As emerging technologies continue to infiltrate the enterprise, it is essential for organisations to constantly scan for vulnerabilities they present. Organisations therefore need to channel more resources and effort towards innovating solutions that can protect them against known and unknown cyber risks, said Chng.
In concluding, Chng advised executives to change their view of security - security should be seen as an opportunity that can truly benefit the company and its customers instead of being perceived an additional cost to the business. He added that instead of aiming for 100 percent prevention, enterprises should identify their most vulnerable areas and ensure that they have a balance of preventive mechanisms and monitoring capabilities to protect those areas.
Next to take the stage was Daniel Phuan, Technical Manager for South Asia at Check Point Software Technologies Ltd, Singapore. Phuan took the chance to introduce Check Point's software-defined protection (SDP), an overlay architecture enforcing security traffic flows within a software-defined network.
Daniel Phuan, Technical Manager, South Asia, Check Point Software Technologies Ltd
SDP aims to provide security that is able to "effectively protect against tomorrow's threats through a design that is modular, agile and secure," he said. The architecture consists of three layers: enforcement, control and management.
The enforcement layer inspects traffic and enforces protection in well-defined segments. Phuan explained that this layer consists of all enforcement points such as endpoint security, network security gateway, and mobile security. Segmentation is the main principle behind this layer as it enables the enterprise to determine where to implement enforcement points on both the network and hosts so as to mediate interactions between users and system.
Implementing segmentation begins with identifying the atomic segments in the network, said Phuan. An atomic segment contains elements that share similar policy and protection characteristics. Enforcement points are then introduced at the boundaries of each segment to enforce defined protection logic. Segments can be grouped to allow modular protection. After which, these segments need to be integrated into the network design. Finally, trusted channels are established to protect interactions and data flow between various network segments.
The next layer is the control layer, which is responsible for automatically generating software-defined protections and deploying them at appropriate enforcement points. According to Phuan, the protection categories include:
- Access control, which controls interactions between users, assets and applications as configured by the management layer.
- Data protection, which focuses on data classification.
- Threat prevention, which converts threat intelligence (from the security community, analysts and internal resources) into immediate security protections updates for the enforcement layer.