Military-grade security focuses on isolation and action

SAN FRANCISCO – At RSA Conference 2016, Dan Amiga, CTO and co-founder of Fireglass and former intelligence software security architect for the Israel Defense Forces, described a number of ways for enterprises to reach military-grade security on their networks — and it begins with adopting a zero-tolerance policy.

Amiga said there is a fundamental gap in how the private sector views cybersecurity compared to the military. In the private sector, productivity is often considered before security, Amiga said, but in the military, it is always security first.

“What’s common with [private-sector security products] from the endpoint to the cloud, is that they are decision-based systems. They look at packets or transactions or files, and they have to decide or differentiate between good stuff and bad stuff,” Amiga said. “When the engine has to make a decision, the engine sometimes is wrong. And, when the engine sometimes is wrong in our world, it’s either false positives or false negatives. You get breached at the end of the day.”

Amiga said this is not the case in military-grade security. There are no decision points because of the zero-tolerance policy and the only thing to do is build systems where the content itself enforces security policies.

In terms of data transmissions over a network, Amiga said the very fact that data is given transit through the network creates an attack surface despite the common use of VPNs or firewalls. Amiga pointed out that everything “from packet manipulation, malicious responses, utilized protocol vulnerabilities — either level three, level four or application protocol vulnerabilities” connect attacks to the inside of an enterprise network.

Amiga described ways to reduce this attack surface. First would be implementing one-way links between nodes when two-way communication isn’t needed. This could be done either with a hardware-based one-way link, by configuring systems with a response size of zero, allowing only ACK responses, or by using promiscuous mode to send data to a “no man’s land” and transparently sniff packets to be sent through to the intended recipient.

Where an enterprise needs two-way communication, Amiga said protocols can be big, complex and hard to analyze, and suggested moving from an open system to a closed and well-defined system where an intermediary only connects specific nodes or only allows specific HTTP verbs and headers.

Amiga admitted that the Internet is essential to the enterprise and browsers are the number-one productivity tool, but it is impractical to completely separate Internet-connected machines from those with access to an internal network. Amiga said that as browsers add features and become more like operating systems, the attack surface continues to grow with flaws in HTTP, plug-ins and more.

“The way we have addressed that today is by placing an intermediary, a proxy intermediary in the middle. It’s very hard to implement a proxy intermediary that inspects. A decision-based engine would lose because of the fast pace of the Internet,” Amiga said. “Instead of analyzing the content and making a decision, we act on that content.”

Amiga said the way to do this with military-grade security is to do the browsing remotely. The idea being that the content from the Internet doesn’t reach the browser and all threats would detonate on that remote server. The only thing coming through to the browser is a visual feed.

“The basic idea is that if you do remote browsing, it’s extremely harder to get intel on the application and it’s extremely harder to bypass because we just broke the HTTP model and we broke the HTML model,” Amiga said. “There’s no HTML on the client aside from the image.”

Amiga said the way to handle files is much harder. While he admitted that it can be easy to prohibit executable files from running, content is much more difficult because organizations can’t stop workers from downloading Word documents or Excel files.

In this case, Amiga suggested that on top of requiring files be remotely viewed, enterprises could add a layer in which a document is reconstructed and converted.

“A very important step is reconstruction and sanitization of the file,” Amiga said. “If you take a docx format [for example], at the end of the day [it’s] just a bunch of XML files in a zip … that … could include macros, code, executables, malicious content [as well as] what we want — just the layout and text.”

In the process, the docx would be sent through reconstruction and translated into HTML while removing any malicious content. Every file would be scanned and acted upon under the same military-grade security policy of zero tolerance.

Next Steps

Learn why the U.S. military uses virtual mobile applications.

Read about using network traffic analysis to prevent advanced malware attacks.

Learn how to set up your organization’s system for the most effective network security possible.