While all of these films have a common theme, the reality is that these heists could happen anywhere, anytime and are often the result of a weakened IT deployment. Often cases the missing hero in these films is fabric technology.
So, how could fabric technology ruin our favorite heist flicks?
Beginning in 2009, fabric technology became an evolution of network design that departs from the traditional hierarchal models to form a mesh of logical connections between network components whose framework is software-defined. This simplifies the network architecture and allows for faster configuration and management by removing the need to be positioned in front of the equipment entering command line interfaces (CLI) manually. This design also eliminates single points of failure by allowing two pieces of hardware to be aggregated on the network as one logical unit in a process called Multi-Chassis Link Aggregation (MLAG).
By leveraging fabric technology, administrators can segment networks in a way that keeps public networks separate from secure ones and increase the resiliency of their networks at the same time.
While there are tons of scenarios under which a team of thieves might want to break in and steal something, every one of them has these elements in common.
In nearly every film, there’s either a person on the inside that is able to provide the team access to the location for the heist to take place or there is a known vulnerability in the security structure that is exploited.
Next, every film has blueprints, schematics, schedules, literally everything there is to understand about the security architecture, is available to the assailants. There is nothing that the team lacks by way of intelligence. With all the information, the team is able to develop a complex plan that accounts for all of the obstacles the security architecture tries to create. Unfortunately, given the time to plan and full details of vulnerabilities, the very assumptions the security strategy is built on is invalidated.
Finally, when least expected, the team strikes, compromising the security and walking away with the prize. By the time the security realizes there’s a problem it’s too late and they are left scratching their heads as to how the theft could have happened or chasing the thieves who are one step ahead.
A typical network intrusion isn’t that different. While the methods have different names, the strategies are very similar to the ways we see them on the silver screen.
This is a successful attempt by a hacker to gain unauthorized access to a network system or its resources. This can be done through phishing, viral software, or by exploiting vulnerabilities within software or security design. Once inside, the hacker is focused on establishing persistence and installing command and control tools to aid in the next step of the attack.
Scanning, also called network enumeration, relates to gathering information about the network and determining where critical assets and resources may be. This is critical because the more time a hacker has to be able to scan the network and build a clear understanding of its design, the harder it will be to discover and stop the exploitation. Ultimately, the goal is to move laterally in the network to find targets of greatest value.
With access to resources, the theft of secure data can begin. Frequently, this is done using methods designed to avoid detection, but eventually, this data transfer produces an anomaly that forces action on the breached security team. Much like in a Hollywood-style heist film, the assailants already have an escape plan and often avoid prosecution. If the data transfer doesn’t produce detection, the hacker may also activate ransomware in the network or launch a Distributed Denial of Service (DDoS) attack.
Fabric is only one part of a broader security strategy. Much like the air bags in a car or automatic emergency breaking systems, it doesn’t absolve the driver from wearing seat belts. So we shouldn’t think of fabric as a panacea that protects the network end-to-end alone, but there are some key features that make lateral movement and exfiltration more difficult than without it.
Hyper-segmentation is a significant improvement upon traditional network segmentation, which offers scalability, enabling the network to be segmented end-to-end. This completely isolates different traffic types, applications or types of users. When hyper-segments are created, organizations reduce the attack surface, preventing lateral movement to more sensitive areas of the network. The network also gains a quarantine function if a segment is breached and anomaly scanning is simplified, achieving greater firewall efficiency.
Hyper-segmentation is combined with another capability called Stealth Networking, which limits the visibility of the network to reduce attack opportunities. Scanning relies on the ability to understand the network topology to facilitate lateral movement. In this methodology, forwarding is based on ethernet-switched paths, so network topology is invisible from an IP perspective. Since there are no inherent hop-by-hop IP paths, the network topology can’t be traced using common IP scanning tools.
This is different from traditional IP Network designs where the entire routing table is exposed to all the devices on a network. This vulnerability is what makes lateral movement in the scanning phase of a network intrusion possible. But, since aggregation and core nodes don’t have visibility to the service layer, services are encapsulated at the network edge, meaning what hackers can’t see, they can’t attack.
Finally, there’s network elasticity as an enabler for securing the everywhere-perimeter. An elastic hyper-segment automatically stretches services to the edge, only as required, and only for the duration of a specific application session. As applications terminate, or end-point devices close down or disconnect, the redundant networking services retract from the edge. In deleting a network configuration that isn’t required anymore, back door entry points to the network are eliminated. This means that the windows close on a session based exploit. Once the session has ended, the entire process starts over again.
Imagine it. A crack team of international thieves are all set up to break into a facility housing top-secret information. They have a master lockpick, an elite security expert, two special forces, ready-for-anything types, everyone is armed to the gills. The lockpick cracks the lock. They open the door and go in.
It’s dark. They turn their flashlights on. But the space seems to absorb the light. No worries though, they have night vision goggles. Which also don’t work. The only light available is through the door where they entered. From that dim light they can see that they’ve entered into what looks like a lobby waiting room (Stealth Networking, Hyper-segmentation).
As they root around the room looking for another door, they realize that there are no other doors. There seems to be no way out except from the door they entered (Hyper-segmentation). Perplexed, they go back outside to regroup as the door closes behind them.
With a new plan, they return to the door, which was previously unlocked, only to find it locked again, and the tools that previously worked on the door before don’t work anymore (Elasticity). Forced to regroup again, the team decides that they had bad intel on the target and they leave to find something easier.
Every year, cyberattacks on organizations increase, raising the stakes on the impact and cost of a single intrusion and loss of data. Tools like fabric can add more obstacles between would-be intruders and your valuable resources and can make a huge difference in strengthening your comprehensive security strategy.
If you don’t have fabric technology installed in your organization, now is a great time to start a conversation to investigate whether the benefits of hyper-segmentation, stealth networking and elasticity are right for you.
Learn more about Extreme Fabric Connect!