Image Credit: Thinkhubstudio/Getty
Were you struggling to attend Transform 2022? Have a look at all the summit sessions inside our on-demand library now! Watch here.
Protecting modern distributed networks, including web apps, software-as-a-service (SaaS) apps, privately hosted apps and resources and the devices used to gain access to web apps continues to elude enterprises, resulting in data breaches, ransomware attacks and much more.
Most tech stacks arent made to treat devices, personal identities and web access points as a security perimeter. Enterprises have to improve secure service access (SSA) by fast-tracking the adoption of the most recent answers to close gaps in network security and protect apps and the info they use.
SSA is more relevant than ever before since it presents how enterprises have to modify their cybersecurity tech stacks right into a single integrated platform, replacing multiple point products with a cloud security platform.
As enterprises turn to reduce their attack surface by reinforcing their security capabilities, theyre confronted with a confusing selection of alternatives. Although some vendors deliver an individual integrated platform offering end-to-end secure service access, others are repackaging existing point products, creating a common UI for multiple solutions, or riding the acronym bandwagon, Ivan McPhee, senior industry analyst at GigaOm, told VentureBeat. Decision-makers should look beyond the marketecture [an method of marketing to simplify an orgs creations of products, while holding to marketing requirements] to locate a robust, flexible and fully integrated solution that meets their organizations unique needs regardless of network architecture, cloud infrastructure or user location and device.
Every multipoint product in a cybersecurity tech stack is another point of failure, or worse, a way to obtain implicit trust cybercriminals can exploit and access apps and networks in hours. GigaOms new report (access thanks to Ericom Software) is really a comprehensive assessment of the SSA landscape and the vendors solutions.
Enterprises have to reorient tech stacks from being data center and edge-centric to concentrating on user identities, that they can perform by adopting SSA. Thats very good news for enterprises pursuing a zero-trust strategy based on seeing human and machine identities as their organizations security perimeter.
As attacks morph and new devices are onboarded at scale, organizations should search for SSA solutions incorporating AI/ML [artificial intelligence and machine learning] -powered security capabilities to detect and block sophisticated new threats in real-time with behavior-based, signatureless attack prevention and automated policy recommendations,McPhee said.
GigaOms report details how SSA is evolving to be cloud-native first, alongside layered security functions.
The look goal would be to meet organizations specific cybersecurity needs regardless of network architecture, cloud infrastructure, user location or device. GigaOm sees Cato Networks, Cloudflare, Ericom Software and ZScaler to be outperformers in SSA today, with each providing the core technologies for enabling a zero trust framework.
The speed of which vendors integrate point solutions or acquired functions to their SSA platforms varies considerably with smaller vendors often in a position to achieve this faster, McPhee said. As vendors make an effort to establish themselves as leaders in this space, search for people that have both a robust SSA platform and a clearly defined roadmap within the next 12-18 months.
McPhee continued, advising enterprises to now, accept your incumbent vendors solution. With the emergence of new entrants and exciting innovation, explore all of your options before developing a shortlist predicated on current and future features, integration-as-a-service capabilities and in-house skills.
The task of unmanaged devices
Probably the most challenging areas of access security for CISOs and CIOs may be the idea of bring-your-own-device (BYOD) and unmanaged devices (e.g., third-party contractors, consultants, etc.). Employees and contractors usage of personaldevices for professional activity is growing at record rates because of the pandemic and widespread acceptance of virtual workforces.
Furthermore, organizations are counting on contractors to fill positions which have previously been challenging to fill with full-time employees. Because of this, unmanaged devices proliferate in virtual workforces and across third-party consultants, creating more attack vectors.
The web result is that device endpoints, identities and threat surfaces are increasingly being created faster sufficient reason for greater complexity than enterprises will keep up with. Web applications and SaaS apps like enterprise resource planning (ERP) systems, collaboration platforms and virtual meetings are popular attack vectors, where cybercriminals first focus on breaching networks, launching ransomware and exfiltrating data.
Unfortunately, the original security controls enterprises depend on to handle these threats web application firewalls (WAFs) and reverse proxies are actually significantly less than effective in protecting data, networks and devices.
In the context of the security challenge, GigaOm highlighted Ericoms ZTEdge platforms web application isolation capability being an innovative method of addressing the problems with BYOD and unmanaged device access security.
How web application isolation works
Unlike traditional web application firewalls (WAF) that protect network perimeters, the net application isolation technique air gaps networks and apps from malware on user devices using remote browser isolation (RBI).
IT departments and cybersecurity teams use application isolation to use granular user-level policies to regulate which applications each user can access, how and which actions theyre permitted to perform on each app.
For instance, policies can control file upload/download permissions, malware scanning, DLP scanning, limiting cut-and-paste functions (clip-boarding) and limiting users capability to enter data into text fields. The perfect solution is also masks the applications attack surfaces from would-be attackers, delivering protection contrary to the OWASP Top 10 Web Application Security Risks.
Protecting web apps with zero trust
Streamlining tech stacks and removing point solutions that conflict collectively and leaving endpoints unprotected, especially users and contractors devices, must improve. GigaOms Radar on secure service access shows where and how leading providers bring greater innovation in to the market.
Of the numerous new developments of this type, web application isolation shows significant prospect of improving BYOD security with a simplified network-based approach that will require no on-device agents or software.
VentureBeat’s mission is usually to be an electronic town square for technical decision-makers to get understanding of transformative enterprise technology and transact. Find out more about membership.