Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Defending an Undefinable Cyber Security Perimeter

Don Quixote Syndrome
97% of businesses have been hacked
Don Quixote Syndrome
97% of businesses have been hacked
April 1, 2015

The character Don Quixote became legendary tilting at imaginary giants that were ultimately just windmills dotting an expansive countryside. His cause was noble, but his efforts were fruitless and completely misguided. 

Don Quixote’s adventures are not only entertaining, but define a pattern of behavior that is similar to today’s IT security professionals’ noble pursuit of network and data security. There are serious lessons to learn from the delusional Don Quixote extending beyond the folly of having an irrational hatred of windmills.

Statistics show that the ‘‘Quixote Syndrome’’ is widely effecting and deeply entrenched across a broad population of the security industry. According to a SafeNet 2014 Survey, 74 percent of IT decision-makers believe perimeter security is effective at keeping out security threats. At the same time it was found by a 2014 Mandiant Study, Cybersecurity’s Maginot Line: A Real-World Assessment of the Defense-in-Depth Model, that 97 percent of businesses have already been breached. These findings are quite ironic and speak directly to a level of delusion that is plaguing our profession. To further support the existence of delusion, FBI Director James B. Comey recently appeared on 60 Minutesand stated: “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”

Delusion is defined as an idiosyncratic belief or impression that is firmly maintained despite being contradicted by what is generally accepted as reality or rational argument. The idiosyncratic belief that the modern enterprise network perimeter can be defended is propelled by the vendors of the network security industry. These hardware and software vendors are fully vested in the complex layered security model that is feasting on increasingly large IT security budgets. Their message is consistent: after your current layers of security fail, just buy our new and improved layer and you will be safe. What they are not telling security professionals is the truth – you will be breached no matter how many layers you implement.

Yet like Don Quixote, IT and physical security executives continue to expend their energy fighting a fight that cannot be won. They are simply fighting the wrong fight, defending a perimeter they cannot define, against an enemy they cannot see. According to the Forrester report, Understand the State of Network Security: 2013 to 2014, which surveyed 2,000 IT executives in North America and Europe, 46 percent stated they would be increasing perimeter security spending in 2014. Simply put, vast amounts of IT security budgets are being directed towards protecting a perimeter we cannot define, which is yielding a 97-percent failure rate. Worse yet, nearly half of IT security professionals are doubling down on this losing strategy.

The modern enterprise network has become expansive, porous, and completely blurred due to the large number of Internet-facing applications that have been deployed and adopted.  The number of potential entry points into the enterprise network has proliferated uncontrollably.  The complexity associated with administering access control lists, remote access connections, content filtering rules, and a wide array of security policies has increased exponentially.  Administering security policies requires device-specific manual configuration that is prone to human error. According to the Ponemon Institute’s 2013 Cost of Data Breach Study, at least one-third of all security breaches are caused by human error. A rational argument for maintaining the status quo in a security strategy requires a quixotic denial of reality.   

So what are security professionals to do if they no longer tilt at windmills? Accepting the reality that your perimeter will be breached yields a logical refocus on containment of the breached network segment. Eliminate the possibility of breach propagation. This strategy poses a tremendous challenge though, because of the core architecture on which enterprise networks are built – the Hub and Spoke architecture. This architecture is more than a half-century old and was never designed to implement granular controls on internal traffic. Additionally, it relies on a shared dynamic routing construct, in which all applications are routed over the same routers, firewalls switches and circuits. The problem resulting from this construct is that when perimeter vulnerability is successfully exploited, it frequently results in a security cascade effect that ripples across the shared routed network.

Most business plans cannot sustainably afford the physical separation of networks due to the high capital and recurring staffing costs required to operate disparate networks. Therefore, most businesses rely on a single shared infrastructure and highly complex security and routing policies to achieve some measure of separation. In the vast majority of networks, this separation ceases at the WAN interface of the access routers where all traffic is intermingled. This scenario provides the path for breach propagation because of its complexity and resulting vulnerabilities. Containment security can be best achieved through virtual network segmentation where each network has its own instances of virtual routers, firewalls and security policies from end-to-end.  Virtual segmentation is more than just a VLAN, although VLANs can play an integral part.  Each VLAN must essentially extend from application enabler to application gateway for containment to be effective.  By removing shared routing and security elements between networks, the “leverage-able” elements that allow breaches to propagate are removed. Mutually exclusive security policies that cannot conflict with one another to create vulnerabilities are established. The construct of each independent network, including its definable perimeter, syslog baseline and the number of layers required to effectively defend it are simplified. Essentially, applications are stripped from the shared router environment and placed into their own statically or dynamically routed, private IP environments that are customized to the applications’ specific needs.  

The evolution of software defined networks and a central brain (in the cloud), often referred to as a Universal Policy Controller (UPC), has made the administration of standalone, purpose-specific networks achievable. In this environment, a security-policy change to thousands of similar application networks can be implemented simultaneously and consistently. Compare this to the current method that requires device-specific manual configuration of each router in the network and to the associated cause and effect that results. 

Valid concerns have been raised about the security of centralized controllers, but securing a single controller is far more realistic than defending against a vast landscape of windmills. This is especially true in a scenario where if one windmill gets the best of you, it unravels your entire defensive strategy.

It is time to face the reality of our dilemma and take achievable steps towards fighting a fight we can win. It is time to put down the tilts, dismount the horse, remove the antiquated armor and rethink our approach to what security really means. It is time to learn from Don Quixote rather than emulate him.

 

Information provided by Cybera, www.cybera.net

KEYWORDS: cybersecurity strategies network perimeter network security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • perimeter-security-freepik1170.jpg

    Defending your perimeter: Taking an intelligent, layered approach to security

    See More
  • AI perimeter security

    An intelligent approach to perimeter security

    See More
  • hacker codes killware

    Defending against killware: The cyber threat with physical consequences

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing