Problems at the Perimeter

The security of digital estates is of vital importance to modern businesses, but is woefully overlooked by many. One of most common problems we see when we are asked to re-host a digital service after an incident is that estate security is considered a 'tick-box' exercise.

Many businesses rely on large third parties to provide 'security' for their services. They do this without questioning or fully understanding the scope of the protection that the third party provide. Without this understanding, there is usually no consideration of what could happen if that protection breaks down

A recent report has highlighted a new attack method to circumvent a number of popular Web Application Firewalls (WAFs) that act as security perimeter for many businesses such as Cloudflare, f5 and AWS. This isn't the first and, although quickly patched, this definitely won't be the last.

Having these perimeter services in the mix is, in general, a very good thing but they are not a silver bullet. This recent bypass enabled some potential backend database access but would rely on additional vulnerabilities and exploits. If a business had simply boxed ticked, those additional vulnerabilities and exploits may have been available to an attacker.

Businesses have to consider what happens if the perimeter breaks down. Implementing device level protection and zero trust policies (where possible) are no longer a luxury, they are essential. That is why we incorporate them into everything we do, even our entry level site patterns.

Good security needn't be big or expensive, it just needs to be well thought out and well implemented.

Social photo by Lena Bauermeister on Unsplash