Attackers Use Obscurity, Enterprises Should Too
As threat actors attempt to remain undetected to carry out attacks, they often use a variety of tools to obscure their identities and activity. Organizations meanwhile leave their networks and activity open for inspection by anyone who chooses to perform basic reconnaissance.
For example, employees directly using the Internet expose their IP address, location and network identity. To make matters worse, most enterprise networks are fixed, static and easily located. This makes any external connection used by a company a potential source of attack for targeting data and systems.
While obscurity is an offensive tool for attackers, it also represents a defensive measure for organizations. Let’s consider the benefits of concealing network infrastructure and activity from the outside world to reduce the enterprise attack surface.
Network privacy is a new and often overlooked concept that can enable an organization to protect its identity, intellectual property, corporate information and customer data while conducting business over the Internet. This approach provides an additional layer of protection that significantly complicates the ability of attackers to identify and attack resources, and breach the network.
Internet Access Privacy can eliminate “footprints” created by user activity. Anyone using the Internet exposes their IP (internet protocol) addresses and network identities, which exposes the organization to attack. Especially high value targets such as law enforcement, banks and national infrastructure providers. This approach prevents tracking cookies, browser fingerprinting, and device characteristics from being passed to target websites. It also enables malware protected browsing, since without access to device information malicious websites won’t upload payloads.
Security through obscurity at the network layer can be achieved by transparently distributing communications within and across multiple clouds using Software-Defined Network (SDN) virtualization and dynamically shifting communications across multiple commercial providers. The use of multi-hop transport makes it extremely difficult for anyone including hackers or search engine optimization companies to determine actual user information, and origination location and identities.
Meanwhile there are several techniques available for concealing user activity on the internet. These include browser plug-ins, virtual desktop and Open VPN implementations. They can obscure enterprise information, origination location and identity, and enable enterprises to confidently conduct secure business on the internet.
The enterprise needs to make it more difficult for threat actors to know what their priorities are, and discover their offensive activities. Network privacy is a fundamental concept that should be applied to all sensitive operations including incident response, threat hunting, and fraud investigations. It’s time for the good guys to start using the same tactics as attackers in order to level the playing field or even gain a competitive advantage.