While every sector is under attack, retail serves as a compelling example because it is characterized by a high number of distributed sites processing a high volume of transactions. Thus, retail finds itself in the crosshairs of the cybercriminal, incurring 2.7 times more attacks than the next leading industry, finance.
Retail security and the expanding attack surface
Retail is a target-rich environment for security breaches because of the high ratio of payoff vs. effort. Each year millions of retail outlets process billions of transactions carrying cardholder data and the personally identifiable information that proliferates in the era of big data and customer analytics.
In addition, in a perimeter-less world driven by multi-cloud, mobile-first solutions, the attack surface is expanding. Two decades ago, viruses and malware targeted personal computers. Now they go after anything with an IP address, which can include a digital video-surveillance camera or a customer smartphone or tablet using the guest Wi-Fi. Once infected, the devices are used as platforms to infect other devices or to serve as bots for running tasks such as testing stolen credit cards in the background at ecommerce sites.
As we know, the solution is to change the economics of crime, i.e. increase security to reverse the payoff/effort ratio, requiring high effort for a low payoff. In the past, adding security meant degrading the quality of experience while increasing cost and complexity. Properly-engineered SD-WAN embeds security in the fabric, reducing cost and complexity while preserving the quality of the customer experience. These are all critical factors, and the stakes rise exponentially when a deployment involves bringing up hundreds or thousands of sites.
What is security embedded in the fabric?
In far too many applications, security is an afterthought if it is addressed at all. Security embedded in the fabric strikes a balance between user experience, security, and affordability by ”baking into the platform” a best-practices approach that combines defense-in-depth, micro-segmentation and continuous network monitoring.
Defense in depth incorporates security best practices and multiple layers of well known security technologies such as VPN, IDS/IPS, firewalls, multi-factor authentication and others, by incorporating these functions into the platform to ensure the economic barrier to entry for the cybercriminal is significant.
Micro-segmentation places each app in a separate virtual application network to prevent application traffic from intermingling and thus, protects against lateral breach propagation. Since no app can see the traffic from any other app, an infected app can’t hijack the traffic of other apps for nefarious purposes.
Continuous network monitoring optimizes performance and security for all remote sites. Like diseases, security threats are often cyclical in nature. They come in ebbs and flows, periodically resurging. And also like diseases, security threats mutate, returning in a different form. As a result, security is not a once-and-done exercise. Here, we can borrow an analogy from the medical world. Even though Salk’s vaccine eradicated polio in the U.S. to the degree that no cases have originated in the U.S. since 1979, polio keeps sneaking back in through international travel.
Continuous monitoring also serves a heuristic security function. When emerging or resurging threats are detected in one part of the network, we can use our cloud managed solution to proactively propagate security updates across our entire client base.
Service chaining quickly and cost-effectively incorporates innovative, state-of-the-art security services transparently into an enterprise network in response to the continually changing nature of the attack landscape. The ability to add a targeted security service via an agile service-insertion framework and replicate it across a sizeable footprint is an important consideration in the SD-WAN scale out process.
All the elements of security embedded in the fabric work in concert with security service chaining combine to create predictive, network-wide protection at scale.
A secure, cloud managed SD-WAN flips the reward/effort equation in the favor of the enterprise, which frees up significant time and money to run their business instead of managing a large-scale network that is a cost multiplier. Business, as it should be.
The Security Edge White PaperDownload the white paper “The Security Edge: Why Choose Secure SD-WAN Over VPN?” to read more about how traditional VPNs are failing to meet the challenges of distributed enterprises and why secure SD-WAN solutions are gaining broad market adoption.