Security Think Tank: Apply different techniques to safeguard against rogue code

Using a unified and simplified strategy, while combining a different set of tactics, is the name of the game when it comes to protecting and defending against rogue code on a corporate network. It is instrumental that different techniques are applied so that diverse tools and countermeasures safeguard critical assets – people and data, in that order – from emerging threats. And rogue code is a threat that is being used more and more.

When an organisation uses software-defined networking (SDN), it is capable of providing isolation and an architecture of several layers where security solutions can be applied. Of course, the – sometimes forgotten – discipline of monitoring each part of the network and infrastructure seems critical for success. It is mandatory – and mandated by laws such as the EU’s General Data Protection Regulation (GDPR) – to monitor what travels on the network (known as data-in-transit) so that a company can identify, prevent and protect from unwanted code at its core.

Software-defined networking, which is built on the benefits of virtualisation, is a fundamental part of a sound and robust strategy that will protect the different “rings” of a corporate network.

Containerisation – also built from the grounds of virtualisation – is a great approach for solidifying and providing a closed environment with the right software/code to run and nothing else. It enables a critical capability in security – integrity and authenticity.

A developer/security architect can build the right environment, with the right components – already tested and capable to run at its peak – and make sure that the in and out channels are safe, allowing communication to flow in the direction intended. Actually, modern containerisation is capable of providing self-healing features, which means that it moves from a preventative control to a corrective control that goes back to its original/to-be state in case something happens to it (rogue code running on it, for instance).

Encryption is a decades-old feature for cyber security, but even today, not everyone does it right – or even does it in any way, which is a tragedy. Some laws mandate encryption in every part of the network and there are solutions in the marketplace for encrypting basically everything – encryption for storage, for mobility, for clouds, for files and folders, for the network, and so on.

In fact, operating systems have encryption built within their code, and approaches such as data loss protection/data leak prevention (DLP) include it as one of the features to close the circle of protection.

Encryption has many forms and dimensions, one being tokenisation, a new “type” of encryption – or a derivative of it – that has no mathematical relationship with the original data and brings an additional layer of protection.

Needless to say, encryption these days is far more effective and efficient than in the old times, due to the fact that computing power is greater and “on-the-fly” encryption – transparent to the user with no impact on performance – is a reality. So there is no excuse for not encrypting data and, in some courts of law, the fact that the company/user had the data encrypted is considered as a mitigation strategy and, in a way, no (real) data has been leaked, in the case of a breach.

Finally, the combination of these three approaches, and others, is fundamental to make sure that no strange code, adversary programs or enemy apps are in the realm of the company. Now the perimeter has disappeared, a company’s digital universe has expanded and the termination points are so diverse – mobile devices, clouds, networks, datacentres, storage, and so on.

A sound security strategy is one that considers every angle and every dimension, enforces security every step of the way, monitoring and having full control and visibility of what is travelling through the network.