Industry Innovators 2016: Perimeter defense
It's pretty hard to defend what isn't there. We won't go so far as to imply that the perimeter is gone – yet. However, the fact is that there always will be a perimeter. What it will look like – well, that may be something else entirely. We have written before that protecting the data is the key reason that we have information security. It would be pretty pointless to protect something that did not need protecting. However, the data on our networks today is pretty much the crown jewel of the organization and needs serious protection on lots of levels.
So, we put it behind a firewall and call that the perimeter. That is, until we put some or all of it in the cloud or give mobile device access to that – presumably protected – data. Then there is the issue of inviting the adversary into the network by succumbing to phishing or drive-by attacks. Now we have, whether we meant to or not, significantly redefined the perimeter. In fact, it might be said that there almost is no perimeter. For example, when a bank puts up a customer portal for an online banking system, it reaches back into the network for the backend data storage.
But does this mean that we have scrapped the perimeter? Our Innovator in this section certainly doesn't think so. There are issues that have clear perimeter functionality without being perimeters. For example, if you set access by VPN only, you've moved the perimeter out to the endpoint on the VPN. If you encrypt access to servers by internal endpoints, you've moved the perimeter to the endpoints. And, if you provide access to an SaaS application over the internet, to where you've moved the perimeter is debatable. You might consider the SaaS application the perimeter, or you might consider the front-end back on the enterprise to be the perimeter. In any event, the perimeter is not just the network edge as defined by a firewall (though it might be that as well).
There are multiple protocols, operating environments and applications, as well as physical and logical locations, for the data you want to protect. All of that poses a serious challenge for the reason we have a perimeter in the first place: To protect the data.
Vendor Cyber adAPTFlagship product Secure Device Management
Price Beginning at $9 per device per month with licensing models that support the SMB to global enterprises
Innovation Addressing the security of the perimeter wherever it happens to lie
Greatest strength Vision. These folks, to paraphrase Pogo, have seen the future and it is them. Merging with MAD and their view of the IoT are examples.
This Innovator concentrates on the mobile device as the putative perimeter of the enterprise, regardless of where the data actually resides. The company takes the position that the traditional network perimeter is moving out to the mobile endpoints. This trend is collapsing the network core to be the hub between endpoint hosts; data centers, which are also being pushed out to the cloud; and outsourced services and applications. The “network core” is quickly becoming nothing more than a data crossroads linking mobile devices with cloud-based applications and storage.
The problem it is solving is how to secure confidential data on every mobile device as the endpoint becomes less traditional. This firm believes that the current paradigm of mobile device management (MDM) does not give a lot of security options, such as split tunneling in BYOD. Through their acquisition of MobileActive Defense (MAD) the company can now merge data protection with remediation. This allows application of threat intelligence to MDM. If a device is exhibiting dodgy behavior, this tool can compare to a baseline and then quarantine. A major benefit is the reduced threat intelligence/remediation cycle.
With that in mind, Cyber adAPT has introduced its Secure Device Management (SDM) server. This is a centrally managed enterprise-grade system designed to extend security functions to corporate and personally owned mobile devices and Windows desktops.
SDM features six distinct functionalities: IPsec VPN concentrator, stateful inspection firewall, security-enhanced MDM, PKI/ certificate authentication, content filter, intrusion prevention/anti-virus, and containerization (application wrapping) and mobile threat detection. All traffic to and from mobile devices is routed through a secure 256-bit, certificate-authenticated IPsec VPN connection. As the network becomes more porous and sensors more vulnerable, the tool will extend detection/protection framework out to IoT without being a slave to protocols.
We found this Innovator interesting partly because we have been watching MAD for some time and we are not surprised at this merger. From the perspective of functionality, it makes perfect sense. But, the merger is not limited by the functionality. This Innovator clearly has a view of the future. The next step, of course, is IoT. Cyber adAPT takes the position that IoT is little more than mobile devices all over again. That's a pretty big bite to chew, but we're betting on these folks, especially with the heritage of MAD in their DNA.