The latest buzzword in cybersecurity today is zero trust security. Zero trust security is based on the premise that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to networks, systems, and resources based on adaptive, contextual identities. While zero trust security focuses on preventing malicious actors from getting into the network, what happens when employees and partners go outside of company networks and access external resources?
This is where obfuscation and/or cloaking network resources and users come into play. Network obfuscation can be utilized to enhance zero trust security. Because a cyber criminal, after all, cannot attack what they don’t know exists or cannot find.
In this first part of a three-part blog series on network obfuscation, we will discuss what network obfuscation is and the benefits of obfuscation.
Why obfuscation and invisibility?
At first blush, it might seem like obfuscation and/or invisibility might be a tactic or technique most used by those who have something to hide, i.e., cyber criminals. However, just like one might hide personal valuables (for example, jewelry, heirlooms, wills and trusts, etc.) in a safe or lockbox or put them in an obscure physical location, away from other valuables, obfuscation on the internet or on a network is a safety and security measure.
Today, business communications are largely conducted over digital channels. Most of today’s business tools are also digital. Suffice it to say, with every piece of information, data, application, file, or device connected, the attack surface expands. As the attack surface expands, there’s a higher risk of a security breach.
Three Benefits of Obfuscation:
Benefit #1: Elimination of digital footprints
Every normal digital transaction leaves a trail, sometimes referred to as “digital breadcrumbs” or a “digital footprint,” that records every website visited, every form completed, cookies, search history (even in incognito mode!), text messages, accessed public applications, and general location (or precise location if GPS is enabled). Cyber criminals go to lengths to cover their tracks, yet people conducting legitimate transactions don’t generally rely on obfuscation techniques, even when it would be to their benefit. An obfuscation network provides even greater digital protection to legitimate organizations than the methods bad actors often employ to disguise their presence on the web.
Benefit #2: Enhanced security and privacy
Organizations with employees or partners who are conducting highly sensitive research, collaborating on sensitive topics, or dealing with proprietary data and applications that cannot be leaked will want to explore commercial anonymity and privacy technology. In these instances, personnel may want or need to disguise their digital identity, hide any identifying information from the network or services running on the network (e.g., IP addresses, PoPs), and add layers of security control such as encryption, ephemeral and dynamic data routing, or non-attribution.
Benefit #3: Dedicated resources
A private obfuscation network builds on the ideas introduced by The Onion Router but adds features and functionality more appropriate for business use. For instance, a separate, dedicated network for obfuscation provides a private space for businesses, not one that may be used by anyone with the requisite software. This means that only vetted and authorized personnel may access the network—which sits between the public internet and any network, service, or application connected to it – providing an additional layer of protection that doesn’t exist in any other form.
One might ask, “Are there any uses cases or applications that merit this extra level of security?” The answer is, “of course.” As alluded to at the beginning, even a bank with state-of-the-art locks, alarms, and surveillance cameras still has a vault in the back, where cash, critical documents, and other irreplaceable assets are kept, protected by armored walls and a highly engineered door sealed tight with multiple massive bolts.
An obfuscation network is the equivalent of that bank vault. It serves as a closed, self-contained, hidden, and highly secure environment to protect an organization’s most critical users and applications. In financial services, it might be a third-party payment network or a secure voice and video system for M&A negotiations. In healthcare, it might be a telemedicine network or an e-health record repository. In critical infrastructure, it might be an ICS network, industrial IoT devices, or data transmissions from SCADA systems.
These and more are examples of uses cases and applications within a zero trust architecture that still require the additional “digital bank vault” security that an obfuscation network provides.
Be sure to come back for Part II of the network obfuscation blog series where we discuss how obfuscation is used in the enterprise. Meanwhile, to learn more about network obfuscation, download the white paper: How Invisibility Enhances Zero Trust Security.