With the rise of various technologies, security is needed more than ever. But before understanding today's complex security measures, let's take a look on how all of these evolved over time, and what challenges were faced.
Cloud Security
Earlier, organisations and companies used their own servers to run their application software. These servers were located and managed in-house.This setup was expensive and led to increased capital cost of computer hardware and labor cost of administrators. At the same time, it was observed that most in-house systems were idle, leading to a lot of wasted resources. These problems gave rise to Virtualization. It reduced the number of servers and helped save money. Now, there was no need to purchase different hardware configuration systems for different applications; instead a pool of general hardware resources was used to run virtualized applications. Virtualization further led to renting out of infrastructure by third parties (IaaS).
It is the responsibility of the vendor to secure the infrastructure it provides. However, the customer is responsible for the securing the access, network traffic and the data for the hosted applications. Now, the problem was that these security measures were basic and easy to bypass. Secondly, hybrid hosting caused a much greater threat in a multi-cloud environment. The solution is to deploy a cloud security service from a trusted provider.
Endpoint
Endpoints are the devices(mobiles,laptops,etc) that hold valuable data. Nowadays, they may not even require user interaction (such as CCTVs). Undoubtedly, they are a target for hackers.
Earlier, endpoint security comprised only of anti viruses, that used the signature matching mechanism to scan viruses. Not to mention that viruses were easily spread across through floppy disks back then. As the number and complexity of malware increased over time, it became necessary to develop new detection methods. Today, artificial intelligence and machine learning contribute to the modern methods of detecting malware. Other modern solutions include sandboxing, web filtering and user behavior analysis.
Firewall
Initially, firewalls performed packet filtering by examining the source and destination network addresses, the protocol and port numbers. This filtering was done on the basis of predefined set of rules. If the packet did not match the rule, it was either dropped or blocked with a notification to the sender. Now, the problem here was that this criteria was not sufficient to block malicious traffic. When it comes to higher level protocols such as HTTP, other criteria may be needed to filter the packets.
Then came the Second Gen Firewalls (aka Stateful Firewalls). They used to make or break the connection by examining the endpoint conversation.
However, one issue still remain unsolved. Application layer filtering was necessary because protocols like HTTP has various functions of the applications inside them, it was difficult to differentiate. To resolve this issue, various set of services such as VPN, IPS and web filtering were developed. But again, these standalone services needed to be integrated into a UTM (Unified Threat Management) that is widely used in organisation's today.
Network Access Control (NAC)
Earlier, authentication to a LAN or wireless devices was done either by credentials, or by captive portals. Then with the increased usage of handheld wireless devices, BYOD (Bring your own device) policy became popular. The common thing about all these devices were that they had and agent for authentication. But when IoT devices came into picture, it became a threat because it was hard to keep track of what all devices are connected in the network and what data they are gathering. The solution to this was NAC. NAC allows access to network resources based on their function, minimizing the damage. This way, even if the device gets compromised, it quarantines the contagion to one portion of the network. When NAC is integrated in the security framework, it notifies the SOC when a breach is detected.
Reference:
Fortinet NSE 2 course
Cloud Security
Earlier, organisations and companies used their own servers to run their application software. These servers were located and managed in-house.This setup was expensive and led to increased capital cost of computer hardware and labor cost of administrators. At the same time, it was observed that most in-house systems were idle, leading to a lot of wasted resources. These problems gave rise to Virtualization. It reduced the number of servers and helped save money. Now, there was no need to purchase different hardware configuration systems for different applications; instead a pool of general hardware resources was used to run virtualized applications. Virtualization further led to renting out of infrastructure by third parties (IaaS).
It is the responsibility of the vendor to secure the infrastructure it provides. However, the customer is responsible for the securing the access, network traffic and the data for the hosted applications. Now, the problem was that these security measures were basic and easy to bypass. Secondly, hybrid hosting caused a much greater threat in a multi-cloud environment. The solution is to deploy a cloud security service from a trusted provider.
Endpoint
Endpoints are the devices(mobiles,laptops,etc) that hold valuable data. Nowadays, they may not even require user interaction (such as CCTVs). Undoubtedly, they are a target for hackers.
Earlier, endpoint security comprised only of anti viruses, that used the signature matching mechanism to scan viruses. Not to mention that viruses were easily spread across through floppy disks back then. As the number and complexity of malware increased over time, it became necessary to develop new detection methods. Today, artificial intelligence and machine learning contribute to the modern methods of detecting malware. Other modern solutions include sandboxing, web filtering and user behavior analysis.
Firewall
Initially, firewalls performed packet filtering by examining the source and destination network addresses, the protocol and port numbers. This filtering was done on the basis of predefined set of rules. If the packet did not match the rule, it was either dropped or blocked with a notification to the sender. Now, the problem here was that this criteria was not sufficient to block malicious traffic. When it comes to higher level protocols such as HTTP, other criteria may be needed to filter the packets.
Then came the Second Gen Firewalls (aka Stateful Firewalls). They used to make or break the connection by examining the endpoint conversation.
However, one issue still remain unsolved. Application layer filtering was necessary because protocols like HTTP has various functions of the applications inside them, it was difficult to differentiate. To resolve this issue, various set of services such as VPN, IPS and web filtering were developed. But again, these standalone services needed to be integrated into a UTM (Unified Threat Management) that is widely used in organisation's today.
Network Access Control (NAC)
Earlier, authentication to a LAN or wireless devices was done either by credentials, or by captive portals. Then with the increased usage of handheld wireless devices, BYOD (Bring your own device) policy became popular. The common thing about all these devices were that they had and agent for authentication. But when IoT devices came into picture, it became a threat because it was hard to keep track of what all devices are connected in the network and what data they are gathering. The solution to this was NAC. NAC allows access to network resources based on their function, minimizing the damage. This way, even if the device gets compromised, it quarantines the contagion to one portion of the network. When NAC is integrated in the security framework, it notifies the SOC when a breach is detected.
Reference:
Fortinet NSE 2 course