Member Article

Business transformation: securing legacy systems and protecting against IoT attacks

Enterprises are increasingly adopting business transformation strategies where people, processes and technologies are aligned with the business vision to better serve customers and increase revenue. According to the IDG 2018 Digital Transformation whitepaper , traditional enterprises are more hesitant to embrace business transformation when compared to start-ups. Indeed, 55 percent of start-ups have already adopted a digital business strategy, compared to just 38 percent of traditional enterprises. So, what is holding them back, and what impact does security have on business transformation?

A 2017 report by Nimbus Ninety found that half of companies cited legacy systems as a barrier to digital transformation . Traditional enterprises are more likely to rely on legacy infrastructure that can be decades old and often beyond compliance regulations, which means it is either too expensive or not technologically compatible to update or augment. In comparison, start-ups may look to drive towards improved customer experiences through agile mobile and cloud-based applications .

Not only does the legacy system issue restrict digital transformation, it also has vast implications for security. Regardless of the benefits of consolidating and modernising IT Security, the reality is that such a complete transformation is a vast undertaking with a steep price tag both in terms of team resource and technology. Many organisations end up sweating their assets beyond end of life – all while modernising other elements of their digital operations with IoT technologies. This means that a strategy for hybrid environments, and the technology needed to support that strategy must be put in place to detect the threats of today, and the future, because cybercrime isn’t going to stop evolving.

Detecting Modern Threats in Legacy IT

Over time large organisations and government agencies have built out extremely complex technology stacks that often overlap. In many instances, organisations don’t even know what legacy systems are still operating in the background. To start with, auditing what’s on your network is fundamental and an asset classification technology is important for discovering legacy systems you don’t know about.

Once you know what you’re dealing with, you need to set about establishing ways that the organisation can confidently detect threats at any point in the kill chain. The key to this is having visibility of the traffic that is flowing to and from the network.

Imagine your organisation is a bank and in one of the rooms, a Fabergé Egg is sitting under lock and key in a safe. When it comes to security, you would want to make sure all the doors are being monitored for any suspects entering or leaving the building – you don’t want to miss any doors on your security cameras. To be extra safe, you’d like to have an X-ray Machine to see what people are taking in and out - is that person carrying an apple in his pocket, or the prized Fabergé egg? And if the alarm is tripped, you want to know who tripped it, what time the crook arrived and which door he used.

In the world of cybersecurity, to get this type of visibility and context – you need bi-directional network traffic analysis that covers all ports and protocols, and you need rich metadata for the context. Having this layer of visibility across the full environment, including legacy systems is invaluable for minimising blind spots and ensuring your data is not being exfiltrated.

The enterprise Internet of Things (IoT) threat

With a combination of legacy systems and the introduction of new connected devices, monitoring the extending environment can be challenging. According to IDG, 61 percent of enterprises believe IoT will play an increasing role in their digital business strategy. Given that IoT devices connected to standard PC platforms are often the foothold in most attacks, more connected devices included as a result of the business transformation will mean more opportunity for attacks against these devices. Deception technology can help.

Let’s go back to the analogy of the Fabergé egg under siege. Think of deception as a decoy with a built-in alarm. When a crook enters the bank, he won’t arrive at his intended destination. Instead he’ll be stuck in reception and he’ll need to conduct reconnaissance to try to find his way to the prize without getting caught. Now imagine there is a fake Fabergé egg that looks identical to the true one and a number of fake indicators that subtly lead the crook to the fake jackpot. He’ll look at it, pick it up – and hopefully leave thinking he got what he came for – no harm done. All the while the bank was watching his every move.

In cybersecurity, that’s what Deception technology does. It automatically deploys realistic decoys and breadcrumbs to make the deception layer deterministic – diverting attackers away from legacy systems. Alerts from the deception layer come from, accessing decoys and services, network traps, or traps from enabled breadcrumbs.

Given some legacy systems cannot be updated, deception defences fit well into these environments as no agents are required. An added benefit of deception defences being agentless is they place no risk to legacy systems, data or processing steps, and decoys can represent desktop or server systems. Deception defences are effectively the invisible trigger and therefore have actionable alerts with very low false positives. The end result is providing what attackers desire to lure, detect, and defend with very little alert noise.

*Ready for the business transformation *

The impact security has on the enterprise and business transformation is unquestionable. Security teams need to have efficient and effective processes in place to secure the enterprise as it becomes open to new threats – such as the impact of new IoT devices running on the network – and, as its legacy IT systems become increasingly vulnerable. Using techniques such as deception will protect enterprises against such attacks, helping to reduce dwell time and will be critical to making sure customers are not only better served, but that they do not become collateral damage themselves.

This was posted in Bdaily's Members' News section by Andrew Bushby .