connectivity with customers and prospects, reduce costs and accelerate growth. Tools like big data, social media, cloud services and mobility are transforming business. However, the benefits of anywhere, any-device access for essential business applications create a more complex security environment with a broader surface area vulnerable to attack by hackers. Not surprisingly, information technology (IT) professionals rank maintaining security and compliance as their number-one challenge. 1 In a 2014 survey more than three out of four organizations reported detecting a security event in the preceding 12 months. Underscoring the severity of the situation, the average number of security incidents detected was 135 per organization. Last year the FBI notified 3,000 U.S. companies that they had been victims of cyber intrusions. For those organizations able to estimate a monetary loss from the intrusion, the average cost was $415, Cybersecurity is particularly challenging because the volume and variety of threats are evolving rapidly. Unless security is an organization s core competency, cost effectively staying ahead of the threat curve is a problematic proposition for most in-house IT teams. As a result, more than half of businesses now outsource at least one of their IT security solutions, up from only one-third two years ago. 3 A leading technology research firm noted that outsourced services enable organizations to bring in competences that they lack or to replace functions or processes that incurred huge recurring costs. Furthermore, such managed services can reduce recurring in-house IT costs by 30 to 40 percent and deliver a 50-to-60-percent increase in efficiency. 4 Target Practice The customer data breach at retail giant Target Corporation in December 2013 offered a cybersecurity wake-up call for organizations of all sizes. The hack resulted in the disclosure of 40 million credit card numbers, plus the addresses, phone numbers and other personal information of 70 million customers. According to a leading cybersecurity researcher, a key pathway into the retailer's network was hacked through one of Target s contractors, a midsize refrigeration services firm. The researcher contends that the 125-employee company used a free security software solution, intended for individual consumer use, that lacked real-time protection.through a variety of attacks on the midsize company, hackers appear to have uncovered login credentials for Target s external billing system. 5 This episode and recent security breaches impacting one of America's largest banks and home improvement retailers have refocused attention on compliance requirements for small and midsized businesses that serve larger enterprise customers. For those firms working in healthcare or with government agencies, failing to comply with the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA) or Health Information Technology for Economic and Clinical Health Act (HITECH) can be severe. There will be more Targets as more data become digital, explains a leading security research organization. Hyperconnectivity opens up more points of presence for attack and exploitation. 6

3 02 $188 the average cost per record for a data breach Source: Ponemon Institute Gone Phishing To tap the immense economic opportunity available through digital theft, hackers now operate through sophisticated and well-financed global cartels. Like robbers breaking into an office or home looking for cash, jewelry or electronics, digital thieves are searching for high-value assets that can be quickly liquidated. Freshly acquired credit card numbers can fetch $20 $45 apiece through online black markets. Likewise, user names and passwords for social media and ecommerce sites are prized. Hackers-for-hire may also be contracted to steal specific intellectual property assets from targeted organizations. 7 60% of midsized businesses are using cloud-based security solutions Source: SpiceWorks For those companies that are victims of cybercrime, research found that the cost of a data breach averages $188 per record affected. 8 Besides lost data, breaches can damage a company s reputation and customer relationships, or result in fines or increased regulatory scrutiny. The most common cybersecurity threats include malware, phishing and denial-of-service attacks. Malware: Malicious software (or malware) seeks to penetrate computing systems to gather high-value private information, cause intentional digital damage or create a launch pad for further attacks. The most common examples of malware include worms, trojan horses, viruses and spyware. In a recent survey of IT security professionals, 74 percent said malware infiltrated their network from employee web surfing and 64 percent reported malware intrusions via . 9 Phishing: Like an angler luring a fish to bite a hook, hackers masquerade as trusted sources to capture private data. Camouflaged messages are sent via , SMS or social networking from seemingly legitimate sources, such as a bank or ecommerce site. Unsuspecting users click on spam links to malware or unwittingly provide personal information through phony website forms. Denial-of-service attacks: As the names imply, denial-of-service (DoS) or distributed denial-of-service attacks (DDos) seek to intentionally block access to network resources or devices. A DoS attack can be launched as a form of cyber vandalism or a tactical offensive against a selected target. A classic DoS attack will flood a target web server with bogus traffic to prevent legitimate users from accessing the site. IT professionals reported that their organizations experience an average of 4.5 DoS events per year. These attacks typically consume 1.7 GB of bandwidth and cause 2.3 hours of outages. 10 Outsourced Countermeasures As attacks escalate in frequency and intensity, IT professionals are increasingly challenged to maintain their organization s defenses. A leading IT research firm has advised that today s security environment requires tool and analytical expertise that will be difficult for many organizations to supply in-house. As a result, the firm forecast a compound annual growth rate of 15.4 percent through 2017 for outsourced security solutions. 11 Many organizations turn to managed security services from cloud and network providers. A recent survey of small and midsized business IT professionals found that 60 percent are using network-centric and cloud-based security solutions. According to the survey, the biggest benefits of outsourced network security are eliminating the need to manage special hardware, automated systems for supporting software updates, ease of management, lower setup costs and enhanced solution integration. 12

