A primer on MESH networks and MESH cyber security
Gergana Kungalova is a Security Engineer for Check Point in Bulgaria. She started her journey in the Cyber Security field as Network Security Support Engineer, working with customers across the globe. In her current role, she is connecting people and processes with technology by matching the clients’ business needs with security solutions and services.
In this amazing expert interview, Gergana Kungalova explains why MESH networks can be more advantageous than traditional networks, she addresses common misperceptions around MESH, and then highlights MESH-specific cyber security measures. Don’t miss this!
What is the core idea behind MESH networks?
The MESH network provides ultimate connectivity between nodes like users, servers/applications, and network components. The main driver for this architecture is to provide reliable access that is not dependent on a single device or route.
Why might an organization choose to have a MESH network over traditional network architecture?
The traditional network architecture was suitable for organizations when they had well-defined perimeters and point-to-point connections. All services were hosted within the data centers and users were working strictly from the office. Nowadays, the demand for mobility and scalability has completely changed the picture. We have services that are hosted in the cloud and/or in the data center. At the same time, our users are roaming and should access these services from everywhere. The new connectivity requirements have increased the complexity of managing networks and security to an extreme degree. Many organizations are choosing the MESH networks as an enabler for flexible and scalable infrastructure. It allows them to reduce the management overhead and cut costs.
What are some common misperceptions about MESH that we should debunk for readers, if any?
The most common misperception is that the MESH networks are more secure. They are more agile and resilient, but they introduce new dynamics in the monitoring and the maintenance which may pose risk of security breach. The nature of MESH networks may increase the amount of time required for identifying breaches, determining which nodes have been affected and what the business impact looks like. Also, the root cause analysis is more complex and time consuming.
It is critical to implement cyber security measures at every point of the infrastructure, in the early stages. The security must be multi-layered and part of the planning phase. A cyber security platform that is consolidated and focused on prevention is the best approach to ensure business continuity within organizations with MESH networks.
Examples of typical cyber security threats seen on MESH networks?
The cyber security threats seen on MESH networks are the same as the threats seen on the traditional networks – vulnerability exploits, phishing attacks, account takeover…etc. The only difference is how they are executed.
How does the decentralized nature of MESH networks impact the design and implementation of robust cyber security measures?
The dynamic nature of MESH networks requires multi-layered enforcement of cyber security. The best-of-breed method is bringing more complexity then benefits – multiple management consoles, no full visibility on security posture, lack of expertise…etc. To address these challenges, we should talk about the concept of Cyber Security Mesh Architecture (CSMA)*.
The CSMA approach focuses on platform security that is collaborative across all components in the customer’s environment and it’s built on the following pillars: Security Analytics and Intelligence, Distributed Identity Fabric, Consolidated Privacy and Posture Management, and Consolidated Dashboards. It means that all security components talk with each other, share intelligence and have one single pane of glass for management. The efficient implementation of CSMA has to be enforced based on user identity and zero trust principals, not on network-based access.
*“CSMA is a concept developed by Gartner to help companies move past siloed security to a more collaborative and flexible approach to security. CSMA is designed to make security more composable and scalable by modularizing security functions and enabling them to interoperate through a set of supportive layers. By making security more cohesive and collaborative, CSMA enables an organization to achieve better security with fewer resources.” — Quoted from Check Point’s What is Cybersecurity Mesh Architecture (CSMA)?
Given the potential for node compromise in MESH networks, what strategies can be employed to enhance the security posture of individual nodes, as to prevent cascading security issues across the network?
In case of compromise, the time spent for identification and mitigation is what really matters, as does determining how big the impact on the business will be. The prevention first methodology has to be incorporated into the cyber security strategy. From my experience, it does not matter as to how many security measures are in place – they have to be configured in prevention mode in order to block the attack. Of course, to cover all possible threat vectors, we should have in place strong encryption, zero-day prevention, anti-phishing, anti-ransomware, vulnerability, and patch management.
What other kinds of tools or technologies can cyber leaders use to monitor for suspicious activities within a MESH network?
Cyber leaders can benefit from integrated AI engines:
- AI integrated within the prevention engines can reduce the time for mitigation, improve catch rate and discover attacks chains in next to no time.
- AI integrated in the monitoring can improve behavior analysis and discover anomalies, provide sophisticated reports, and reduce the time for root cause analysis.
An example of a technology that combines both is MDR/MPR (Managed Detection/Prevention and Respond). It can provide a deeper overview of what is going on in the environment and help to further decrease the reaction time. Basically, it’s providing automation and optimization for how the SOC teams are working with data and dangerous threats.
Is there anything else that you would like to share with the Cyber Talk CxO audience?
Cyber security requires a continuous process of risk management and effectiveness optimization. Building robust architecture requires approach that is collaborative, redistributed within all parts of the environment and focused on prevention.
Stay (cyber) safe 🙂