Is The Perimeter Really Dead?

  /     /     /  
Publicated : 22/11/2024   Category : security


Is The Perimeter Really Dead?


Despite naysayers, many security experts believe perimeter defenses have relevance when deployed as a part of defense-in-depth



Even while mobile, cloud, and software services are blurring the lines of corporate IT boundaries through deperimeterization, enterprises still continue to spend increasing amounts of security budget on perimeter protection. The question is, are they wasting their money? Its one of the most contentious questions in security -- perhaps only behind the one about the usefulness of antivirus. So it is no surprise that the answers are varied.
Hardliners, of course, have been hammering on the death of the perimeter for a long time now.
Perimeter security is no longer relevant to enterprises. With the mobilization of the workforce, its very hard to define the perimeter of any organization because mobile-enabled employees are connecting to the network from all over the world on devices of their choosing, says Thevi Sundaralingam, vice president of product management at Accellion. Next-gen security needs to focus keeping content safe, not on defining a network perimeter.
Then there are the cynical abandoners.
[Is IPS in it for the long haul? See
The Future of IPS
.]
In my opinion, perimeter security is not dead -- it just has been handled incorrectly for so long people are giving up, says Alex Chaveriat, a consultant at SystemExpert, of this crowd.
But others believe perimeter protection still has plenty of relevance for enterprise IT, even if it means rethinking the role of the perimeter and how these defenses are deployed.
The perimeter will never die, it will just get more focused, says Corey Nachreiner, director of security strategy for WatchGuard. Sure, our workforce is getter more mobile, which means we need to incorporate new security solutions. But lets not fool ourselves. The perimeter will never go away.
Instead, he says, it will focus on server infrastructure and data centers, rather than endpoint users. As he puts it, the industry will eventually realize that it will always have to operate in a hybrid environment. That means recognizing the need for additional security innovations bolstering perimeter security rather than replacing it.
Just because people are using mobile devices and cloud services doesnt mean they wont still have local servers and assets behind a relatively static perimeter, Nachreiner says.
Additionally, organizations need to maintain perimeter defenses not just for the traditional ingress monitoring, but also for egress visibility -- crucial to pinpoint large-scale breaches.
Ultimately, the bad guys need to pass through the perimeter in order to complete the exfiltration of the data they are trying to steal, says says Michael Patterson, CEO of Plixer International. Monitoring behaviors is playing a significant role in this area as is the reputation of the site being connected to.
Patterson also explains that perimeter defense doesnt necessarily have to be placed as a border wall defense at the edge -- in fact, it may have more relevance inside the network as organizations monitor and block threats as they try to move laterally within the organization. Its for this reason that Mike Lloyd, CTO of RedSeal Networks, says that rather than dying, the perimeter has actually grown in recent years.
Think of the brooms versus Mickey Mouse as the Sorcerers Apprentice. Companies have more and more perimeters that are getting smaller and smaller, he says. Regulation drives it: PCI demands internal zones of segregation. BYOD drives it: Once you let zany uncontrolled endpoint devices onto your network, you have to build zones to keep them away from internal assets. Security drives it: Weve talked about defense in-depth for years, but people are finally doing it.
As a result, Lloyd says, security practitioners have more opportunities for controls. This, though, can be a blessing and a curse.
The downside is complexity, more controls in more places, he says. The aspirin for that headache is automation. Make sure that all the enclaves you designed are actually set up and maintained properly as change happens.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Is The Perimeter Really Dead?