Start

Reliably ward off hackers

Reliably ward off hackers

The internet is increasingly becoming a war zone: digital attackers are using software as weapons. Robust measures are needed to reliably fend off hackers and protect sensitive company data. Ransomware, phishing, viruses and other digital malware are hitting SMEs and large corporations with full force. No company seems to be adequately prepared, no sector is safe. Whether industrial manufacturers, automotive suppliers, retail logistics companies or shoe manufacturers - Germany's economy is suffering from growing cybercrime and appears to be at the mercy of hackers. Effective and practicable solutions are required. But protection, effort and costs must be in proportion, because the world keeps turning and requires unbroken offensive forces in the core business in order to continue to secure prosperity and social peace. As a specialist in the automation of business processes, we offer a solution that is not only effective, but also offers SMEs in particular a way out with reasonable effort and costs and provides effective protection against potential hacker attacks.

When it comes to cyber security, everyone thinks of virus scanners and firewalls first. These two foundations of a company's IT infrastructure are used almost everywhere. That is good and right. However, two fundamental changes are undermining this architecture of the 1990s: mobile working and modern cloud services. Ownership and control of end devices, systems and software has slipped away from the corporate customer. If a CIO pursues a cloud-first strategy with one or more hyperscalers such as AWS, Azure, Google, SAP and Oracle or relies on popular software-as-a-service services such as Salesforce, ServiceNow or Jira/Confluence, they no longer have any control over the details of these services. His company becomes a consumer with predetermined options for exerting influence. In essence, the manufacturer takes and retains control. This starts with the hardware and software components used and ends with data security.

Hacker defense in the cloud - an illusion?

We don't want to problematize this development, as cloud services and software-as-a-service offer huge advantages.

They scale better, are maintained centrally by the manufacturer, are generally much more stable and achieve efficiency benefits in terms of certifications, legal requirements and geographical (high) availability.

However, cloud solutions require a completely different approach in order to reliably fend off hackers. The same applies to the work of digital nomads, employees working from home and the increasingly dense network of international service providers.

Their infrastructure is diverse, outside the sphere of influence of the client or employer and subject to constant change: Today the Wifi from McDonalds, tomorrow the private notebook instead of the company device. Rigid security concepts consisting of user certificates, permanently installed VPN software or tightly meshed IP access areas not only affect the mood of employees but also their productivity. Not good news for the CFO and the owners or investors.

Effective strategies to reliably fend off hackers

Are we lost? Not at all! Where problems arise, solutions emerge. If the cloud and mobile working were a zero-sum game and all their advantages were lost due to the security loopholes they may open up, then mankind would have opened Pandora's box for the first time. Let us therefore turn away from Greek mythology and towards the solution.

First of all, we need to bear in mind three principles that are part of an effective cybersecurity solution, i.e. effective protection against possible hacker attacks. We are deliberately leaving out accompanying measures such as policies, security training or regular audits and scans. They undoubtedly have their justification and should receive our attention elsewhere.

1. e pluribus unum - the wisdom of the masses

Most modern security solutions use all available data to identify and combat threats(threads),vulnerabilities and securityincidents. Their "knowledge" is stored centrally, kept up to date centrally and used centrally. Regardless of whether Zero Trust Network Access (ZTNA) or Cloud Access Security Broker (CASB) or Secure Access Service Edge (SASE) or Extended Detection and Response (XDR) solutions are used, they are all based on the principle of ubiquitous access to information about cyber threats and the more or less centralized implementation of a defense strategy, see footnotes 1 to 4 below. Palo Alto, for example, successfully used this approach in its firewall solutions years ago, before the terms mentioned above were even invented.

Consequently, not only the "problem" but also the solution comes from the cloud.

2. user and end device

Centrally managed devices down to the smallest detail are a productivity and innovation inhibitor. If a user cannot install any software on their device due to strict security guidelines, their only hope is for omniscient and user-oriented end device management by the employer or customer. We do not want to speculate about the costs of such a project. The software required, knowledgeable IT administrators, a powerful helpdesk and the opportunity costs of resigning employees are not an overly attractive alternative solution, even if many companies try to do this more badly than well: It all depends on how far you can restrict your users. There are limits to this.

