Threat Management

Solving man in the middle cyberattacks with cloud-native SDPs

When it comes to the workplace, we are office-bound no more. While it still may seem counterintuitive, most work today actually gets done (at least some of the time) from remote locations, not company offices. Whether from home, a co-working space, or an airport, subway, hotel, or Starbucks, employees and contractors alike can be found working virtually for a good chunk—or all—of their workday from public settings. 

How does this reality affect enterprise security? Traditionally, the enterprise approach for working beyond the perimeter has relied on a virtual private network, or VPN. Yet while VPNs are the most common solution for enabling remote workers to access the corporate network and the data that resides on it, the shifts mentioned above have rendered them outdated when it comes to security. That’s because the idea was based on the assumption that users on a local network could be “trusted,” which resulted in a sizable attack surface being left vulnerable to potential attackers. 


One type of well-known security threat in the enterprise environment that VPNs are ill-equipped to defend against are called Man in the Middle (MITM) attacks. In this worrisome security breach, a cybercrook positions himself or herself in a dialogue between an application and a user. Yet despite the perpetrator’s malintent—which is usually either to listen in on a conversation or pretend to be one of the people in the exchange—it looks to the user as though everything is perfectly normal. 

As explained in International Journal of Data and Network Science, the purpose of a MITM attack might be to “take individual information, for example, login certifications, account points of interest and charge card numbers. Targets are normally the clients of financial applications, SaaS businesses, web-based business locales and other sites where logging in is required. Information obtained during an attack could be utilized for many purposes, including fraud, unapproved support exchanges or an unlawful watchword exchange.”

Network-based Man in the Middle attacks result from weaknesses in the network communication framework, where network traffic is intercepted by the hacker instead of the assigned router. At this point, the hacker transmits spoofed Address Resolution Protocol Messages to any open LAN, oftentimes in airports, coffee shops or hotel lobbies. These altered transmissions are designed to persuade network administrators to upgrade routing data, enabling the MITM attacker to falsly notify users that the correct MAC address for the location’s IP address will be located on the hacker’s computer. 

VPN vs. SDP Against MITM

Conventional VPN solutions can defend against MITM attacks on the public wifi; they can send network traffic via an encrypted tunnel as protection. But VPNs often use a split tunnel to save money and reduce latency. They send private data-center traffic over the VPN, while sending web traffic out directly and leaving endpoints vulnerable. Another problem with VPNs is that they are generally not used all the time; users activate them when they need access to the enterprise network, but the rest of the time they use the internet without the VPN, significantly increasing the risk of a breach. Finally, VPNs do not offer zero-trust security, therefore, potential attackers have broad access to network resources.

A more effective solution to better defend against MITM attacks is a software-defined perimeter (SDP) that includes “always on” security, which secures both network access and web traffic. Such SDPs offer a dependable security framework by encrypting all traffic from the user device, whether it’s going to the data center, the cloud, or the web. By micro-segmenting enterprise network access, SDP solutions reduce the attack surface compared to VPNs.

Advanced, cloud-native SDPs are built around a zero-trust architecture that provides each user with a unique, fixed identity for one-to-one network connections. These are dynamically created on demand between the user and the specific resources that he/she needs to access. No access is possible unless it is explicitly granted and any access that is granted is continually verified at the packet level. Once data centers, clouds, and branches are onboarded to the SDP, policies define what is visible to authenticated users.

In contrast to the old “trust but verify” approach, the new way of thinking is based on never trust, continually verify, as well as minimizing access to a company’s resources with dynamic micro-segmentation. Given the growth in the sophistication and impact of MITM security attacks, IT organizations must move quickly to adopt this new security model. Many will find that the optimum place to start is where the current security model has the greatest weaknesses – remote access – and look into replacing VPNs with a zero-trust Software-Defined Perimeter.

With VPNs less able to protect IT resources and applications migrating to the cloud, SDPs are emerging as the superior alternative to traditional VPNs in helping to prevent MITM attacks. By allowing organizations to standardize remote access security for all users while reducing the risk of potential attacks, zero-trust SDPs offer a compelling new paradigm for remote access.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.