How APAC organisations can mitigate edge security threats

Fending off edge security threats

With traditional defence mechanisms often unable to keep pace with the volume and complexity of cyber attacks, Hansen highlighted the importance of keeping attacks as far away as possible from the corporate network and datacentre.

In practice, that means mitigating attacks close to the point of entry – at the edge. Not only is this more efficient, but it can also have a positive impact on the user experience. “Enterprises must implement security all the way to the edge, encompassing all devices – especially mobile and IoT devices that connect to corporate assets,” says Hansen.

Security capabilities at the edge must also include automation to deal with threats in real time and prevent serious damage. For instance, they must be able to route suspicious traffic to a scrubbing centre within milliseconds of detection to mitigate any threats.

According to Juniper Networks’ Lee, other best practices that organisations in Asia-Pacific can adopt to address edge security threats include:

• Manage edge security across all locations from a unified management console: This allows a consistent and clear view of the actual security posture of the enterprise. Ideally, this should include integration to all layers within the stack to ensure complete visibility.
• Record all system activities with a log server and leverage the data collected to establish a baseline for security measures: This allows cyber attacks to be identified and helps in both incident response and forensics. In instances where parts of the stack are managed by third parties, integrating and consolidating all logs would ensure no gaps.
• Identify, categorise and tag the edge devices: Design and implement security policies based on the type and access needed for each device. This drives greater consistency across the entire extended infrastructure regardless of the make and model of devices in different locations.
• Keep up to date with latest security news and establish a patching policy for the firmware on edge devices: Keeping all devices patched and up to date ensures all known vulnerabilities are eliminated or contained.
• Implement mobile device management for user devices to ensure security policies are adhered to consistently: This ensures that user devices, which are often one of the weakest links, are secure and not prone to be exploited.
• Employ multifactor authentication and zero-trust security measures: This can include role-based access control for remote access to all edge devices and services.

Elaborating on the role of zero trust, Akamai’s Kolli says that as it is difficult to correlate a multitude of security and networking tools into a single risk rating, integrating network and security services through a zero-trust approach will help to reduce complexity for IT and security teams while increasing visibility and ease of management.

It’s also worth noting that edge computing doesn’t always bring more risk. As most edge applications are variants of machine-to-machine or IoT applications, Hansen says an organisation could terminate the connection to edge devices and apply traditional encryption and access controls on the connection between the edge and the cloud or datacentre. This will reduce the attack surface of edge applications.

Furthermore, edge infrastructure management tools can serve as the “eyes and ears” in places where staffing is insufficient. According to Lee, some inherent benefits of a distributed edge computing model include:

• Higher availability and resiliency of services: The “blast radius” of outages due to cyber attacks can be localised and restricted. For example, DDoS attacks on specific edge locations may not affect other locations at the same time.
• Improved data protection: Data must be replicated and backed up across different edge computing points of presence.
• Improved security response: Attacks and security information can be shared with other edge devices or locations. For example, an attacker’s IP address or malware signature can be shared to allow the enterprise to establish a more effective defence mechanism in other locations.

How Asia-Pacific is faring

In recent months, Juniper has seen more organisations in the region adopt edge security measures, especially those that have been increasing their pace of digitisation.

Notwithstanding, they continue to face challenges such as the lack of integration between different security products, departmental silos where different teams still want to retain control of their security devices and policies, and the lack of talent to manage edge security using myriad tools.

Fernando Serto, principal architect and tech evangelist at Cloudflare in Asia-Pacific, Japan and China, says while the company saw a huge increase in adoption of edge security services last year, it will take time for organisations to understand their entire attack surface and how to best mitigate risk.

“Another common issue is previous investments in older technologies which may not be fit for purpose today, based on how much the threat landscape has evolved in the past two years,” he adds.

“The pandemic has certainly not only accelerated the adoption of such technologies, but also showed organisations how unprepared they were for catering for a distributed workforce and the new threats and risks with it.”