Treat every corporate server as compromised, advises security expert

Andy Dancer, MD and CTO EMEA for Trend Micro, advised enterprises on a new security model, explaining that the old perimeter-based defence approach will no longer work

The old perimeter-based approach to cyber security no longer works, and enterprises must assume that every corporate server and machine has been compromised.

This is the view of Andy Dancer, MD and CTO EMEA for leading security firm Trend Micro, who was speaking at this morning's Westminster eForum Keynote Seminar on e-Crime, Cyber Threats and Protecting Critical Infrastructure.

"The days of the perimeter working as the sole defence mechanism are no longer with us," explained Dancer.

He argued that consumerisation is partly to blame. Employees regularly take data in and out of the corporate network on devices such as smartphones and tablets, many of which have often not been secured by the IT department.

He also explained that a failure or delay in the patching process can open up holes in the perimeter that cyber criminals can exploit.

"Microsoft releases its patches on a Tuesday, but datacentre administrators sometimes take weeks to apply them. They need to schedule downtime and test the patches," he said.

"However, hackers take just a few hours to exploit these vulnerabilities."

Another point of attack can be the users themselves. Secure token specialists RSA were hacked in March this year when an employee opened up a malicious email attachment, believing it to be from a trusted source.

Dancer stated that organisations are unlikely to find out about a breach for months, if at all, once hackers get access to the network.

"Once hackers defeat the perimeter, they will make stealthy, pinpoint attacks from there," he claimed.

"This isn't an outbreak which shuts all the corporate machines down – it's about probing and searching for valuable data or other vulnerabilities."

In order to defend against this form of attack, he recommended that enterprises operate under the assumption that they have been compromised.

"You should assume that every server in your company is compromised, then build your security around that," said Dancer.

Treat every corporate server as compromised, advises security expert

Andy Dancer, MD and CTO EMEA for Trend Micro, advised enterprises on a new security model, explaining that the old perimeter-based defence approach will no longer work

He explained that this approach also helps smooth the path to cloud adoption, since the same principles of defaulting to a position of no trust apply.

"You can move to the public cloud in the same way. There's a higher chance that other machines in the cloud are compromised, but if your security is already set up to work with this, you can use it in a relatively safe way," he said.

But what does it mean to treat every server as compromised? Dancer explained that encryption is part of the answer.

"If you encrypt all the data in your organisation, if it leaks out or is seen by a compromised server, it's less of a risk. Then your problem becomes how you ensure that the intended recipient has access to the correct encryption key," he claimed.

"That's a more containable and manageable problem."

He added that using Intrusion Prevention Systems (IPS) on every corporate machine is another useful defensive tool.

An IPS monitors networks and systems for malicious activity, and can be set up to alert the organisation, or attempt to block the unwanted behaviour.

"If you use an IPS on every machine, then you will be protected even if the machine next to it is compromised," he explained.

Dancer concluded that, even with this new security paradigm, organisations should still plan for things going wrong.

"Don't assume you're safe. Assume you're not, and figure out now how to react when you are compromised," he said.