We live in a world where data leak is exploding in terms of the number of breaches and volume of data leaked. Let's go to the first principles to understand what causes these leaks and how to prevent them.
This is the second part of our two-part post.
Part 1 - How hackers compromise and exfiltrate data through apps
Part 2 - How to Think Differently and turn this problem Upside down
Until now, most security solutions have focused on the network (e.g., WAF, Firewall, Network DLP). Most of these technologies used deep packet inspection (DPI) to understand what’s inside the packet. Even with DPI, the network lacks context. It is unaware of what application or process created that packet. Additionally, as apps are becoming dynamic with Infra as code, distributed with IaaS/Cloud, and ephemeral with Containers/Kubernetes, it will become harder to monitor all the activities using network controls.
But hope is not lost. Turn this paradigm upside down. Think differently. What if we embed firewall functions in every app? Every app gets an identity to make decentralized access control decisions (privileges).
In this paradigm, every app clearly understands what’s ingress and egress, and who are its peer. Welcome to the world of Application-Centric Security.
Let’s revisit what we discussed in the last post. Enterprises offering services in this digital economy will get continuously scanned by adversaries. Solving for or looking for bad actors and anomalies in ingress is an unbounded problem. The actor might morph signatures, do different things.
But once the adversary comes in from the frontend, the game is on. What if we let things come in but monitor egress for every app/asset. Scan for what goes from front-end LB app to app tier. Scan for what goes from app tier apps to the data tier. Scan for what goes out of the database. We simply keep an eye on ingress and egress from all your critical apps and only allow the right communications to go out (t a k e a p a u s e). By doing that, we have created hurdles for adversaries in every part of their kill chain. Because If we disrupt any part of their kill chain, defenders win.
This concept is simple and elegant. Every app is given an identity and a set of privileges/policy. Whenever it communicates with other apps, it verifies (Zero Trust Principles). What’s challenging in this paradigm is uniformly covering apps across BMs, VMs, Containers, and Kubernetes. Giving out identities, verifying, and rotating them. Also, creating policies out of the box that is easy to manage and orchestrate across hybrid deployments. Intelligently routing and managing alerts. We think of these are operational challenges that are hard but surmountable. Reach out to see Araali in action.