If you want to protect your network, you first have to blow it up. That's one piece of fresh advice from Ed Amoroso, former AT&T chief security officer and now the head of his own cybersecurity firm, TAG Cyber. He's celebrating the first anniversary of that venture with three new reference volumes for the cybersecurity crowd, all offered for free, and a new three-word mantra for better network protection: Explode-Offload-Reload.
In an interview with Light Reading, Amoroso says that basic strategy has him feeling optimistic about the battle against what has seemed like an infinitely growing cybersecurity threat. It underlines the work in three free reference volumes, available today on the TAG Cyber LLC site. (See Amoroso Shares His Security Obsession.)
"I'm very optimistic and I have been pessimistic for years," he says. "But I think, with those three technologies -- distributing your network, virtualizing and take advantage of new advances, like advanced heuristics and machine learning -- I'm optimistic now."
The three basic tenets of Amoroso's strategy involve exploding or distributing the network, offloading or virtualizing everything when possible into the cloud, and reloading or updating the security technology in use. A security strategy built on this approach will serve to not only reduce the probability of cyber attacks but also greatly lessen their consequences, he says.
"You reduce the likelihood with more reloaded cybersecurity, but you also reduce the consequences of an attack by distributing the assets and resources, changing your network and being much more elusive," he says. "That's something you rarely hear but I think architectures should be more elusive and virtualization allows you to do that. So I'm really bullish."
Amoroso believes this approach makes it much more difficult for nation-state attackers, among others, to cause much harm "and in some cases, you may have made it impossible for them to do some of the things they do today," he says.
Exploding the network means moving away from the notion that every enterprise network has a perimeter to defend -- which is simply no longer the case, Amoroso explains.
"I have been out preaching this for a while and I think 2018 is the year we have to do this; it's time now to really accept that your infrastructure should be distributed into pieces," he says. "And I use the word explode, you should explode your infrastructure into a lot of different chunks. It's harder to attack, it's easier to embed into the cloud and frankly it makes for a better architecture, given the way modern business works, we all have third parties and partners and suppliers." (See AT&T Adds Virtual Layer of Security.)
Exploding the network eliminates the big single target and creates a multitude of much smaller targets, Amoroso says. In place of a large building, vulnerable to a truck bomb, there will now be a field of bricks. Targeting the bricks singly is still possible but there will be no cascading failures of the kind that exist today, he notes.
Offloading includes the virtualization piece of Amoroso's strategy. While there may be some exceptions, when possible, security should almost always be virtualized, he says. The advantage of virtualization is the speed at which things can be set up -- point-and-click firewalls, for example -- which means security layers can be added as and where they are needed, very rapidly without long hardware acquisition and deployment cycles. (See Amoroso: Act Now on Virtualizing Security.)
And while larger organizations may create their own private clouds for hosting virtualized security, "most people are going to rely on third parties," he notes, and that's the "offload part."
"Can you provide these services better than Amazon or Microsoft or other big players?" Amoroso askes. "Chances are pretty slim that you can do a better job than they can."
Finally, the Reload advice: The rise of advanced heuristics, machine learning and artificial intelligence makes this a good time to do a security technology refresh, he says.
"Because there are way-better security tools today, using machine learning, artificial intelligence, analytics and adaptive authentication -- all these wonderful techniques," Amoroso comments. "It's time now to get rid of all the tired old stuff you've had around for ten years and reload with all the new stuff."
Virtualization actually makes that easier because enterprises can try things out -- Amoroso calls it being "a little bit more promiscuous" -- and replace software much faster if something better comes along. "You can do it over the weekend, have the changes made by Monday," he says.
Read the books
All of the work in the TAG Cyber Security Annual "is predicated on those three assumptions: That the perimeter is not the way to go, hardware is not the way to go -- with exceptions -- and then use the new stuff," he says.
What's available on the TAG Cyber site starting today is three new volumes, all updates to what Amoroso launched a year ago, aimed as references for anyone engaged in the cybersecurity space. They include an updated first volume, which looks at 50 different cybersecurity controls, a second volume with hundreds of interviews of professionals in the field, and a third volume, Cyber Security Handbook and Reference Guide, updating the original list of players in the industry. Amoroso likens it to a "Barron's Guide" for the security field.
For the first volume, Amoroso looks at the 50 controls from three perspectives: historically, going back to the 90s; in their current state; and as they are expected to look ten to 15 years from now.
He concedes that not everyone will adopt or like his strategy -- those who fear the cloud or worry about virtualization are not likely to embrace Explode-Offload-Reload. Some of those companies, particularly those who keep trying to build taller, stronger perimeters, may become the low-hanging fruit for cyber criminals in the future.
— Carol Wilson, Editor-at-Large, Light Reading