In part I of this three-part blog series, we discussed network obfuscation and its benefits. You can read Part I here. In this blog post, part II of the series, we are going tackle how organizations use obfuscation to secure their network.
Commensurate with the principles of zero trust, obfuscation helps organizations achieve secure remote access, endpoint security, and data and communications security. In turn, these capabilities enable active network defense measures such as threat intelligence/threat hunting, security testing, and cyber risk management.
Secure remote access
Secure remote access is a must in today’s business environment. Fewer corporate employees work from onsite offices than ever before, yet they must have quick and easy access to corporate resources. Traditional and legacy remote access technology such as VPNs are kludgy, don’t scale as per the needs of modern workforces, and don’t conform to zero trust principles. Newer identity-based authentication and authorization controls have become very popular and cover zero trust access requirements.
However, once a user is authenticated via an identity solution, their movements on the network are still observable. Obfuscation protects the traffic with multiple layers of different types of encryption, making it extremely unlikely that even an advanced attacker could decrypt and understand the nature of the communication.
Endpoint obfuscation works in a similar fashion to secure remote access by eliminating source and destination IP address information, routing traffic through various complicated routes, and the creation of an alternate persona. The additional feature here, though, is endpoint IP swapping at the user-defined point of presence (PoP) at the edge of the network. Obfuscation makes it nearly impossible for an attacker to identify an entity based on network-defined or static identity information.
Data and communications security
Within an obfuscation network, all data—in transit and at rest—must be encrypted from end-to-end. Optimally, the solution will use multiple layers and types of encryption to make it less likely that an advanced attacker could decrypt data at any point during its lifecycle and cause a breach or create a ransomware scenario. Encryption ensures data privacy, integrity, and availability—the three pillars of data security—and conforms to zero trust.
Threat intelligence/threat hunting
Organizations use threat intelligence and hunting to identify cyber adversaries. But conducting these activities in the clear exposes defenders to criminal observation, giving the adversary ideas on how to avoid detection and/or attribution.
Obfuscating the identities of intelligence and threat hunting personnel, as well as their actions on the internet, allows them to conduct research more freely and extensively; an obfuscation network is a “cloak of invisibility” to protect researchers and their organizations.
As with intelligence and threat hunting personnel, security testers benefit tremendously by having their presence obscured. The point of testing—red teaming, pen testing, vulnerability scanning, etc.—is to find network vulnerabilities and then use that information to remediate them. However, when testers or testing tools can be identified on the network, there is a risk that these activities or resources will be exposed in the process if a cyber-criminal is monitoring in stealth mode.
Obfuscating source and destination information, applying dynamic routing, creating personas, tightly restricting access, and encrypting everything ensures testers won’t be discovered as they’re trying to protect the organization they’re tasked with protecting.
Obfuscation technology helps mitigate risk and simplify the enforcement of risk management policies by allowing users and their actions on the internet to remain private and undetected. Details associated with the user, device type, files accessed, location, network pathways used, and more are all concealed or removed, thus preventing unauthorized users from identifying rich targets for compromise.
These are some of the ways that organizations use obfuscation to secure their network. To learn more about obfuscation, download the white paper: How Invisibility Enhances Zero Trust Security.