When Russia invaded Ukraine, our concerns became something the whole world rather than just IT started to hear about. The news reported that cyberattacks were being used by both sides and within hours of Russia invading, it was announced that a new data wiper malware had been installed on hundreds of machines across Ukraine by Russia.
Next, several countries and international organizations, including the United States, Canada, and the European Union, imposed sanctions on Russia as a sign of disapproval of the conflict. Given Russia’s demonstrated history of using advanced persistent cyberattacks, U.S. cybersecurity leaders asked companies to remain vigilant and take immediate action to improve their defenses against potential attacks.
However, it’s important to note that these are just a few examples, and not the only tactics that sophisticated threat actors are utilizing. More than ever, large companies are subjected to cyberattacks and this has been accelerating in the past years.
Legacy infrastructure with large attack surfaces that allow for lateral movement has proven to be an irresistible target for attackers. An attacker can easily sweep the internet, scanning for open ports to attack or sending mass batches of phishing emails. If they can penetrate the network or install malware the door is open for them. They can roam around on the network and extract data without anyone ever knowing they have been there.
Many companies have solutions from multiple vendors to try and resolve these issues but monitoring and managing these systems, keeping them updated, and reacting to any issues is very time-consuming and expensive. It’s like putting your finger in a leaking dam. The old way of doing things just no longer works.
With the risk of being attacked increasing, we need a better way of architecting to protect against ransomware. We need to minimize the attack surface by ensuring that applications are not directly exposed to the open Internet. The reduction in attack surface should be coupled with the ability to inspect, and if needed, block malicious exploits lurking in SSL.
We need to remove remote access technologies that require placing users directly on the network and replace them with technologies that give the least privileged access to applications. And we need tools to protect sensitive data being exfiltrated with inline inspection and DLP controls. We need to be able to disable upload and download as needed, block copy & paste of data, and be able to tell what data, if any, is being exfiltrated to an external source.
The HPE Aruba Networking SSE solution can resolve many of these issues. HPE Aruba Networking ZTNA supports zero trust application access by granting app access for any user and any device from anywhere—without requiring network access. ZTNA capabilities place a lightweight connector in front of the applications, and they are published to the required users. Only access to the application, at a granular level, is granted—not full network access. The user requests access to an application and HPE Aruba Networking SSE mediates the initial connection, which is key to zero trust. There are no passthrough connections allowed. The user’s identity is verified, and access is validated based on policy and context, such as user identity, device health, application type, and even the user’s location.
The service then brokers a 1:1 outbound connection between a specific resource and an authorised user. The key is that this is granular. There is no network access. Traffic is inspected throughout the session which means if anything changes, such as the user’s IP address, the user’s access permissions are removed, or the device posture access is revoked. ZTNA local edge capabilities also allow policies defined in the cloud to be consistently enforced on campus as well.
IT teams can configure DLP controls that disable upload and download as needed, block copy & paste of data, and tell you right away what data, if any, is being exfiltrated to an external source.
With the tools working in harmony, you can significantly reduce the risk of ransomware as highlighted below:
It's worth noting that, unlike some vendors, HPE Aruba Networking SSE offers granular access to applications and services using tagging rather than relying on segmentation which makes granular access difficult and costly. With segmentation, you cannot follow a true zero trust path, and this means that sophisticated attacks can still reach other applications running in the same segment. Additionally, vendors that use virtual firewalls to connect traffic to a network can be still susceptible to ransomware threats due to the visible attack surface that is still present.
Learn more about ransomware protection:
Jaye_Tillson
Jaye Tillson is a Field CTO and Distinguished Technologist at HPE Aruba Networking (formerly Axis Security), boasting over 25 years of invaluable expertise in successfully implementing strategic global technology programs. With a strong focus on digital transformation, Jaye has been instrumental in guiding numerous organizations through their zero-trust journey, enabling them to thrive in the ever-evolving digital landscape. Jaye's passion lies in collaborating with enterprises, assisting them in their strategic pursuit of zero trust. He takes pride in leveraging his real-world experience to address critical issues and challenges faced by these businesses. Beyond his professional pursuits, Jaye co-founded the SSE Forum and co-hosts its popular podcast called 'The Edge.' This platform allows him to engage with a broader audience, fostering meaningful discussions on industry trends and innovations. In his leisure time, Jaye indulges in his passions for motor racing, savoring delectable cuisine, and exploring the wonders of the world through his travels.
