E-Book | Infrastructure Monitoring 101: The Power to Predict and Prevent
What are the different levels of infrastructure security?
There is no universal definition of the various levels or categories of infrastructure security, but in the enterprise, one common way to look at security includes securing the following four levels:
- Physical Level: Infrastructure needs physical protection in the form of locked doors, fences, backup generators, security cameras and the like. Failover plans that locate backup equipment in another part of the world are also a part of a physical security strategy.
- Network Level: At its core, network security protects data as it travels into, out of and across the network. This includes traffic encryption, whether it is on-premises or in the cloud, proper firewall management and the use of authentication and authorization systems.
- Application Level: Security also needs to be considered at the application level. This includes protection of databases against attacks such as SQL injections as well as the hardening of other applications against unauthorized use or malicious exploits.
- Data Level: At the lowest level of infrastructure security, data protection must be considered, no matter where or how it is stored. This includes data encryption, backups and anonymization tactics where they are appropriate.
Why is infrastructure security important?
Infrastructure security, which includes critical infrastructure security, is critical both for preventing damage to technology assets and data due to attack or disaster. It’s also necessary for minimizing the amount of damage in the event of a successful attack or if a disaster occurs. Similarly, the primary goal of infrastructure security is to lower the overall risk level that the organization faces, which in turn minimizes the chance of a significant operational disruption and/or financial impact to the business.
Today’s enterprise has IT infrastructure that is far more complex than ever before, which typically includes both on-premises and cloud-based systems; company-owned and employee-owned devices (including laptops and smartphones); and even Internet of Things (IoT) devices such as cameras and industrial sensors. Many of these devices were never designed with security in mind or have had a patchwork of security fixes applied to them after the fact. Ultimately, the duty to secure all of these systems falls on the managing organization.
Infrastructure stands at the core of every business’s technology operations, and as such, infrastructure security is the lynchpin of their overall security strategy. It is perhaps easiest to think of infrastructure security as the master security plan for the organization, underpinning tactical strategies and everything else that is developed around it.
What is network infrastructure security?
In most enterprises, network-level infrastructure security consumes the bulk of resources in an infrastructure security program. The network level is generally considered the largest and most vulnerable of the enterprise when it comes to security risk, and as such there are an abundance of available tools for protecting the network level than at other levels.
Network infrastructure is complex because it is typically composed of a vast number of hardware and software components. These include physical devices such as routers, switches, servers, wireless access points and even cabling. Vulnerabilities, however, are primarily attributed to the software and firmware that operate the network infrastructure, including server operating systems, network management, network communications systems, firewalls and other security application configurations, and routing software.
It is in the network infrastructure where the enterprise must maintain the highest level of diligence. Administrators must apply patches when they are released, double-check configurations to ensure they are correct, and develop and adhere to policies to ensure the network is kept as secure as possible.
The function of network infrastructure security is to mitigate all of the above issues. Network infrastructure security is designed to monitor hardware and software, to protect the network infrastructure against malicious attacks, to enforce access control rules and to ensure that only authorized users are able to use network resources, to detect and remove malware, and to provide secure channels — such as a virtual private network (VPN) — for remote users.
What is cloud infrastructure security?
Cloud infrastructure security, as the name implies, involves the protection of assets based in the cloud. Rather than existing as one of the distinct levels of infrastructure security outlined above, cloud infrastructure security spans a multitude of security levels, including the network, application and data levels. Only the physical security level, by definition, is exempted.
Cloud infrastructure security can be complex because many organizations fail to properly understand where the provider’s responsibility ends and their own responsibility begins. In general, many cloud providers are responsible for security “of” the cloud, meaning that they must ensure cloud infrastructure — which incorporates security of storage, compute and network layers — is inherently secure and reliable. Cloud providers outline these responsibilities in great detail in their terms of service, yet these environments are often so nebulous that confusion about who is responsible for what often persists — especially if an attack is detected.
While responsibilities vary from one provider to another, in general, the customer is always responsible for a number of cloud security tasks, including user management and access control, data encryption in the cloud, proper configuration of vendor-provided security tools, and adherence to relevant privacy laws.
