Extending the Perimeter

There are many articles covering ‘the borderless enterprise’ / de-perimeterisation and how the firewall and network perimeter are dead.  For the vast majority of enterprises I fundamentally disagree with this premise.

Most companies have and will continue to have a relatively well defined ‘core’.  This may anything from physical servers in a data centre they own through to a completely ‘virtual’ data centre in a public cloud.  What they all have in common is a set of servers / services and the associated business data that they really care about protect and have enforced rules around what and how things can connect to them.

Even in the supposedly de-perimeterised world of mobile and byod etc. the reality is that most business services will have rules around how they are connected to.  This can range from basic stateful rules that just define the network addresses, ports and protocols that are permitted but don’t do anything to interrogate the traffic that matches these basic rules, through to fully application aware Next Gen Firewalls and Web Application Firewalls that decrypt and inspect the application traffic.

I may to a further post on the subject of ‘the borderless network (or lack thereof)’ at a later date, but now I have outlined my position, that isn’t the main topic of this post.

Currently we have a situation where many companies / organisations have relatively secure, monitored and access controlled core systems that house that the bulk of their data and systems.  However how many organisations consider the security of the devices, browsers and apps that connect to them?

For me this is a clear gap in the majority of organisations security posture!

How many attacks come from compromised devices / browsers / apps connecting to organisations networks?  How much fraud occurs due to compromised end user systems that could be prevented if the compromised systems were detected?  How many attacks or fraud from malicious users could be spotted if the malicious use of the application or malicious tools being used could be alerted on? …

Considering organisations whose customers run their business through mobile or web applications how much more engaged would you be with your customers if you could alert them that their system or application / browser may be compromised?

For these examples, plus some further thoughts I’m currently investigating various ways we can monitor in real time the condition of any web browsers or mobile applications that connect to an organisations web facing systems.  These solutions involve inserting code into web pages that analyses / interrogates browsers, and code in mobile applications that analyses / interrogates the application and mobile device.  They also have various other features such as checksumming the code / application, using PKI for in app / browser encryption, and device fingerprinting.

I think solving this transparently to the end user will drive security insights, improve an organisations security posture and potentially enable closer ties to and trust from customers.

These solutions when linked to some of the current trends in authentication such as geolocation and behaviour analytics can be combined to provide security analytics of a quality far above that which is usually available.

What do you think?

Feel free to contact me via this blog if you’d like to discuss this further or share your thoughts on the security of devices connecting to your organisation.