4 03 Additional benefits include 24/7 network monitoring and relying on the highly trained and experienced technical support staffs of managed service providers. Benefits of using a network-centric and cloud-based security solution No special hardware to maintain Automatic software updates Ease of management Low setup costs Multiple measures at once Source: SpiceWorks 35% 41% 76% 63% 63% Additionally, a survey by Cisco Systems found that to simplify management and implementation, many businesses prefer to purchase cloud services from their Internet or wide area network (WAN) service provider. 13 Unified Threat Management One type of managed security solution, Unified Threat Management (UTM), is proving to be an attractive option for many organizations. Underscoring the trend, a recent market analysis forecast a 16.5-percent compound annual growth rate for UTM solutions through UTM offerings may integrate a range of security capabilities, including an advanced firewall, antivirus/antispam tools, intrusion prevention and detection, content filtering, virtual private networking (VPN), vulnerability management and advanced security reporting capabilities. Firewall: Much as physical barriers are used to prevent flames from crossing into separate building spaces, network firewalls establish a barrier between trusted and insecure network zones. Rule sets are applied to inspect and secure incoming and outgoing traffic flows through routers or other network devices. Firewalls can be configured with demilitarized zones (DMZs) to safely make resources available to users outside the organization. Because external access is restricted to resources within the DMZ, an organization can provide public access to web or file servers without exposing secure internal networks. Public Wi-Fi connectivity may be also offered through a DMZ. Antivirus/antispam: These tools scan and protect the network by detecting viruses, worms, trojans and spyware from malicious and websites. Content filtering: Such solutions enforce policies on user activities to prevent access to dangerous or unwanted external content and applications. Some content filtering solutions can also monitor outgoing traffic from an organization, offering a way to detect possible employee violations of organization usage policies and regulatory mandates. The intent is to reduce security risks and bandwidth consumption, as well as boost user productivity by blocking problematic websites, applications, social networks and risky behavior. Intrusion prevention and detection solutions (IPDS) : IPDS monitor an organization s network for malicious activity from both external and internal sources. Incidents are logged, alarms are triggered and countermeasures are launched to block or stop the attack.

5 04 Virtual private networking: VPNs encrypt traffic and authenticate users. They can be used for remote access by workers or to secure connections between business sites. Some service providers are able to configure and manage secure VPN solutions for businesses. Vulnerability management: These solutions scan network devices, applications and traffic to detect security risks before they are exploited and recommend corrective action. Security reporting: Threat event reporting and vulnerability assessment management can be a valuable tool for IT planning, as well as meeting security audit and compliance requirements. 43% of IT professionals worry about security on their wireless LAN Source: InformationWeek Wi-Fi Security Two-thirds of companies provide Wi-Fi access for employee devices including smartphones, tablets and laptops through the organization s wireless local area network (WLAN). 15 Wi-Fi enables untethered connectivity, enhancing productivity and collaboration for workers. However, unless properly managed, wireless networks can pose serious security risks. In a recent survey 43 percent of IT professionals said they worry about data security on their wireless LAN. 16 These fears are well founded. An analysis of wireless routers used by some businesses to provide Wi-Fi access found 55 security vulnerabilities. Such flaws provide a pathway for attackers to quickly penetrate the organization s network. The researchers noted that these vulnerabilities typically involve insecure default settings on wireless routers and the misconfiguration of network services. 17 Increasingly, network and cloud service providers offer wireless LAN configuration, monitoring, management and security services. These solutions streamline Wi-Fi setup and operation, including device authentication and encryption settings. InformationWeek noted such services offer an attractive option for WLAN management, particularly for small and midsize businesses and educational institutions that may be short on IT resources. 18 Securing Availability and Business Continuity In the big picture, security is about more than preventing attacks. It means ensuring that network resources, applications and assets are continually available to achieve organizational objectives. When the flow of data stops, so does business. Research finds that for most companies, it is not a question of if a network outage will occur, but when. One recent survey found that the cost of network downtime for a business averages $5,600 per minute, equal to more than $300,000 per hour. 19 An important aspect of securing network availability is utilizing facilities-based network diversity and redundancy. This way, if one service provider connection fails, traffic can be automatically switched to another link to keep the network running. Many service providers that don t own and operate their own networks resell the same last mile network service offered by the Incumbent Local Exchange Carrier (ILEC). As a result, an ILEC outage may affect customers of several other service providers as well. It is important to investigate the infrastructure elements of potential service providers to ensure genuine redundancy.