With the rapid growth of the cloud, cloud security is of critical importance — largely due to the rise in attacks against cloud infrastructure. But securing cloud infrastructure is difficult for many reasons: an increase in the size of the attack surface, a lack of complete visibility into how cloud services are operating during runtime, the dynamic and often temporary nature of cloud-based workloads, and the general complexity of a cloud environment, particularly when multiple cloud services are involved.
What are common infrastructure security threats?
Some of the most common infrastructure security threats in the market today include:
- Phishing: Phishing remains one of the most pervasive and damaging threats to individuals and enterprises alike, growing in both quantity and complexity while no longer easy to detect. The goal of phishing attacks, however, remains the same: to separate users from their login credentials, which attackers then use to access corporate resources, steal funds or intellectual property, or wreak havoc on the enterprise. Phishing attacks skyrocketed throughout the pandemic, ranging from COVID-19 relief scams and impersonating the CDC, to the lure of small business loans and tax extensions.
- Ransomware: This type of attack involves malware installed on the corporate network, which then encrypts targeted data and is held for ransom by the attacker. If the ransom is not paid, attackers will prevent the victim from accessing their files. Even if the ransom is paid, there is no guarantee that system functionality will be restored. Ransomware attacks are becoming more common and widespread; in June 2021 a ransomware attack crippled the networks of hundreds of businesses by targeting a software supplier and using it as a conduit to spread through cloud-service providers.
- Botnets: Botnets have historically been used to launch distributed denial of service (DDoS) attacks. In more recent years, botnets have been used for surreptitiously mining cryptocurrencies, as well as targeting IoT infrastructure. Enterprises that have fallen victim to this type of attack are often unaware that their resources are being exploited, sometimes for years. Cloud-based resources are particularly vulnerable to botnet attacks.
- Physical theft: It doesn’t matter how secure your infrastructure is from cyber threats if it is not effectively protected by physical barriers such as locked doors, fences, alarm systems and security guards. To that end, a stolen laptop belonging to a medical facility exposed and potentially compromised the personal information and health data of 650,000 patients.
What are the benefits of infrastructure security?
Naturally, the biggest benefit of infrastructure security is simply that it protects all of your business’s technology assets from attack. For most enterprises, infrastructure security is the first line of defense against cyberattacks or other types of exploits. Infrastructure security protects both the hardware and the software on the network from attack, as well as its users and its data.
Implementing infrastructure security offers numerous benefits to the enterprise. It protects data from being stolen or otherwise compromised and minimizes financial risk incurred with steep fines. As privacy legislation continues to expand, infrastructure security plays a key role in ensuring compliance with rules that mandate consumer information be kept safe from attack.
Infrastructure security also plays an important role by minimizing the risk of damage due to user carelessness. Most malware doesn’t end up on the corporate network because an internal user intentionally put it there (although insider attacks like these do happen); more often it happens because a user unthinkingly clicks on an email attachment or a malicious link. Infrastructure security systems and protocols help to mitigate risk when these mistakes inevitably occur.
Can you protect infrastructure with cybersecurity solutions?
Cybersecurity, or IT security, solutions are the key tools used to protect infrastructure. It is not a question of whether you can protect your infrastructure with cybersecurity solutions; rather, it's a question of how you best protect your infrastructure with them.
Cybersecurity solutions can be used to ensure access is granted only to authorized users, prevent malware from successfully being installed on infrastructure devices, assess the overall security of the network (including the use of penetration testing to simulate an attack), and encrypt data in transit and at rest to protect it in the event of a successful attack.
Put together, all of these solutions provide the building blocks of a strong infrastructure protection program.
What is national infrastructure security?
On a national scale, infrastructure security takes on a whole new dimension that is far more complex than at the enterprise level. National infrastructure, which is often referred to as critical infrastructure, includes both physical and electronic systems, networks, data and digital assets that underpin society. National infrastructure also includes the internet itself, roadways and railways, pipelines and power plants, bridges and tunnels, drinking water systems, and a variety of physical structures. Even non-terrestrial systems, such as GPS satellites, are included.
