Network Security

How to Build a Better Security Posture Post-Pandemic

What a whirlwind of a year it has been! Covid has accelerated digital transformation — but also made painfully obvious the data center’s continuing security vulnerabilities. We’ll explore VMware’s data center security insights and solutions at RSA Conference 2021.

Ah, 2020, a year we won’t soon forget. Initially, I know a lot of us had planned to work from home more frequently, given our ability to be physically anywhere with internet access, but who would have thought we would be forced to? I’m thankful we are in an industry that supports and encourages us to be mindful of our health and safety. And so, while conferences like Black Hat and DEFCON (“hacker summer camp”) are moving towards a hybrid model allowing a limited number of attendees to be physically present, I am choosing to stay home and participate remotely.

Why We’re Here

I am confident the underlying theme of the ’cons this year will be how the global pandemic, by requiring us to socially isolate, has forced innovation in the way we work. This has had a profound impact on the industry — accelerating us into a digital transformation that relies on cloud and other technologies. A transformation a lot of us were not ready for — but should have been prepared for. The internet is now our backbone and critical to our business functions, even as proliferating consumer devices and personal networks provide an easier and larger attack surface for adversaries.

Among the security topics around the global pandemic, you’ll no doubt hear about how ransomware has more than doubled, and about how supply chain compromise is the (not so) new hotness. While these issues have now bubbled to the surface, really they’ve been here all along. According to the Accenture Cybersecurity Report, the average duration of an attackers’ dwell in a network is 78 days. 78 days! Additionally, as seen in the 2020 Verizon DBIR Report, 40% of breaches are indirect. Can you believe this? Just imagine the potential damage.

The Bigger Issue

What makes the blue-teamer in me even more disappointed is that these issues have not only plagued us and our community for years, but the tactics, techniques, and tools the adversaries employ are not new. Don’t get me wrong — the overall campaigns are very sophisticated, and the average dwell time in the network is astonishing. But I can’t help but wonder what today would look like if we had followed even the most basic security hygiene principles for hardening servers and done the due diligence of proactively assessing risk to third-party vendors in our supply chain.

The Big Lesson

If this global pandemic teaches us anything, it should be a lesson in humility. I do see glimmers of hope, as we continue to share what we have learned — the hard way — but we also need to address, understand, and embrace the mindset shift required to prioritize a security-first approach. This is not only on us as individuals — it’s a call to action for leadership as well. We need to fundamentally challenge the security status quo.

Let’s Jump In

Grab a beverage and let’s sit down together. It’s RSA Conference 2021, and I call this session the Ultimate Data Center Survival Guide. It’s a story about the enterprise security journey, where it’s going, and how VMware tackled security in the context of digital transformation during the pandemic. You’ll also get a sneak peek at the critical issues our customers face via threat insights from our 2020 Threat Landscape Report.

Watch the session on-demand now.