{"id":59720,"date":"2014-05-15T22:11:01","date_gmt":"2014-05-16T02:11:01","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-08-25T21:35:06","modified_gmt":"2021-08-26T01:35:06","slug":"is-the-perimeter-dead","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/is-the-perimeter-dead\/","title":{"rendered":"Is The Perimeter Dead?"},"content":{"rendered":"

\"Is<\/a>Even while mobile, cloud, and software services are blurring the lines of corporate IT boundaries through deperimeterization<\/strong>, DarkReading<\/em><\/a> recently asked<\/a> out loud, if the perimeter is dead.<\/p>\n

\"it's<\/a>There are those who believe enterprises are wasting their security budget on perimeter protection<\/strong>. In fact, FierceTelecom<\/a><\/em>\u00a0reports<\/a> that 57% of enterprises responding to a survey said they plan to spend $500,000 or more in 2014 to upgrade their firewalls to high-speed network interfaces. Security is the chief reason cited.<\/p>\n

The perimeter is dead<\/h3>\n

It is no surprise that the answers varied according to the author. Hardliners have been hammering on the death of the perimeter<\/strong> for a long time now. “Perimeter security is no longer relevant to enterprises. With the mobilization of the workforce, it’s very hard to define the perimeter of any organization because mobile-enabled employees are connecting to the network from all over the world on devices of their choosing,<\/em>” Thevi Sundaralingam, vice president of product management at Accellion<\/a> told DarkReading<\/em>. “Next-gen security needs to focus keeping content safe, not on defining a network perimeter<\/em>.”<\/p>\n

People are giving up on the perimeter<\/h3>\n

Then there are the cynical abandoners<\/strong>. “In my opinion, <\/em>perimeter security<\/a><\/em> is not dead — it just has been handled incorrectly for so long people are giving up<\/em>,” Alex Chaveriat, a consultant at SystemExpert<\/a> told the blog.<\/p>\n

\"Network<\/a>But others believe perimeter protection still has plenty of relevance<\/strong> for enterprise IT, even if it means rethinking the role of the perimeter and how these defenses are deployed. Corey Nachreiner<\/a>, director of security strategy for WatchGuard<\/a> (a firm that sells firewalls) believes the perimeter is different but still relevant.<\/p>\n

T<\/em>he perimeter will never die, it will just get more focused … Sure, our workforce is getter (sic) more mobile, which means we need to incorporate new security solutions. But let’s not fool ourselves. The perimeter will never go away.<\/em><\/p>\n

The perimeter is different<\/h3>\n

\"\"<\/a>WatchGuard’s Nachreiner believes that the new perimeter needs to focus on server infrastructure and data centers, and not endpoint users. He believes firms will have to work in a hybrid environment that bolsters the perimeter not replacing it. “Just because people are using mobile devices and <\/em>cloud services doesn’t mean they won’t still have local servers and assets behind a relatively static perimeter.<\/em>”<\/p>\n

Another argument for perimeter defenses, according to the author is network egress monitoring<\/strong>. Michael Patterson<\/a>, CEO of Plixer International<\/a> told the author that egress visibility is crucial to pinpoint large-scale breaches.<\/p>\n

Ultimately, the bad guys need to pass through the perimeter in order to complete the exfiltration of the data they are trying to steal … Monitoring behaviors is playing a significant role in this area as is the reputation of the site being connected to.\u00a0<\/em><\/p>\n

The perimeter is growing<\/h3>\n

\"exfiltration<\/a>CEO Patterson also explains that perimeter defense doesn’t necessarily have to be placed at the edge. He told DarkReading<\/em> it may have more relevance inside the network to watch and block threats within the organization. It’s for this reason that Mike Lloyd, CTO<\/a> of RedSeal Networks<\/a>, says that rather than dying, the perimeter has actually grown in recent years. In the article he says;<\/p>\n

Companies have more and more perimeters that are getting smaller and smaller … Regulation drives it: PCI demands internal “zones” of segregation. BYOD<\/a> drives it: Once you let zany uncontrolled endpoint devices onto your network, you have to build zones to keep them away from internal assets. Security drives it: We’ve talked about defense in-depth for years, but people are finally doing it.<\/em><\/p>\n

As a result, RedSeal’s Lloyd says, security practitioners, have more opportunities for controls. This, though, can be a blessing and a curse. The downside is complexity, more controls in more places … The aspirin for that headache is automation. Make sure that all the enclaves you designed are actually set up and maintained properly as change happens.<\/p>\n

rb-<\/em><\/strong>
\nThe last time I\u00a0re-designed a network, we put a Checkpoint<\/a>\u00a0(CHKP<\/a>) firewall in front the of server segment. We dropped it in, in transparent mode to collect the who, what, when, and why of people accessing data you should have heard the howls of protest. <\/em><\/p>\n

Despite naysayers, many security experts believe perimeter defenses have relevance when deployed as a part of defense-in-depth.<\/em><\/p>\n

Related articles<\/strong><\/p>\n