Making security scale: Why you're probably not ready to secure mobile and cloud
- 26 February, 2015 15:32
The explosion of mobile devices may be creating new learning and business opportunities in large school and business environments, but without a suitably matched security platform those devices are opening up new vulnerabilities that will end up creating nothing but headaches for administrators.
That's the warning of David Wigley, who has worked with many of the largest organisations in Australia to bring high-grade content filtering and malware detection capabilities to school systems, Internet service providers and other large organisations that need to be able to apply security policies consistently at massive scale.
As CEO of a Canberra-based security developer, Wigley has helped grow the company from an Australian success story into a global security powerhouse with tools protecting more than 10 million seats globally; it branched into the US market a year ago and is seeing “phenomenal” growth in that market, he says.
Yet the company's biggest asset is its design: ContentKeeper was a pioneer in development of closed-loop collaborative filtering technology, which builds on bridge-based technology to rapidly assimilate crowdsourced security alerts to protect high-volume environments running multiple gigabits per second of aggregate data.
A key element of this success comes from the idea that content analysis and blocking needed to be able to analyse traffic on-network rather than diverting it through a separate gateway. This led to the bridge-based architecture that, Wigley says, has delivered the kind of scalable performance that gateway-based alternatives struggle to match.
“This approach gives you a 10:1 processing advantage as far as looking at packets flying past on a network,” he explains, noting that this early speed advantage has become even more important as the number and type of devices to manage has expanded in recent years.
That management has also become more difficult in mobile environments such as schools, where traditionally capable students have proved highly effective at circumventing protections built into their mobile devices. To ensure that acceptable levels of security are maintained in such environments, a more inescapable method of security – inspecting all incoming and outgoing traffic on the network regardless of its source – is becoming the preferred option.
“Mobility is driving the market,” Wigley says, “but most of the solutions out there can be disabled by educated users. Filtering becomes a bit of a joke, really. We're the only people that have a tamper-proof solution for iOS: it's critical that the kids can't take their devices home and change settings to do what they like.”
Securing the cloud
With cloud security now adding to the expanded demands of securing the mobile environment, the need for fast and unobtrusive filtering capabilities has only increased further.
Securing the flow of data to and between these domains, Wigley says, requires a unified defence mechanism that allows customers to maintain the same level of security protection no matter what device or service they are using.
“The future is a hybrid approach,” Wigley says. “Some will have mobile suites and some will use a cloud-based service. What customers really want is to wander from one environment to another seamlessly.”
Making that happen while preserving security, however, isn't without its share of complexity. Widespread use of cloud encryption, in particular, will cause challenges for security tools that cannot effectively scan the contents of encrypted packets traversing their filtering infrastructure.
Given that today's malware authors are better than ever at faking the digital certificates supporting secure communications – and that cloud providers like Google and Yahoo are rapidly mandating the use of SSL (Secure Sockets Layer) encryption – Wigley warns that access to this traffic is an essential capability for organisations to mount effective security defences.
“If someone wants to make new malware these days, the first thing they do is to go create an SSL tunnel,” he explains. “This lets them establish tunnels and send stuff straight to your desktops. If your security software isn't looking inside those tunnels, you can't see what's going on. The more SSL you have on the network, the bigger the blind spot.”
Sandboxing technology offers another layer of protection, allowing the security perimeter to contain detected threats in a protected environment where the behaviour of malware can be both controlled and analysed. Also important in the mix are “sensible” policies such as restricting direct access to external systems.
Given that there are now so many modes by which organisations can be attacked, companies without a single, unified, overarching defence may find themselves struggling to keep up with the rapidly growing and changing malware threat.
And while a highly-scalable security architecture can help even the biggest organisation keep up with ever-bigger data transfers, Wigley concedes that maintaining an effective security barrier is an unending process. “Nobody has the full answer yet,” he says.
“It's a matter of using as many techniques as you can. Effectively, you're just building walls. And the more techniques you use, the higher the wall is and the harder it is to get in. You can't cover every single thing in this area – but you can do a pretty good job.”