Infrastructure Security

In most enterprises, network-level infrastructure security consumes the bulk of resources in an infrastructure security program. The network level is generally considered the largest and most vulnerable of the enterprise when it comes to security risk, and as such there are an abundance of available tools for protecting the network level than at other levels.

Cloud infrastructure security, as the name implies, involves the protection of assets based in the cloud. Rather than existing as one of the distinct levels of infrastructure security outlined above, cloud infrastructure security spans a multitude of security levels, including the network, application and data levels. Only the physical security level, by definition, is exempted.

Some of the most common infrastructure security threats in the market today include:

• Phishing: Phishing remains one of the most pervasive and damaging threats to individuals and enterprises alike, growing in both quantity and complexity while no longer easy to detect. The goal of phishing attacks, however, remains the same: to separate users from their login credentials, which attackers then use to access corporate resources, steal funds or intellectual property, or wreak havoc on the enterprise. Phishing attacks skyrocketed throughout the pandemic, ranging from COVID-19 relief scams and impersonating the CDC, to the lure of small business loans and tax extensions.
• Ransomware: This type of attack involves malware installed on the corporate network, which then encrypts targeted data and is held for ransom by the attacker. If the ransom is not paid, attackers will prevent the victim from accessing their files. Even if the ransom is paid, there is no guarantee that system functionality will be restored. Ransomware attacks are becoming more common and widespread; in June 2021 a ransomware attack crippled the networks of hundreds of businesses by targeting a software supplier and using it as a conduit to spread through cloud-service providers.
• Botnets: Botnets have historically been used to launch distributed denial of service (DDoS) attacks. In more recent years, botnets have been used for surreptitiously mining cryptocurrencies, as well as targeting IoT infrastructure. Enterprises that have fallen victim to this type of attack are often unaware that their resources are being exploited, sometimes for years. Cloud-based resources are particularly vulnerable to botnet attacks.
• Physical theft: It doesn’t matter how secure your infrastructure is from cyber threats if it is not effectively protected by physical barriers such as locked doors, fences, alarm systems and security guards. To that end, a stolen laptop belonging to a medical facility exposed and potentially compromised the personal information and health data of 650,000 patients.

There is no universal definition of the various levels or categories of infrastructure security, but in the enterprise, one common way to look at security includes securing the following four levels:

• Physical Level: Infrastructure needs physical protection in the form of locked doors, fences, backup generators, security cameras and the like. Failover plans that locate backup equipment in another part of the world are also a part of a physical security strategy.
• Network Level: At its core, network security protects data as it travels into, out of and across the network. This includes traffic encryption, whether it is on-premises or in the cloud, proper firewall management and the use of authentication and authorization systems.
• Application Level: Security also needs to be considered at the application level. This includes protection of databases against attacks such as SQL injections as well as the hardening of other applications against unauthorized use or malicious exploits.
• Data Level: At the lowest level of infrastructure security, data protection must be considered, no matter where or how it is stored. This includes data encryption, backups and anonymization tactics where they are appropriate.