In order for the above-mentioned cloud algorithms to identify and defend against cyber threats, they must be integrated into the data flow of all end devices. This is usually ensured by installing end device software, which then routes the data flow via the ZTNA, CASB, SASE etc. platforms. platforms. However, the end device software does not have its own logic and does not need to be constantly updated. It merely directs the data traffic to the cloud-based security platform and can therefore ward off hacker attacks in a targeted manner.

But what do those users do on whose end devices it is not possible or desirable to install such a client? The solution here is to link the cloud services used, such as Salesforce or Jira, with the cloud-based security solution. A so-called reverse proxy service is used, which scans the data streams of the cloud services and detects threats from hackers at runtime. Of course, each cloud service must be connected to the cloud-based security solution. In the same way, access to the cloud services can be restricted so that each user must authenticate themselves via a predefined service (e.g. Active Directory, Google SSO, Okta).

Data loss prevention (DLP) measures can also be implemented, minimizing the risk of unintentional data loss. Security is provided by the cloud and not by the end device. Complex and difficult-to-maintain firewall architectures can be avoided in this way.

In essence, the rigid protection of an infrastructure tied to locations is shifted to the combination of user and application. These two can then be flexibly adapted and expanded. The infrastructure is no longer the decisive criterion for who is "in" or "out". Cloud services are on an equal footing with on-premise services.

Companies must act proactively in order to reliably fend off hackers. A comprehensive security strategy is essential.

 

Effectiveness thanks to automation

So far so good. Is that all? No! So far, we have described the basics of an effective cybersecurity architecture. However, this in itself is not enough to master the changing threats. Rather, well-considered measures must ultimately be taken that are effective without having been restricted across the board beforehand. This is where security automation comes into play: Security Information and Event Management (SIEM) and Security Orchestration and Response (SOAR) are the key concepts that need to be harmonized - by automating the underlying processes. You can see an example in the following screenshot.

SIEM

SIEM platforms such as Splunk, Sumo Logic, Datadog, Logit and many more help to collect, aggregate and interpret data from the security solutions described above. They are essentially databases with corresponding analysis functions that actively inform security teams or Security Operations Centers (SOC) about threats.

 

SOAR

SOAR platforms receive this (threat) data from SIEM solutions and carry out further measures. They further qualify and enrich the information, use cloud services to assess it and contain attacks by making changes to the configuration of the security solutions or by excluding the affected end devices or users. They are the actuators in an effective security concept.

 

Orchestration makes the difference

So you need a SIEM platform and a SOAR platform, preferably from the same provider, and all is well? Yes, in very simple and standardized system landscapes this may be sufficient. But not in the complex reality of many companies. This is where SOAR solutions are needed that orchestrate entire action processes between several systems in order to implement the right decisions on a case-by-case basis. Good SOAR is a question of automation in the security environment, analogous to the automation of business processes.

A simple "if-then" process is no longer sufficient; instead, the data from users, attackers, affected systems or applications and possible causes must be interpreted and orchestrated with the help of well thought-out process steps so that a minimally invasive but effective solution can be found. The more data flows in a company, the more important it is to automate these data flows. They cannot be managed with human intervention in a sufficiently timely manner and with the necessary quality. Or do you want the attack to get out of hand until your security team or IT administration have understood the problem and devised a solution?

Successful companies need an intelligent and modern security solution that works as automatically as possible in order to reliably fend off hackers in a timely, effective and targeted manner. These solutions must fit into the budget and available resources - from small businesses to large corporations. Not every medium-sized company can afford a SOC, and not every corporation can find the competent employees for this task on the market.

An experienced Managed Security Service Partner is a smart move to ensure the necessary technical know-how, the desired advice and stringent implementation in regular operations. This allows companies to focus on their core business even in turbulent times, knowing that their resources are effectively protected.

About Business Automatica

Business Automatica reduces process costs by automating manual activities, increases the quality of data exchange in complex system architectures and connects on-premise systems with modern cloud and SaaS architectures. Business Automatica also offers automation solutions from the cloud that are geared towards cyber security.

In-depth studies: