NetOps in a Rapidly Changing Security Landscape

The development of computing has progressed (and is progressing!) extremely quickly. Simply, it would take too long for us, or anybody, to rebuild all the digital infrastructure we need in a reasonable time frame. So, we “stack” infrastructure contributed over decades by many groups, committees, companies, and individuals around the world. From the browser you use, to the code running on our servers, to the protocols that let the two talk, the magic of the Internet is the result of piling project after project on top of each other to make things happen.

Essentially, software foundations are built upon other foundations in a form resembling a Jenga tower. The daily focus of the OPG NetOps team is keeping our specific section of that “tower” stable and secure, but we are ultimately at the mercy of the layers beneath us, as robust as they may be. So, what happens when those underlying foundations shift or fail?

Recently, we’ve seen a surge in security vulnerabilities reported in foundational web software, including Apache HTTP Server, cPanel/WHM, the Linux kernel, and many more. This has been attributed to the introduction of new AI-powered tooling that can perform huge numbers of vulnerability checks very quickly. The result is that it has become less time consuming, and in return less expensive, to discover vulnerabilities in existing code. Effective strategies must be built upon two principles: (1) defense in depth and (2) rapid deployment.

Defense in depth means that there are multiple layers of protection against threats. So, if one defense is breached, there are others that can pick up the slack, either preventing or containing the issue. For example, a Web Application Firewall can detect malicious bots or requests before they hit a server, while the webserver configuration can defend itself against anything that slips through, and an antivirus may be present as a last resort. If any defense fails, others are present to step in.

Dependency

Rapid deployment, on the other hand, is about improving reaction time to new problems. The ability to push changes to production servers within days has become a recent necessity. Doing so while considering potential impacts, minimizing downtime, testing functionality, maintaining backups, and so on is a complex task. This is why we at the NetOps team are always developing new methods to speed up these processes.

Ultimately, we cannot accept that any foundation is permanent in what is a rapidly changing digital landscape. We cannot escape having to apply updates, install security mitigations, swap out software, switch to new frameworks, and regularly adapt our code to keep applications and services functioning. However, we can evolve by improving our readiness in solving these problems. We can ensure that, as capabilities grow more advanced in taking advantage of vulnerabilities, so do we in our preparedness. That is exactly what we are doing.

Curious what all this means for your business? Reach out to OPG, we’d love to talk with you.

~ Benjamin W.