Alex - Fotolia
Network security has, for decades, remained one of the more focal aspects of IT management strategies. It consists of the policies and practices that businesses implement to protect their computer networks from cyber attacks. Such strategies are responsible for stopping people from accessing and modifying networks without the...
permission of system administrators.
Most cyber security professionals agree that every business needs some form of network protection system in place, or they risk falling victim to cyber attacks.
It is also widely believed that these are the most effective protections against malware. Often, IT managers use network security procedures to control who can see and use company data. Usually, employees will need an ID and password combination to be able to get into company networks.
Traditionally, there have been two types of network security: public and private. Normally, private networks are reserved for use by employees within the company walls.
Meanwhile, others are designed for public use. Whatever the case, public and private security systems serve the same purpose – and that is to secure business networks. However, much of this technology has remained the same for years.
Cyber security threats are constantly growing in complexity and volume, and business networks continue to be lucrative targets for hackers. So companies need to have the most effective network security strategies in place to counter sophisticated attacks.
With the emergence of powerful detection and response capabilities, companies should be rethinking their network safeguards to change with the times and counter the ever-evolving attacks used by cyber criminals.
The rise of cloud
Businesses are increasingly investing in cloud computing technologies, with network security strategies are evolving greatly as a result. Neil Thacker, European chief information security officer of US security software firm Netskope, believes that organisations cannot simply focus on protections for physical networks.
“As infrastructure and applications move to the cloud, the focus on network security moves to the cloud too. As a CISO, my role is to mitigate the risk, which results in ultimately following the data – how we connect, interact and collaborate with data relies less today on physical networks and more on client to cloud services,” he says.
Thacker is developing a more tailored cyber security strategy that is specific to today’s threats. Instead of trying to cover all areas, he is focusing on the layers that affect his company’s cloud infrastructure.
“The traditional seven-layer OSI model has therefore been replaced with three layers: identity, application and data. In summary, organisations must have better visibility into these three layers without necessarily prohibiting the use of services that businesses rely on,” he says.
“Cloud is not just the future, it’s how businesses work in the present day. Therefore, the security of these services and the data that resides in them must form part of a CISO’s principal strategy,” he adds.
Corey Nachreiner, CTO of cyber security firm WatchGuard Technologies, agrees with Thacker that strategies are changing as a result of cloud, virtualisation and mobile computing technologies. However, he believes that network protections will constantly be crucial for businesses.
“Independent of its evolution, network security is and will always be relevant and necessary. While our network designs and perimeters are changing due to the cloud, virtualisation and mobility, the network is still there and its protection will always be critical,” he says.
Nachreiner believes that, as an area, network security is always evolving to keep pace with new technologies and threats. He says it helps to “reinforce detection and response” considerations.
Corey Nachreiner, WatchGuard Technologies
“Historically, IT organisations have focused more on preventing threats and less on discovering ones that got through their defences. With huge breaches proving that no defence is infallible, we are seeing more organisations shift some budgetary focus to detection and response,” he says.
“The problem is neither the endpoint nor the network can always catch all the stages of an attack. For instance, fileless malware often evades traditional endpoint protection. Meanwhile, some network attacks use techniques to bypass certain network protection measures.
“The best detection and response solutions actually correlate suspicious network events with suspicious endpoint events to find malware or threats in your network that you couldn’t find otherwise.”
Scott Crawford, an analyst at 451 Research, says network security “remains primary” in any truly comprehensive security strategy: “Network security provides the visibility into network traffic and content organisations need to be aware of threats or activity that could cause security problems.
“It can be examined at a high level for security-relevant trends or – when warranted – inspected in detail for specific indicators of suspicious activity or potential risk.”
However, Crawford admits that the field is evolving. “That is not to say there haven’t been changes in the nature of network security. With the shift of datacentre activity toward cloud concepts, third-party providers have taken on more of the functions traditionally handled in the enterprise datacentre, which has shifted some investment, including that historically allocated to on-premises networking and network security,” he says.
While the definition of networks has changed dramatically over the past few decades, the importance of securing them has remained the same.
Alex Ayers, head of application security at information services firm Wolters Kluwer, says the objectives of network security have endured time. But he admits that it is particularly crucial for companies that develop network infrastructure as a service (IaaS).
Ayers believes that the most modern and effective strategies “balance performance, reliability, scalability, supportability and security”. At Wolters Kluwer, he has implemented a layered approach to stop cyber criminals from infiltrating the company’s systems.
