Network Security Lessons from the World Cup

The FIFA World Cup 2018 is well under way in Russia, with the 32 top national teams all vying for the chance to be crowned as the best on the planet.

Soccer is known as ‘the beautiful game’ for good reason, with dazzling athleticism, slide-rule passing and impossible-looking goals which can decide the outcome of a match in an instant. It has a constant ebb and flow of defence versus attack – very much like the battle of network security teams versus hackers and cyber-criminals. So what network security lessons can enterprises learn from the World Cup?

Preparation is vital

For the teams participating in this year’s tournament, preparation started months or even years before the first match kicked off. Scouts will have been dispatched to watch opposition teams’ warm-up games, to assess their strengths and weaknesses. And with the tournament underway, the coaching staff and players are now working tirelessly to map out their tactics in an attempt to gain an upper hand, and have full visibility of what they’ll face once the referee blows his whistle to begin the match.

This level of planning and visibility is also critical in the battle against cyber-criminals. Having full visibility of the network and application connectivity enables security teams to respond to incidents more efficiently and effectively. Blind spots on the network – especially as organizations move towards next-generation technologies such as cloud and SDN – can delay investigation of incidents after the initial alert.

Playing the game

With their game plan, teams will step-out onto the pitch in front of tens of thousands in the stadium and hundreds of millions worldwide, prepared for what lies ahead. They know their opposition’s strengths and weaknesses as well as their own, and what tactics they need to use to win.

Despite this, the beautiful game can be unforgiving. One mistimed tackle can see a key player sent off and his team reduced to ten men. A mis-hit shot can see a chance to win the game go begging, and a misplaced pass can gift the opposition the winning goal. All the hard preparation work can be undone by one simple mistake.

This is no different when it comes to network security. A simple mistake by IT and security teams when network devices or policies are configured or changed as part of the daily routine of network management, can leave an organization vulnerable to a cyber-attack. Even though the teams may process hundreds of these change requests per week, mistakes can and do happen, especially when there is manual processing involved.

All it takes is mis-keying an IP address, or the syntax in a firewall rule, and you may have inadvertently created a gap in your network defences which lets the cyber attackers in.

However, unlike on the soccer-field, there is a solution: automation of security policy management, which slashes the risk of accidental errors. Every time a new firewall rule needs to be added to the network, or an existing rule needs to be altered, automation tools will assess whether the change introduces new risks or is overly permissive. This eliminates guesswork and human error, and self-documents the entire change process to provide a clear audit trail, accountability, and compliance.

Reacting to attacks

Key to any team’s success in the competition will be their ability to defend against attacks. This will entail defenders making sure they nullify opposition attackers; that midfielders track the runs of their opposite numbers; and that goalkeepers react quickly to prevent the ball from going in. And those teams that will advance the furthest in the competition will limit attacks at the earliest opportunity, focussing their efforts on preventing the most dangerous opposition players from impacting the game.

In network security, responding to attacks is equally critical, as organizations are faced with daily deluge of security incidents and cyber-attacks that they must defend against. To respond to this effectively, security teams need business context in order to assess the attacks that pose the highest risk to their defenses.

This approach connects the technical network parameters related to a security incident to the actual, real-life, business processes and applications that the incident may impact. Through this linkage, security professionals can prioritize and address incidents quickly, weighing up the security vs. the operational risks of potential business downtime.

By taking these lessons from the World Cup this summer, organizations will be putting themselves in a great position to win – and keep on winning – at network security.