Critical infrastructure security falls under the purview of the Department of Homeland Security. In 2013, government officials developed a broad strategy dubbed the National Infrastructure Protection Plan (NIPP) to secure these sectors. The plan’s stated goals include assessing and analyzing threats and informing risk management activities; securing critical infrastructure against a variety of threats and reducing risk; enhancing infrastructure resilience through advanced planning and mitigation efforts; sharing information across the infrastructure community; and the promotion of learning and adaptation during and after these incidents.
The security of national technology assets is just one of the critical infrastructure sectors that the NIPP is designed to protect. The Cybersecurity and Infrastructure Security Convergence Action Guide outlines a converged plan to protect both cyber and physical assets, connecting internet security to the physical protection of healthcare, transportation, energy and industrial control systems. In the wake of incidents such as the May 2021 Colonial Pipeline ransomware attack, which shut down 45% of the petroleum supply to the East Coast, it is easy to see why this type of physical cybersecurity is increasingly critical.
What are some of the best techniques to secure infrastructure?
There are a number of recommended best practices that should be incorporated into an organization's security policies that protect infrastructure, including:
- Pay careful attention to password security: All logins must be protected by strong passwords (i.e. long passwords that use a hard-to-remember combination of uppercase and lowercase letters, numbers and symbols, passwords that don’t spell a word, etc..) as well as two-factor authentication when possible.
- Audit user permissions frequently: To avoid unauthorized access, remove permissions to services when users no longer need them as well as immediately when they leave the organization.
- Apply patches regularly: Patches should generally be installed the day they are released, particularly if they include a security fix.
- Ensure internet-based assets use secure protocols like Secure Shell (SSH) and Secure Socket Layer (SSL): These protocols provide a secure channel for communication, even over an insecure network.
- Remove unused services and software: These idle but active systems can create an unnecessary security risk. This is part of the process known as network hardening.
- Ensure firewalls are properly configured: A misconfigured firewall is just as dangerous as having no firewall at all.
- Ensure code adheres to secure development practices: Frameworks such as DevSecOps can be useful in instilling a security-focused mindset within the development team.
- Rely on encryption wherever possible: Encrypted files are largely useless to attackers who successfully enter the system but don’t hold the keys.
- Regularly backup all systems: Offsite backups are the best defense against ransomware attacks.
- Stress-test systems regularly: Run security scans and penetration tests to hunt down vulnerabilities.
What are the different types of infrastructure security solutions?
To protect your infrastructure data, consider implementing these types of tools and security controls to protect the business’s infrastructure, including:
- Firewall: This is the first line of defense against all manner of threats, preventing malicious traffic from ever accessing your internal networks.
- Antivirus or antimalware systems: Malware is introduced into the enterprise through a number of means. Antimalware systems scan email messages, web traffic and hardware devices to ensure that they are not infected.
- Penetration testing and network vulnerability analysis tools: These types of tools are set to run periodically — or continuously — constantly scanning the network for potential security problems.
- Intrusion detection system: An intrusion detection tool monitors the network in real time, watching for behavior that is out of the ordinary or that indicates an attacker has breached the infrastructure.
- Authentication software: Authentication software monitors the behavior of users with network access. AI detects unusual activity that may imply a user’s credentials have been compromised.
- Password auditing tools: Passwords should be regularly audited to ensure that users are not relying on insecure or hackable login credentials.
- Encryption tools: Encrypted data has limited to no value to attackers, providing an extra layer of protection to your organization in the event of an attack.
- SIEM tools: Security information and event management (SIEM) tools automate much of the grunt work of monitoring infrastructure security and provide a real-time analysis of the security alerts generated by various applications in the enterprise.
E-Book | Infrastructure Monitoring 101: The Power to Predict and Prevent
The Bottom Line: Securing the enterprise starts with securing infrastructure
Attackers have long targeted infrastructure because it represents a potential gold mine for their efforts. Unfortunately, because of its expansive size and complexity, it also presents a challenge for security operations teams to secure. With the rise of IoT devices and the proliferation of cloud services, the typical enterprise now finds itself with a daunting attack surface that is increasingly vulnerable to both organized attackers and the threat of natural disaster. Only through careful infrastructure protection can you truly mitigate threats and keep your infrastructure environment — and data — safe from attack.