Enterprise security is a multi-faceted concern that includes both the internal or proprietary business secrets of a company as well as the employee and customer data related to privacy laws. Enterprise security is increasingly in focus as major international companies such as Facebook, Yahoo!, Target, Home Depot, and Equifax have all faced large fines and government intervention due to the loss of sensitive customer data to hackers. Where enterprise corporations were previously most concerned with protecting their proprietary code or trade secrets from competitors and counterfeiters, they are now faced with new data privacy laws in the US and EU that can impose major financial penalties on organizations that misuse or lose consumer data. The transition to reliance on cloud infrastructure for business process support introduces new challenges to corporate security in IT.
Enterprise security is focused on data center, networking, and web server operations in practice, but technically begins with human resources. Social engineering is the root cause of as many as two-thirds of all successful hacking attacks according to some security researchers. In social engineering attacks, weaknesses in human nature, employee integrity, or personal gullibility are exploited by attackers to gain access to a network or data resources. Phishing attacks via email encourage employees to click on links that download and install malware. In Vishing (voice or VoIP phishing) attacks, hackers exploit voice conversations over the telephone with various employees to attain insider information that leads to a compromise in network security such as password information. Smishing (SMS phishing), baiting, spearfishing, and water holing are all related hacking techniques based on social engineering processes. These attack vectors can compromise even the most robust network security systems and can only be countered through increased employee awareness through training, vetting, and screening.
Automated hacking attacks are script-driven and target data center resources such as web servers and online applications on a continual basis through input entry points such as login screens, contact forms, search-to-database queries, and backend administration processes. Common examples of script bot attacks are MySQL injection hacks and cross-site scripting exploits. The ability to send code to a server through unsecured forms can lead to the loss of an entire database including all of the table information, passwords, and sensitive customer financial data. Code injection hacks are different from password cracking which can lead to full administration access by a hacker or the ability to establish backdoors to a server through FTP and the command line. Successful hackers typically spend 30 to 90 days in reconnaissance of a compromised network system with internal access before beginning the process of transferring database information or installing malicious remote code.
The importance of enterprise security can be illustrated by looking at the role of encryption in internet communications. When an email is sent, or a user password is entered to login to a website, the data is transferred point-to-point through a series of third-party channels where it could potentially be intercepted and read by malicious users with unauthorized access unless encrypted. The threat includes unauthorized agents using packet sniffing software installed on the telecom network, the ISP, or local WIFI channels. Although the value of information sent over these connections may vary, no enterprise company or other complex organization would be willing to have their trade secrets, client communication, and internal discussions monitored by third-parties with malicious intent on open channels. The ability to access unencrypted passwords and login information can compromise not only individual accounts and data, but also an entire corporate network if an intruder gains data center access.
As a consequence, most websites and mobile applications now enforce HTTPS encryption through SSL/TLS certificates across the various channels of user communication. Data centers have adopted “military-grade” security features that include biometrics, gated entry systems, and 24/7 monitoring of facilities to prevent unauthorized physical access. Training programs for IT professionals can heighten alertness to the signs of social engineering attacks. Even where physical access is tightly controlled, enterprise corporations still face hacking attacks from the farthest reaches of the globe, which can even include State-sponsored activity from regimes like Russia, China, Iran, and North Korea.
State-sponsored hacking may target military-industrial secrets related to engineering in weapons programs, aeronautics, or advanced research in other sensitive industries. State-sponsored hacking can also target media companies, such as Sony’s film studio hack by North Korea, on the basis of propaganda activities or seek to compromise the corrupt behavior of public officials through personal communication leaks.
At the highest levels, State-sponsored hacking teams or attention-seeking publicity hackers may target high impact attacks that amount to terrorism or result in the loss of human life akin to cyber-war. The Stuxnet virus is just one example of the effects of industrial espionage and intelligence agency hacking. These groups, as well as criminal or publicity-seeking hackers, may target critical social infrastructure like power stations, telecommunications, or industrial production to cause blackouts, meltdowns, or physical damage to facilities intended to cause panic and chaos. In contrast, criminal hackers typically seek only to steal credit card information, bank account access, and cryptocurrency for personal financial gain. Millions of credit card numbers are already available for sale on the Dark Web, at prices as low as $1 per card. The hacking attacks that target personal consumer information can lead to identity theft, fraudulent charges, or financial embezzlement that is difficult for authorities to detect or stop without widespread interdiction from law enforcement groups or international agencies.
Enterprise security architecture needs to target physical access, social engineering, and script-bot attacks, while also guarding password-entry systems from cracking and user input channels from remote code injection. The network firewall is considered to be the main barricade against malicious hacking attacks. Most network firewall software packages now include the ability to scan packet data in real-time to search for potential viruses, malware, worms, and ransomware. The problem with anti-virus scanning is that it is an ex post facto approach to security that relies on professional agencies to identify malware before it can be detected. In “zero-day” attacks, exploit code that has never been revealed or categorized by security experts is used to penetrate a network, software platform, firmware device, or operating system. Because zero-day attacks cannot be defended against in advance, companies need to implement multi-tiered security policies that isolate and contain threats effectively after they inevitably happen.
The use of encryption on data transfers and the establishment of firewall settings for authorized user access are the two most fundamental aspects of enterprise security after physical access constraints. Most platforms with user sign-on systems now include lock-out procedures that cut off users after 5 or more incorrect password logins to prevent cracking attacks. Unidentified login attempts that take place repeatedly from a single IP address can be mitigated through IP blacklisting. Firewall software integrates with anti-virus scanning that matches data packet transmissions with known malware signatures in real-time to identify harmful files and prevent the accidental installation of viruses, worms, and trojans via phishing attacks or downloads. Web Application Firewalls (WAFs) can be installed that add an extra layer of protection to web forms to prevent cross-site scripting and MySQL injection attacks. Anti-virus software from vendors like Symantec, McAfee, Trend Micro, Kaspersky, Bitdefender, etc. are essential aspects of enterprise security today. Many enterprise companies also employ the services of a CDN to recognize and prevent DDoS attacks in production.
The current working paradigm of best practices in enterprise security is to apply all of the available industry methods of physical security, firewalls, encryption, fraud protection, intruder detection, WAF, anti-virus, etc. with the expectation that hackers will still find methods to penetrate systems, compromise hardware, and steal data. Under the principles of maximum harm reduction, the goal must be to detect and identify intruders in the quickest time possible while simultaneously building systems with greater isolation of data to prevent the spread of vector attacks. Micro-segmentation works to protect every individual virtual machine on an enterprise network through isolation that prevents the lateral movement of an intruder to other facilities from a single entry point. The DMZ model relates to firewalls, barricades, and moats by separating web processes from a LAN through increased isolation strengthened by proxy edge servers in the outer ring of defense. VMware vSANDatastore is used for enterprise database encryption, while VMcrypt Encryption is used for storage, archives, and backup files.
Administrative power escalation is another critical issue that cannot be overlooked in enterprise security practices. Super-user and administration permissions must be more tightly controlled and detected instantly when deployed by unauthorized users. Real-time network monitoring increasingly includes analytics supported by machine learning and artificial intelligence to better detect intruders, sensitive unauthorized data transfers, and administration power escalation issues. Because unpatched software platforms and web server operating systems are the leading causes of compromised networks and data breaches, businesses must be especially vigilant in applying the required updates immediately in production. Automated security upgrades greatly improve the speed of response in applying critical patches. Agentless anti-virus can be installed at the level of the hypervisor and configured to automatically apply security responses to malware or intrusion attacks without human intervention, improving the response time in cloud data centers with millions of virtual machines simultaneously running in parallel.