All Network Security experts (or want to be experts) have heard of, and hopefully used, mesh environments. For example, Palo Alto, Cisco, Fortinet, and Sophos have a mesh. In addition, these organizations give certifications for knowing their respective technologies. More importantly, these security environments meet almost all security requirements today. Mesh environments are intrinsically centralized. What is more, the aforementioned companies, praise their environments.
The most important strength in my opinion is that these environments can use firewalls, switches, access points, etc. in unison to understand, detect, alert, and react to threats. Such aspect is crucial since the Address Resolution Protocol (ARP) is not secure. Because of that, its strength also poses a specific vulnerability – a single point of access to the security of the network, hardware, and software. Before many certified security experts stop reading, understand that decentralization is here to stay.
Unlike Blockchain that solves issues with integrity, security companies depend on IEEE and ISO, for the most part, for compatibility. That (among other reasons) is why SentinelOne, a UniFi switch, a pfSense, Aruba wireless access points, and a Windows domain can be used to provide a secure environment to multiple networked devices. From a security perspective, the previously mentioned environment requires more work to exploit. Of course, a single vulnerability can expose an entire environment. However, securing each component properly adds several layers of security that a mesh today cannot control. Conversely, knowing how to secure all those environments requires more knowledge since each component has a different interface. Nonetheless, the results of a properly configured physical decentralized environment is virtually impossible to fully exploit.
I would like to be clear that the companies mentioned above are among the best in their classes. In the case of Cisco, some of the best intrusion detection/protection systems and network antivirus engines for pfSense belong to Cisco. With malware as a service, ransomware as a service, and other Internet-based crime increasing todays threat landscape, business owners should demand more from their cyber security experts. “In 2020’s second quarter, e-commerce accounted for 16.1% of retail sales, up from 10.8% the year before, according to the U.S. Commerce Department… In 2019, the FBI received 1,300 complaints per day about crimes committed online, a more than 40% increase from the year before. Businesses can expect a similar or greater increase in internet-based crime in 2020 as criminal opportunities expand at a pace roughly equal to the growth of online commerce.” Organizations that are not preparing for this increase are at risk. Is your organization protected from this new landscape?