While it is well understood that cybersecurity has extended beyond the firewall perimeter to the user, many may not appreciate the evolution of end-user centric cybersecurity. As bad actors embrace AI to elevate the effectiveness of their attacks, the enterprise has responded with multiple layers of security, similarly enabled by advances in AI. Cybersecurity has moved from a world focused on protection via firewall access policies to one focused on end-user collective behavior. Here are three broad viewpoints about cybersecurity, which we will dive into deeper in future blogs.
Today’s Next Generation Firewalls
The current state of cybersecurity focuses on questions of identity, device, location, and application. It asks questions such as:
- Should the identity be trusted?
- Should the device be trusted?
- Should the location be trusted?
- Should the application be trusted?
New Challenges in Cybersecurity
While the questions of identity, device, location, and application remain crucial in the current state of cybersecurity, it's important to note that malicious actors have become adept at evading these safeguards. Effective cybersecurity requires additional questions to be asked, such as:
- Should the application instance be trusted?
- Should the application activity be allowed?
- Should the behavior be allowed?
- Should the data be allowed?
- What action should be taken in response to questionable user behavior?
Secure Access Service Edge (SASE) Use Case
While it may be appropriate for an enterprise to permit employee access to corporate instances of common SaaS applications, such as Dropbox, Box, or OneDrive, the enterprise must protect itself against employee access to personal instances of those same SaaS applications, which have become a primary threat vector for undermining an enterprise’s cyber posture.
The security challenge becomes more complex when access to personal versus company accounts of the same application must be regulated. For example, when an employee is planning to resign, an enterprise may still want to permit the employee to upload data into CRM tools to capture their account knowledge, while at the same time preventing them from downloading customer data from the CRM tool to take proprietary information to their next employer.
Effective cybersecurity is not always about blocking questionable behavior. In some situations, it becomes far more effective to coach the end-user to reconsider their behavior or even ask them to explain why they are doing something they shouldn’t. Such “in the moment” prompts not only discourage the employee from pursuing the cyber suspicious behavior, but also enforces proper future behavior.
Just as bad actors have the opportunity to elevate their attacks, enterprises have the option to elevate their defenses similarly with Secure Access Service Edge (SASE).