2022-06-11 | 4 mins
When you configure a firewall, it is classic to define an area as TRUSTED, normally the company's internal network, which if we are given the opportunity we turn green, and another as UNTRUSTED, which is the area that faces the internet and which we usually turn red.
These firewalls define a perimeter which they defend and we understand that everything outside it is potentially malicious and everything inside it is clean and good. This approach, known as the "egg shell", has long ceased to be acceptable.
In 2014 PWC published a paper in which it already talked about a new philosophy whereby an organization, especially an SME, should continuously assume a state of "compromised security". Yes, this means assuming that in our zone of trust there were malefactors who could act at any time. That we had malware already lodged and lying dormant waiting to be detonated at the right time. That our information was continuously being leaked to our competitors. Could we go on talking about green zones and red zones?
Firewall manufacturers then started talking about "lateral movement containment". The first point within a corporate network that an attacker infects is not his final target so he/she has to jump to other points or "move laterally". No problem, let's segment our internal network and put up more firewalls.
Not bad, the question would be then, at what level of granularity do we segment? Do we separate the servers from the users? Do we isolate the DMZ inside the datacenter? and what do we do with the file servers? And what do we do with the file servers? They are inside the datacenter but continuously accessed by users.
If we are going to deploy lots of firewalls, how do we manage them? Do I have to put the same rule in 35 firewalls?
It all started with personal mail, the typical hotmail/gmail. We have armored our organization with firewalls and it turns out that they open a hole the size of Australia next to the shop window. Personal mail cannot be inspected because of data protection laws and in many cases, cannot be banned. The attackers knew this and developed a technique called "phishing". The rest is history.
Then came dropbox, wetransfer, office365, the company's ERP and countless other applications that moved the gravitational center of the company's work outside the company's walls. As if that were not enough, and for the sake of security, all the applications came and went through the same port, 443, and the information was completely encrypted. Cybersecurity went back to the Paleolithic.
Then came the Next Generation Firewall (NGFW) with the promise of restoring the perimeter. And it did. It was (and is) able to detect protocols/applications and people instead of IPs and ports, scan files for malware, run them in sandboxes, and perform the titanic task of decrypting and re-encrypting all information passing through it. Bravo, we have green zones and red zones again.
That's where we were when the pandemic hit and everyone went home to work from there. Our corporate perimeter walls are shattered again. Long live VPNs! With them we can extend the corporate perimeter all the way to my home computer. Yes, the one my son or daughter uses to download films and video games. This move has led to the most successful malware/ransomware distribution campaign (the vast majority of which has yet to be detonated) in the history of cybercrime.
Let's face it, the perimeter as we knew it no longer exists. It has atomised and split and now manifests itself in the form of identity, software, information and AI algorithms. We will talk more about this in subsequent articles.
Por Javier Jiménez
CEO & Founder
© Grayhats | 2022-06-11
We seek to reflect our commitment and quality through recognized certifications. Rigorous standards that guarantee our operational excellence.