Comprehensive Analysis of Your Attack Surface

Comprehensive Analysis
Properly securing a network has never been more difficult–or more vital to an organization’s success. The theory behind network security is relatively straight-forward, with a few basic principles guiding the overall task. The best practices and theories are sound enough–and when applied correctly, they reduce risk of network breaches. However, as the old saw goes, “In theory there is no difference between theory and practice. In practice there is.”

Once you introduce business operations and needs into the security equation, complications ensue. Various departments will have workflows and procedures requiring access to each other’s data and services. These departmental issues–complicated further by the individuals developing and implementing them–result in further threats to a network’s operation and safety.

Trends Towards Complexity

Current trends in IT add another layer of complication and exposure. For example, BYOD means untrusted devices may have access to internal networks. Cloud computing (even private clouds) means network segments may expand from a local LAN or VLAN to a multi-site segment, and data centers host services on many different segments. Emerging practices around cloud computing, such as micro-segmentation, lead to high growth in the number of network interactions, as well as add to complexity. Increased access requirements for remote workers adds tunnelled or VPNed access to all of these.

Previous blog posts have introduced the concept of Veriflow and network protection. The increased reliance on the network, coupled with underlying complexity, leads to high rates of change in the network. Yet at the same time change becomes riskier in terms of stability and security–a challenging conflict for network operators. Veriflow aims to eliminate this conflict and provide trust in the complex, ever-changing network. In this post we’ll show how Veriflow can be used to formally verify a few basic security principles and best practices.

Defense-in-Depth

‘Defense-in-depth’ is the industry term for layered security. Rather than putting all the security at the edge of a network–leaving the inside of the network open–security is divided into zones, with security controls between the zones as well as at the edge of the network. In addition to segmenting the network into zones, defense-in-depth applies multiple means to achieve the same goal. For example, rules at the firewalls may also be applied by access control rules in routers, meaning that even if there is a firewall vulnerability, offending traffic may not get past the routers.

Veriflow’s policy library and path analysis ensures that multiple layers of defense are in place, even if the firewall fails or a service is on the network is breached. By analyzing every possible  traffic flow in network, Veriflow provides insight to the security team that traffic always traverses firewalls, and where traffic can go from internal network segments. More importantly, with our policy library, Veriflow can show when the network is misbehaving – routing packets to the wrong segments, or skipping vital firewalls. Because of our rigorous model, Veriflow does this proactively, alerting operators of the problem before seeing problem traffic, rather than reacting once it’s too late to prevent a breach.

Attack Surface Reduction

The attack surface of your network is the sum of all the ways an attacker can attempt to breach your network. A major security strategy is to reduce the attack surface, allowing the security team to focus its efforts on a smaller set of items. A typical example is the use of firewalls to limit the type of traffic that can even reach through to the network. Another example is to “black hole” route certain IP ranges so internal traffic doesn’t get sent to a public network. Minimizing the attack surface is challenging because it requires an understanding of the impact of each device on the whole network, not just its local effects.  A common example of this challenge is internal routing between network segments:  certain traffic must be allowed between segments, but only that traffic that is necessary for business services, blocking the rest.

By modelling the network and understanding each possible traffic flow, Veriflow’s policy library can ensure that only the right traffic is being allowed. This doesn’t apply to just the firewall or routing tables; it can be used to find potential traffic paths that are unnecessary and alert the operators before they become attack vectors.

The bottom line:  by knowing how the whole network behaves, and applying policy to all flows at once, Veriflow enhances security over a per-device or per-segment approach, delivering a unique and powerful approach to securing your network.