2020年のオーストラリア政府資産の確保:パート2

国の王冠の宝石を確保するための代替案を検討する

義務違反通知法はオーストラリアで導入されたばかりで、ニュージーランドでは今年末までに施行される予定ですが、侵入者は定期的に機密データにアクセスし、公共の安全、金融、国家安全保障の主要な任務に影響を与えています。また、政治キャンペーンでデータを操作し、研究機関のデータを変更し、公衆衛生の安全保障に影響を与え続けています。

In part one of this Securing Australian Government Assets series, we reviewed the recent findings of The Commonwealth Cyber Security Posture in 2019 report and the government’s announcements regarding increased attacks targeting Australia government agencies and enterprises.

A key element of those findings describes that whilst improvement is being made, we are still vulnerable to cyber offenses as a nation. There are existing tactical recommendations that focus on the types of threats recently seen, and long-standing advice around essential security disciplines that all non-corporate commonwealth entities should embed into their IT practices. However, planning beyond inevitable breaches and striving for Zero Trust under a holistic strategy to contain and prevent the damage of such events is paramount to limiting the exposure of personal, financial intellectual property and data in the national interest.

In response to the recent events, a government plan under the banner of “the best defence is offense,” designed to bolster the Australian Signals Directorate’s (ASD) ability to disrupt cyber criminals, has been announced. Recruitment and funding are earmarked to build offensive capabilities to go after cyber attackers offshore, as well as share intelligence about cyber activity to react in real time. But what can each agency or enterprise in Australia and New Zealand do to take proactive steps to limit the impact and spread of a breach so that reaction is left to examination rather than the panic associated with trying to stop the propagation?

We promote raising the priority of the Australian Cyber Security Centre (ACSC) recommended “excellent” but not yet “essential” practice of network segmentation that underpins the Zero Trust philosophy, to rethink the “keep the bad guys out, and detect them as quick as we can if they get in” paradigm to one of “the first system compromised should be the last”.

世界中のすべてのパッチ適用、多要素認証、インテリジェンス共有パートナーシップは、エッグシェルコンピューティングまたはネットワーキングモデルを維持し続け、被害を防ぐために事後対応型検出に頼っていれば、重要で機密性の高いインフラストラクチャに向けられた攻撃を止めることはできません。

Cirrus Networks’ Andrew Weir suggests that “As a defender, getting the basic mitigations right can save a lot of damage later on. As a stakeholder in your organization’s security you cannot afford to be complacent and should look at building coherent layers of ICT defense. Understanding how your applications work and minimizing the attack surface through segmentation significantly reduces the options and reach available to an attacker when they do manage to breach one layer of your defences.”

Microsegmentation is simply the application of the Zero Trust principle of “least privilege”, denying by default the machine-to-machine and application-to-application traffic inside a data centre (or the laptop to laptop, workstation to workstation traffic in client or employee space) that has not been explicitly authorized. Planning beyond a breach event changes the mindset to one of assuming that a breach will occur, but preventing the compromise of a system from spreading to any other. Put another way, practicing the principle of least privilege ensures that malicious malware or a bad actor accesses the least number of systems possible by applying the same approach to trust within our environment to outside it. The compromise stops with the first system it takes hold of, as it can’t spread anywhere else.

ファイアウォール、SDN、EDR、NAC などの従来の複雑でコストがかかり、インフラストラクチャに依存する方法からセグメンテーション テクノロジーが進化したことで、アプリケーションを分離して封じ込め、企業が支給する機器を保護することで、攻撃者を阻止または大幅に対抗することが可能になりました。

Not only did our recent report with Bishop Fox highlight the efficacy of microsegmentation as a security control, but it also uncovered forced changes in the behavior behind attack strategies that, without insider knowledge, may not be possible. Microsegmentation raised the resistance and detection levels to a degree that may mean less motivated parties would simply give up and divert attention to easier targets. The report also highlighted that the level of detection through an effective microsegmentation solution dramatically increases the efficiency of detection and incident response allowing for a “contain first, ask questions later” approach to keeping you away from the headlines.

Microsegmentation is no longer an emerging feature or niche solution available to only those large and mature enough. It should be considered a fundamental and essential capability for both networking agility and information security today. As Forrester, a leading advocate and definer of a Zero Trust framework states in The Forrester Wave™: Zero Trust eXtended (ZTX) Ecosystem Platform Providers, Q4 2019 report, “there’s now no excuse not to enable microsegmentation for any company or infrastructure. It’s no longer a question of whether you can do it.”

Cirrus NetworksのWeir氏はまた、DevSecOpsを促進し、シンプルさと自動化を推進するためのセキュリティソリューションの継続的な必要性を強調しました。これらの取り組みは、多くの場合、アプリケーション所有者から切り離されて行われるため、翻訳中の損失や構成ミスにより、アプリケーションのデプロイにコストと時間がかかります。情報セキュリティの専門家として、アプリケーションチームのために自動化されたスケーラブルなガードレールを構築し、デプロイ時にリアルタイムで使用できるようにする必要があります。デプロイパイプラインにセキュリティを効果的に組み込んでいる組織は、セキュリティ第一の考え方を持つ、より迅速で生産性の高いチームを目にするでしょう。」

企業のグローバルITインフラを数分でダウンさせるランサムウェアのような高速で非常に破壊的な攻撃の増加、サイバー犯罪者や国家からの政府機関への圧力と関心の高まりにより、あらゆる攻撃の拡散を封じ込める能力はこれ以上ないほど緊急であり、その機会はこれまで以上にアクセスしやすくなっています。

そこで、セキュリティチームが、悪者を締め出すのではなく、侵害を想定しながら、所有されることを大幅に困難にすることに、業務の成功を再集中して測定できるようにしましょう。

Ready to see the benefits of microsegmentation? Sign up for a free 30-day trial today.