FEATURE : FINANCE
These cloud-borne cyberattacks focus on lateral or ‘ east – west ’ movement , using defensive week spots to gain access to vulnerable cloud hosts before moving internally from host to host to find a safe dwelling spot .
discovered at all until their data is already for sale . With particularly sensitive data to protect , financial services organisations should be especially aware of the risk of uninspected encrypted traffic .
Hidden within the organisation ’ s network , these actors can then bide their time and plan their attack before they act , detecting the most sensitive data stores , analysing the networks for intelligence , and covering their tracks . As hybrid cloud environments grow more sophisticated , financial institutions ’ workloads and data becomes wider spread across the network . Without full visibility and robust security monitoring , the newfound complexity only breeds more potential blind spots for attackers to hide in .
Securing these landscapes with the right tool strategy is essential , and this must evolve in line with changing IT infrastructure . Financial institutions ’ existing security tools , engineered and employed for on-premise environments , rely heavily on data from logs , traces and event files – a fact that living-offthe-land attacks take for granted . The reality is that logs are ‘ mutable ’, meaning bad actors can manipulate them to mask their activity and lull security teams into blissful ignorance of an on-going cyberincident .
Today ’ s financial sector needs additional network visibility to enhance and verify log , event and tracebased intelligence . Only by gaining deep insight into their network traffic , including east – west movement across both the cloud and existing ‘ on-premise ’ environments , can security teams expose and remediate hidden threats .
Clearing the path
Log manipulation is not the only trick in the hackers ’ handbook . Encryption , deployed by countless modern businesses to protect sensitive data in motion , has become increasingly popular in hybrid cloud security strategies . But decrypting and inspecting all this traffic is not seen as cost-effective by many businesses . As a result , this same security strategy is commonly exploited to hide malware , mask malicious activity , and even smuggle stolen data through encrypted east – west traffic .
Currently , over two-thirds of businesses allow encrypted data to flow freely . Security professionals and boards are leaving their networks vulnerable to attacks which could cause significant financial and reputational damage , and worse still , may not be
Without complete visibility of all network traffic , including east – west and encrypted data-in-motion , all organisations are vulnerable to encrypted malware , data theft and ‘ living off the land ’ attacks . It is exceedingly difficult to defend against invisible threats you cannot see , and unprotected blind spots present organisation-wide risks with expensive consequences . For financial institutions and any other nation-critical organisations , gaining full network visibility must be a number one priority . p
Mark Jow , EMEA Technical Evangelist , Gigamon
WHILE IT MAY BE REASONABLE TO ASSUME THAT CLOUD PROVIDERS
PROVIDE SECURITY BY DESIGN AS PART OF THEIR PLATFORMS , THIS IS SADLY
NOT THE CASE .
www . intelligentcio . com INTELLIGENTCIO EUROPE 53