“Perimeter controls restrict the traffic reaching our applications and network segmentation is used to isolate service infrastructure components. Supporting the architectural and technical controls is a security monitoring layer which, while often seen as an insurance policy, provides data that can be used to augment service health and performance indicators,” he says.
Through these different layers, Ayers says his company is able to “deploy, tune and replace discrete specialised technologies in response to changes in threats or business requirements”.
“Corporate network boundaries are a thing of the past. Today, we balance a corporate network, a production network, and a host of SaaS [software-as-a-service] offerings to run our businesses and maintain a competitive advantage,” he adds.
The importance of balance
Collaboration software firm Slack, like many other businesses, relies on a range of traditional network security mechanisms to tackle cyber crime.
Geoff Belknap, chief security officer at the company, says these continue to be effective for the firm, but the company has also had to invest in more modern detection and response technologies in recent years to keep ahead of increasing threats.
“Slack uses a combination of common technologies such as firewalls and network based intrusion detection, as well as modern network and endpoint-based malware detection methods. We monitor all network traffic at the kernel level to gain insight into how our services communicate and to detect potentially malicious traffic,” he says.
Belknap also questions the trustworthiness of every network. This way the company is able to probe for potential security risks. “We are also big believers in the beyondcorp/zero trust school of thought. We don’t assign any trust based on the source network that a given device’s request originates from.
“We treat all our networks as untrusted. Instead we make device identifiers a key component of our security, which allows us to make more accurate decisions about access control and make more informed decisions about suspicious activity,” he adds.
Julie Cullivan, chief information security of network security company ForeScout, says companies need to develop a deeper understanding of existing and emerging security risks. “An important first step in securing an enterprise network is understanding the cyber threat landscape and the challenges IT teams are facing,” she says.
“At a time where devices making up the internet of things become increasingly prevalent in industrial settings, enterprise security teams often struggle to see how many devices are connected to their network.”
Like Belknap, Cullivan believes that companies should take comprehensive network security approaches, adding: “Implementing a model that includes understanding any time new devices and new types of devices join a network is essential for managing your security risk posture.
“Factory passwords should always be changed, endpoint access to networks should be managed and in some cases restricted, and devices should always run the latest software and security updates. While some of these might sound trivial, cyber criminals will always try to identify and exploit the weakest link in a network,” she says.
Fending off attacks
Hervé Dhelin, senior vice-president of strategy at networking firm EfficientIP describes network security as a “make or break scenario” for companies. He says it can help them identify and respond to new threats, even if the source is untraceable.
“Having the right tools to launch the appropriate countermeasure is crucial. The recent example of the cyber attack of the Winter Olympics shows how important it is to have network security in place to be prepared to mitigate a large volume of possible attacks,” he says.
Specialising in domain name system (DNS) and cloud protection, EfficientiP works with companies such as Netflix, eBay, Orange, the London Stock Exchange and Vodafone. But it has also been helping large universities, hospitals and sporting events to ensure that their networks are unbreakable.
Roland Garros (the French Open) is another high-profile client of the company. It is using network security products from the firm to protect tens of thousands of sports fans from falling victim to breaches.
“Roland Garros needed to protect its network to ensure continuity of service for the 15,000 seats that may need to access the network,” says Dhelin.
“The French Federation of Tennis understood the importance of having the right tools to mitigate threats that might damage their business, and consequently installed DDoS [distributed denial of service] mitigation to absorb any large volumetric attacks, which could easily be executed thanks to the sheer number of unsecured user devices on stadium premises.
“Even if the FFT is not able to locate the direct source of the attack, they will always be able to ensure their customers – in this case, spectators, journalists, VIPs, and even players – uninterrupted service.”
Franck Labat, IT technical director of the French Tennis Federation, says network security defences are an integral part of the organisation’s cyber security blueprint. With them, the federation can keep its stakeholders safe.
“During a tournament, billions of DNS requests must be solved: more than 3,000 journalists, photographs, VIPs, players and trainers use our network services. We are now capable of avoiding any interruption of service to ensure a high level of availability. The quality of these services is vital to the tournament’s reputation,” he says.
Considering how long network security has been around, it is quite common for people to view it as an archaic part of cyber security strategies. But the fact is that networks play an important role in any private or public organisation, so it is crucial to have appropriate defences in place to ensure that hackers cannot bring them down.
That said, there is a clear sense among companies and IT professionals that network security must continue to change with the times. Cyber threats are becoming harder to trace and tackle – meaning that network security technologies and strategies need to be just as sophisticated.