Hi everyone. It's Ed Amoroso, and I want to show you in this video kind of an interesting progression in the design and representation of an enterprise perimeter. Now, if you work in a business, you probably have to deal with something called an auditor, it's a third party individual who may work in your company. But if somebody is going to come take a look at what you're doing, provide oversight, and make sure that, for example, you have the right controls in place to protect the business. Turns out, that that auditor is going to demand evidence that you're protecting things properly. And what every cybersecurity team does first is they show a picture to the auditor that looks more or less like we've got on the screen here. It says Enterprise Perimeter, say, Perceived, you can see that it's disallowing external access. This is the intention of every enterprise security team, to have an enterprise perimeter that keeps little malicious intruders that want to come in off the enterprise, they bounce off. It's kind of a funny picture that we show, that like almost like a little electron. And if we show activity going on inside the company, like trusted internal enterprise access, and we're showing traversal, it's all internal, you can see that the clear circles represent trusted users in the enterprise, and the filled-in circle on the outside bounces off. I don't trust that. This is what you show your auditor, this is what we all would like to be the case. But there is a gigantic problem, something that I think we've alluded to in other videos, if you've been with us for other videos. And it's something that can be characterized by this drawing. The reality is that a modern perimeter has all sorts of breaks in it. Let's go through them one at a time. So, e-mail. You're going to have to have an e-mail gateway. I mean, you can't operate in today's environment without allowing e-mail into your users. So anybody anywhere, for the most part, can send an e-mail to pretty much anybody in your company, that's the model that businesses and all of us use. So you're going to have to put a little break in the perimeter. You're going to have to say, "Well, in a firewall or in a gateway, if it's e-mail, I got to let it in." So that's one place where the electrons are not bouncing off. Second, you might have outsourced vendors. You might have decided that the helpdesk in your company is best served in some country, maybe a country where you live, you may actually work in an outsourced center. And you have the experience that, for your client, you are logging into their network, right? You're connecting in. They're looking at the network you're sitting on, looking at the source IP address, and they've got a rule that's allowing your source IP address to hit their, say, identity system that's going to ask you for a password. But that's in the enterprise. Just the fact that you have the right source IP gets your packets in, and then they're going to ask you, "Who are you?," password might be two factor, or whatever it is that you're used to doing if you work in that environment. But again, it's a break in the perimeter, packets are coming in. Third possibility, remote access. I remember years ago, we used to assume that maybe 10-12% of a typical company might be working from home at any given time. How crazy was that? This must have been 20 years ago. Now, you have to assume that it could be 100% of the company trying to remotely access your resources on your network from home. Weekends, it seems like everybody works on weekends now anyway, or from Starbucks, or in airports, or at home, or at night, or whatever. Sometimes even from the office, you might be sitting in your office and instead of connecting to the LAN, you might be using remote access into the network just because it's more convenient. But that also is a break in your perimeter, it's not electrons bouncing off. Another one is web. Look if you have a web server that's hosted in a data center and you want your customers to hit your web server and maybe you do commerce. They're coming in, their browsers are pointing in, they're getting in, right? I mean, let's face it. How about partners? Do you have any partners that you're dealing with? Might have a venture you're working on, or maybe a law firm that you work with where you're exchanging different types of things. You might give them direct that you get the idea. And then there's a bunch of unknown gateways that you may not even know about. Look the reality is, that if you accept that this is really the way a business operates, then this picture is really how your perimeter is set up. It's a much more accurate representation of a typical enterprise scale, there's little cuts in it, little holes in it, you follow? So, we started by saying, I had this beautiful oval, an electron bouncing off of it, and I showed my auditor that. And I was hoping that everything would be just great. The reality, however, is because I have to do so many different types of things in an enterprise, I need to support so many different types of services and capabilities and remote access and business conditions, that I really end up with something that looks like this. And I think that may help you understand why a typical enterprise business is being subjected to some pretty significant and successful cyber attacks. If you've got holes all over the place, you shouldn't be surprised when somebody is breaking into your business. Now, to kind of test your understanding, a little quiz here. You can make the case for a couple of them. I mean certainly, anything is better with more management, but I think the best answer here is fewer services, so A. The reason I think that's what I want you to focus on is that the idea is, we'd like to simplify the kinds of things we're protecting with the perimeter. Nothing wrong with a perimeter concept. It's when there's so much going on on the inside that I have to open all these doors that actually expose everybody to these problems. It's like, I get a problem way up here in the top corner, and down here in the bottom opposite corner, I feel the effect because I've got lateral traversal, I have trust between the things that are inside a perimeter. You'd like to think it would make more sense if they're different workloads to break them up. I've given you the image in other videos as we've talked together of elephants and mosquitoes. So if a perimeter is a big elephant and I have a gun and I want to shoot the elephant, boom, I shoot it and it falls down. But if I break the elephant up into a lot of little mosquitoes and I give you a gun and say, kill the mosquitoes, you can't kill the mosquitoes with one gun, right? So this idea of a big perimeter having all these problems should get a little bit of a hint that maybe the correct approach here is to think about distributing your systems and breaking systems up into smaller components. That's going to be a more powerful approach to doing cybersecurity. We'll see you in the next video.
