Enterprise security is a multi-faceted concern that includes both the internal or proprietary business secrets of a company as well as the employee and customer data related to privacy laws. Enterprise security is increasingly in focus as major international companies such as Facebook, Yahoo!, Target, Home Depot, and Equifax have all faced large fines and government intervention due to the loss of sensitive customer data to hackers. Where enterprise corporations were previously most concerned with protecting their proprietary code or trade secrets from competitors and counterfeiters, they are now faced with new data privacy laws in the US and EU that can impose major financial penalties on organizations that misuse or lose consumer data. The transition to reliance on cloud infrastructure for business process support introduces new challenges to corporate security in IT.
Enterprise security is focused on data center, networking, and web server operations in practice, but technically begins with human resources. Social engineering is the root cause of as many as two-thirds of all successful hacking attacks according to some security researchers. In social engineering attacks, weaknesses in human nature, employee integrity, or personal gullibility are exploited by attackers to gain access to a network or data resources. Phishing attacks via email encourage employees to click on links that download and install malware. In Vishing (voice or VoIP phishing) attacks, hackers exploit voice conversations over the telephone with various employees to attain insider information that leads to a compromise in network security such as password information. Smishing (SMS phishing), baiting, spearfishing, and water holing are all related hacking techniques based on social engineering processes. These attack vectors can compromise even the most robust network security systems and can only be countered through increased employee awareness through training, vetting, and screening.
Automated hacking attacks are script-driven and target data center resources such as web servers and online applications on a continual basis through input entry points such as login screens, contact forms, search-to-database queries, and backend administration processes. Common examples of script bot attacks are MySQL injection hacks and cross-site scripting exploits. The ability to send code to a server through unsecured forms can lead to the loss of an entire database including all of the table information, passwords, and sensitive customer financial data. Code injection hacks are different from password cracking which can lead to full administration access by a hacker or the ability to establish backdoors to a server through FTP and the command line. Successful hackers typically spend 30 to 90 days in reconnaissance of a compromised network system with internal access before beginning the process of transferring database information or installing malicious remote code.
Enterprise security architecture needs to target physical access, social engineering, and script-bot attacks, while also guarding password-entry systems from cracking and user input channels from remote code injection. The network firewall is considered to be the main barricade against malicious hacking attacks. Most network firewall software packages now include the ability to scan packet data in real-time to search for potential viruses, malware, worms, and ransomware. The problem with anti-virus scanning is that it is an ex post facto approach to security that relies on professional agencies to identify malware before it can be detected. In “zero-day” attacks, exploit code that has never been revealed or categorized by security experts is used to penetrate a network, software platform, firmware device, or operating system. Because zero-day attacks cannot be defended against in advance, companies need to implement multi-tiered security policies that isolate and contain threats effectively after they inevitably happen.
The use of encryption on data transfers and the establishment of firewall settings for authorized user access are the two most fundamental aspects of enterprise security after physical access constraints. Most platforms with user sign-on systems now include lock-out procedures that cut off users after 5 or more incorrect password logins to prevent cracking attacks. Unidentified login attempts that take place repeatedly from a single IP address can be mitigated through IP blocking. Firewall software integrates with anti-virus scanning that matches data packet transmissions with known malware signatures in real-time to identify harmful files and prevent the accidental installation of viruses, worms, and trojans via phishing attacks or downloads. Web Application Firewalls (WAFs) can be installed that add an extra layer of protection to web forms to prevent cross-site scripting and MySQL injection attacks. Anti-virus software from vendors like Symantec, McAfee, Trend Micro, Kaspersky, Bitdefender, etc. are essential aspects of enterprise security today. Many enterprise companies also employ the services of a CDN to recognize and prevent DDoS attacks in production.
The current working paradigm of best practices in enterprise security is to apply all of the available industry methods of physical security, firewalls, encryption, fraud protection, intruder detection, WAF, anti-virus, etc. with the expectation that hackers will still find methods to penetrate systems, compromise hardware, and steal data. Under the principles of maximum harm reduction, the goal must be to detect and identify intruders in the quickest time possible while simultaneously building systems with greater isolation of data to prevent the spread of vector attacks. Micro-segmentation works to protect every individual virtual machine on an enterprise network through isolation that prevents the lateral movement of an intruder to other facilities from a single entry point. The DMZ model relates to firewalls, barricades, and moats by separating web processes from a LAN through increased isolation strengthened by proxy edge servers in the outer ring of defense. VMware vSAN Datastore is used for enterprise database encryption, while VMcrypt Encryption is used for storage, archives, and backup files.
Administrative power escalation is another critical issue that cannot be overlooked in enterprise security practices. Super-user and administration permissions must be more tightly controlled and detected instantly when deployed by unauthorized users. Real-time network monitoring increasingly includes analytics supported by machine learning and artificial intelligence to better detect intruders, sensitive unauthorized data transfers, and administration power escalation issues. Because unpatched software platforms and web server operating systems are the leading causes of compromised networks and data breaches, businesses must be especially vigilant in applying the required updates immediately in production. Automated security upgrades greatly improve the speed of response in applying critical patches. Agentless anti-virus can be installed at the level of the hypervisor and configured to automatically apply security responses to malware or intrusion attacks without human intervention, improving the response time in cloud data centers with millions of virtual machines simultaneously running in parallel.