Cyber security Mesh: Clusters of network monitoring redefining security By Aditya Abeysinghe
Conventional network security monitoring involves establishing a security perimeter around all devices of a network. This method has been followed since the kindergarten days of computer networks and is the de facto standard used to monitor and secure most internal networks at present too. While this may sound easy for monitoring and securing devices in a network, the main disadvantage is that if the perimeter is hacked in some way, then the entire network could be vulnerable to attacks. Furthermore, security policies are often imposed at the edge of the network rather than at identity or other access management levels. Cyber security mesh is a concept that addresses these issues by enforcing security at each access point or similar level, thereby clustering these networks into a mesh of networks that are monitored separately.
Covid-19 and network security
Cyber security mesh is not a new concept. It has been used in more complex networks that are highly guarded and regularly monitored. However, Covid-19 caused a major change in the manner people use networks. For example, today most people work on a “work-from-home” method and students study utilizing online classrooms and meetings are conducted online. When working from home, people often login to organizational networks from outside the usual internal network and data is shared between multiple networks. In this manner of working, and studying, this type of changes (deviating from physical face to face to face interactions) have caused many issues in managing the security of networks from hackers who have developed new ways of attacking these systems.
Cyber security mesh has been thus increasingly used in many networks, since the Covid-19 pandemic began as a measure of redefining network policies and permissions to networks. With this architecture, the authorized person is provided access to only the segment that he/she is required to access.
Identity and Access Management
Identity and access management (IAM) is simply the process of authentication and authorization users based on policies and permissions. The traditional security of a system involves the username and password based approach where the user is authenticated at a logon service such as a database or directory, and then redirected based on the role the user has on a system.
With IAM a user is often grouped into a user category. Instead of providing access level rules on which components are accessible to a user, the access is granted to the user category, so that all users inherit these policies. In this manner, managing identities (people) and access is productive and security efficient. Typically, security in an IAM based system is enhanced with MFA* and SSO*.
Why is a Cyber security mesh important?
With new methods of accessing networks remotely, new methods of securing systems as described earlier is required. One of the main issues in IAM in securing systems is the difficulty in identity proofing users. Identity proofing or identity verification is the process of proving that a user is the user that needs to be authenticated. As a hacker can bypass MFA and SSO or other capabilities in IAM, impersonation of users to get authorized to systems is easy given that many processes are operated remotely at present. By using a mesh where the network is divided into segments and then using IAM and other access control mechanisms, even impersonated users have minimal capability of attacking the entire system instead, attacks could be identified in the first defense layer and thereafter, mitigated.
Cyber security mesh is also important to defend networks which span on heterogeneous systems. In these systems, the method of securing data and devices are different, based on factors such as internal policies, technologies used and the architecture of the system. Hence, the security of such type of systems is complex to be maintained when these systems are joined together. Instead, by using a mesh of smaller manageable components, the system could be monitored and managed efficiently.
- MFA: Multi-Factor Authentication is a method of using more than one method of authentication to a system. For example, a user may be authenticated with a username and password and a one-time password may be required to access critical components of an authorized system.
- SSO: Single Sign On is a method of authenticating a user once and then providing access to multiple systems without authenticating at each system.
Photo courtesy: https://www.technorad.com