6 05 Selecting service providers that offer service level agreements (SLAs) is also important. SLAs set performance benchmarks for service reliability such as total uptime for the connection, levels of bandwidth and latency, and the availability of essential infrastructure. If an outage occurs, an SLA specifies response and repair times, as well compensation to the customer for the interruption. Implementing data recovery strategies to restore digital assets following an ordinary or catastrophic disruption is also essential. Offsite storage and backup are at the heart of most data recovery plans. In a recent survey, 94 percent of midsize and small businesses in the U.S. report backing up at least some data to the cloud. 20 To address this need, some Internet and network service providers integrate cloud storage and backup offerings with access solutions. For example, Time Warner Cable Business Class offers facilities-based Internet access and network services with a diverse path from the ILEC, as well as cloud services for businesses. Up to 84% lower TCO with managed router services Source: ACG Research The Role of Managed Router Services IT teams are turning to service providers and other IT organizations to manage their Internet, WAN and wireless LAN security to maximize network performance. This approach enables companies to offload day-to-day network support requirements from internal IT staff and gain best-in-class expertise. Managed router service providers, including Time Warner Cable Business Class, can offer turnkey provisioning, configuration, change management and monitoring as well as 24/7/365 support that can deliver a more secure, available and high-performing network. In the security domain, firewall management, virtual private network (VPN) configuration and software update support can save valuable IT staff time and minimize network vulnerability. An analysis by ACG Research that included two use cases found that, over a three-year period, a managed Internet router and security service can deliver up to an 84 percent lower total cost of ownership (TCO) compared to an internally managed approach. This includes both capital and operating expense reductions including soft or hard dollar savings associated with eliminating IT staff or contractor hours for network setup and day-to-day operations. Many companies choose to free up IT staff to focus on more strategic projects and realize significant productivity gains that benefit their organization. 21 The Best Offense Is a Good Defense The power of the new network has created new opportunities for organizations to enhance operations, marketing and customer care. However, today s hyper connected environment presents a host of new security vulnerabilities for sophisticated hackers to attack and exploit. Additionally, securing network availability is essential for connected businesses. By leveraging managed security and router services, organizations can cost-effectively bolster their defenses by gaining access to leading-edge expertise and freeing internal staff to focus on other strategic tasks.

7 06 About the Author Michael Harris is principal consultant at Phoenix, Arizona-based Kinetic Strategies, Inc. Applying more than 15 years of experience as a strategist, research analyst and journalist, Michael consults with select clients in the networking, Internet and telecommunications industries. About Time Warner Cable Business Services Time Warner Cable Business Services, a division of Time Warner Cable, offers a full complement of business communications tools to small, medium and enterprise-sized companies under its Time Warner Cable Business Class brand. Its Internet, voice, television, network and cloud services are enhanced by award-winning customer service and local support teams. Through its NaviSite subsidiary, Time Warner Cable Business Services also offers scalable managed services, including application services, enterprise hosting, and managed cloud services primarily in the U.S. and U.K. Time Warner Cable Business Services, founded in 1998, serves approximately 674,000 business customers throughout Time Warner Cable's service areas. For more information, visit Time Warner Cable. All Rights Reserved. 1 Trends around Desktop Virtualization for Small and Mid-sized Organizations, Spiceworks, April US cybercrime: Rising risks, reduced readiness. Key findings from the 2014 US State of Cybercrime Survey, by PwC, CSO magazine, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, and the United States Secret Service, June Network Security: Why the Growth is in Managed Services, Aberdeen Group, Analyst Insight, May 8, Managed Services Market: Global Advancements, Market Forecasts and Analysis ( ), by MarketsandMarkets, August Brian Krebs, Attack on Vendor Set Up Breach at Target, KrebsOnSecurity, February 5, Markets for Cybercrime Tools and Stolen Data: Hackers Bazaar, RAND Corporation, Markets for Cybercrime Tools and Stolen Data: Hackers Bazaar, RAND Corporation, Cost of Data Breach Study: Global Analysis, Ponemon Institute, May Best Practices in , Web and Social Media Security, Osterman Research, January Survey on Distributed Denial of Service (DDoS), SANS Institute. 11 Magic Quadrant for Global MSSPs, Gartner, February Look Ma, No Hardware! How cloud-based IT apps are making life easier for IT pros, SpiceWorks, September Cisco Systems, SMB Cloud Survey. 14 Global Unified Threat Management Market , Research and Markets Wireless LAN Strategies and Vendor Leadership, Infonetics, November Wireless LAN Survey, InformationWeek. 17 SOHO Network Equipment and the implications of a rich service set, Independent Security Evaluators, July Wireless LAN Survey, InformationWeek. 19 The Cost of Downtime, Andrew Lerner, Gartner Group, July 16, Disaster Recovery Survey, IDC, May Managed Network Services: The TCO Payoff, ACG Research, 2014.