Akamai + Guardicore: End-to-End Zero Trust
It’s hard to miss: Ransomware attacks have exploded, with growth by some measures of more than 150% in 2020. This threat will only grow as criminals invent new ways to gain access to networks and systems, and as the attack surface grows with continued work from home and the proliferation of internet-enabled devices. This trend is why we are so excited about Akamai and Guardicore officially joining forces — the challenge posed by ransomware has never been greater, and the opportunity for our two companies, now one company, to prevent attacks has never been more tangible. Together, we can push back the rising tide of threats.
Ransomware is a complicated problem, but protecting against ransomware boils down to one simple principle: All traffic flows need inspection and control, regardless of the endpoints.
The thing is, for ransomware to carry out its function, it has to move. From wherever it originates, it has to find a place from where it can access and encrypt high-value data. This movement generally requires multiple hops, across multiple devices and servers. Each hop is a traffic flow that could be north-south — that is, between a user device and a server — or east-west — that is, between servers. Blocking ransomware, therefore, comes down to inspecting and controlling every one of these traffic flows to confirm that the flow is authorized and does not contain malware.
With Akamai and Guardicore now together, we have the ability to fulfill this strategy. Using our combined technology, customers will be able to inspect and control their enterprise traffic flow, north-south and east-west.
How do attackers get access in the first place?
Attackers have several strategies that they can use to gain the initial foothold in the enterprise. Gaining that foothold is the first hop. The strategies that attackers use for the first hop include phishing, squatting, leveraging stolen credentials, exploiting vulnerabilities in public-facing applications, and gaining physical access to laptops or servers. A defense against ransomware needs to consider all of these strategies.
In the case of defense against phishing, there is often an overreliance on training. Of course, training is important, but employees should not have the sole burden of determining if something is suspicious — the threat landscape and the tools criminals use are changing too rapidly. Ideally, technology should intervene before employees have to make any judgment calls. Technology also can provide another layer of defense by helping correct for human error — blocking suspicious websites even if an employee clicks on a malicious link, for example.
Akamai has several products that can block ransomware at this first hop as it tries to gain a foothold.
Our DNS firewall and our secure web gateway (SWG) — both of which are part of Secure Internet Access Enterprise — can block access to phishing and squatting sites with hostname and URL filtering
Our phish-proof multi-factor authentication (MFA) — ideally with none of the factors being a password — can block attackers who are trying to use stolen credentials
Our Zero Trust access product — today known as Enterprise Application Access — can block the exploitation of server vulnerabilities by ensuring that servers are visible only to users who have already been authenticated and authorized
In addition, our web application firewall (WAF) can ensure that the traffic flow does not contain any attacks — after all, even authorized accesses can contain attacks
Preventing ransomware spread
Of course, no defense is perfect, so what happens if the attacker finds a way in? What happens when the supply chain is targeted, and the attacker immediately gains access to the network?
While prevention is always preferable, the reality is that threats will occasionally get through. Organizations must have a strategy for protecting critical information and infrastructure once ransomware breaches those initial defenses. That’s why it’s also critical to inspect and control east-west, or internal server-to-server, traffic. In most cases, ransomware needs at least one east-west hop in order to find high-value data and do its harm. Moreover, in the case of attacks that originate from physical access, stopping the attack from hopping from server to server may be the only opportunity you have to prevent ransomware spread.
Guardicore’s microsegmentation technology is a critical means of protection to stop malware spread inside an organization. This technology logically divides the enterprise into segments that each have their own well-defined security controls, so that each process can communicate only with those other processes that it needs to communicate with. This approach addresses the problem of malware proliferating across the enterprise via east-west movement.
The next frontier
With Akamai plus Guardicore providing inspection and control across all enterprise traffic flows, we are opening up a new frontier: the enterprise without a perimeter.
Many enterprises are still approaching security with the outdated notion of a protected, firewalled corporate network. But this approach is inconsistent with our cloud-first, work-from-anywhere world. Things like public-facing applications, virtualized servers, and a mix of on-premises and cloud technologies mean a “protected perimeter” approach to security — where a user or an application is either on the network and trusted or off the network and not — leaves organizations extremely vulnerable. This is both because there is nothing to stop attackers if those defenses fail (or they gain access to a trusted device), and because it’s really hard to put cloud-based applications and infrastructure behind traditional security defenses and still maintain performance. This complexity will only increase as work from home continues to blur the lines between personal and professional, home and office.
We need to fully embrace the concept of Zero Trust and get rid of the idea that anything inside the corporate network can be trusted. Particularly as remote work continues to be the norm, all access to corporate systems should be viewed as remote access, and no device — whether an intern’s or the CEO’s — should have full, unfettered access. This will help block the exploitation of vulnerabilities and ensure that, if a device is compromised, the whole corporate ecosystem isn’t compromised as well.
When we approach enterprise security — regardless of the end user, location, or device — with the unifying premise that no traffic flow is trusted, an organization’s defenses are much stronger. A comprehensive Zero Trust approach that combines protection from both Akamai and Guardicore will make it extremely difficult for ransomware to ruin your day.
