Network security is a high priority for any business these days. With many organisations having a distributed workforce, multiple OS platforms to support, and an increasing number of IoT devices coming into play, managing the security of an organisation’s network and the vital data it carries can be a complex task.
There are a multitude of tools, applications and utilities on offer to help secure your network, but just where do you start and how can you be sure that what you’ve implemented is really keeping you protected? In this post, we take a look at the fundamentals of modern network security to give you a head start.
What is network security?
With so many terms bandied around in the world of cybersecurity it can be difficult to get a clear sense of the scope of such a broad term as ‘network security’. Let’s start by contrasting ‘network security’ with ‘endpoint security’. Whereas endpoint security concerns protecting a device from intrusion and misuse, network security is the same concerns applied to the entire network of interconnected devices in your organisation, and that includes the devices themselves and the data communicated between them, both in transit and at rest.
That definition means that endpoint security is part-and-parcel of your network security – a compromised device can serve as a pivot point into other devices on your network – but there’s much more to it than that. There’s also the question of how you control both users and devices within your network and how you detect and respond to anomalous behaviour.
Network security also incorporates the policies and procedures you put in place to protect your assets such as password management, two-factor authentication and even three-factor authentication such as fingerprint identification and facial or retinal scans.
Importance of network security
Once upon a time, an organisation would put up a firewall and conduct all its activities behind that supposedly impenetrable wall. However, as organisations have changed their practices and attackers have changed their tools, tactics and procedures, simply relying on a firewall has become increasingly inadequate.
With many organisations now using or moving to cloud or hybrid cloud technology, mobile devices and remote workers, as well as communication across time zones, it’s simply not realistic to expect all your users to be sitting cosily side-by-side on a corporate network.
More importantly, relying solely on a firewall presents a single-point of failure. Aside from the denial of service attacks against your perimeter, modern networks are under increasing risk of being penetrated through supply-chain attacks, DNS hijacking, phishing and spear-phishing campaigns and fileless malware, to name just a few. The modern threatscape essentially means that security needs to be distributed throughout your endpoints, rather than concentrated around the edges with a few supposedly “iron boxes”. If not, your network becomes entirely vulnerable once that thin outer layer is penetrated.
Network security is also not just about external threats, but also the misuse or abuse of data and company assets by internal threats, too. For example, nearly a third of all data breaches in the healthcare industry have been attributed to insiders, either from wrongdoing or human error. In the financial sector, some 60 per cent of cyber-attacks have been attributed to privileged users, third-party partners, or malicious employees.
How does modern network security work?
Because of the need to protect at more than just the perimeter, modern network security takes a defence in depth approach. It all begins with visibility because you cannot protect against a threat that you cannot see. Therefore, modern network security requires that all endpoints have protection that offers admins the ability to see into their traffic, including encrypted traffic, as many threat actors have already moved to using SSL certificates and https connections.
Once you have visibility, defence in depth can be applied by first thinking about prevention. Ensure that access control policies are in place that will block unauthorised use, and limit the access of authorised users to the assets that they need. If you have, for example, a network with a bunch of IoT devices connecting to it, there’s really no need for those devices to access large parts of your network that are unrelated to their intended functions.
Devices should also have security software that incorporates application Firewall controls. This allows the network admin to manage permitted traffic to and from every endpoint. On top of that, device control to prevent attacks from malicious USBs and other peripherals is also an essential part of protecting your network through securing ports that can be physically accessed on your endpoints.
After prevention, the next layer of defence in depth is detection. That means looking for and recognising anomalous behaviour. The best way to do this is through behavioural AI software, but beware that not all “Next-Gen” security solutions are created equal. Just how effective they are depends greatly on the datasets the AI has been trained on, rather than any particular algorithm.
A modern approach to network security means realising that breaches are sometimes going to happen. The attack surface is so vast that it would be naive to think that your prevention and detection is undefeatable by a determined attacker. Therefore, you need a response plan, aided and abetted by security solutions that can take autonomous action to remediate threats when they are detected.
In the longer term, think about how you can incorporate a DevOps or SecOps mindset into your organisational management. With these kinds of approaches, network security becomes an intrinsic consideration at every level of decision-making.
How can network security be tested?
It is important for your organisation to deliver services customers and employees demand, but to do so you need to protect your network. Good network security not only helps protect your IP and customer data, it also protects your reputation. By combining multiple layers of defence throughout your network – not just at the perimeter – with appropriate policies, controls and a Next-Gen endpoint security solution, you can give authorised users access to the network resources they need while blocking those trying to carry out attacks.
Mandeep Sandhu, Principal Solutions Engineer, SentinelOne