(and they don’t get in the way of business either)
The elevated levels of cyber threat activity that now occur on a daily basis are leading most network security teams to adopt a zero-trust model. In other words, don’t trust anyone or any device that tries to access the network. Not even loyal employees are above suspicion.
Anyone requesting network access should go through a verification process before being granted access. This requires separate access controls, authentication, and validation procedures to be implemented at various points in the network.
With this approach, user accounts, applications, processes, and other network elements can be safeguarded properly. To augment this type of strategy, you can utilize tools that do not hinder network performance or cause inefficiencies for end users. After all, they have a job to do!
How can I protect my network from malicious activity?
It’s a question that many network administrators are asking. The first step is to understand the various network security solutions available and how they can help. That’s why we’ve outlined seven tools that help organizations protect their digital assets without getting in the way of business. We also provide some best-practices to consider and key attributes to look for to help identify the solutions that will elevate your security posture.
- Network Access Control (NAC) executes authentication for all end users and devices—both wired and wireless. It’s critical to authenticate every user and every device that tries to connect to your network, keeping in mind that most end users have more than one device, and some devices are shared by multiple end users. If you use a tool that has open APIs, it can talk to multiple devices from multiple vendors. Make sure the NAC can integrate easily with other security solutions in your network so it can pass along authentication to other devices and enable them to become user-aware. For example, your NAC should talk to your firewalls so it can share information such as the user’s IP address and the segments of the network the user is authorized to access.
- Next-Generation Firewalls have earned the “next-generation” designation because they can incorporate multiple aspects of security, instead of just the basic, traditional firewall protection. These tools go beyond blocking unauthorized end users based on IP addresses and enable you to designate safe user groups and user names. You also benefit from intrusion protection and detection, URL web filtering, and SSL traffic decryption/inspection. Next-generation firewalls are also aware of who is crossing your firewall and what they have access to, and they can limit the access of each user based on the information they receive from your NAC.
- Web Application Firewalls (WAF) have traditionally monitored external customers using an application hosted by your website and offer protection against SQL injections and other attacks. These devices are still adopted widely because they are now primarily software-based, which advances their capabilities to be on par with real-time application self-protection (RASP) technology. Software-defined WAFs allow you to add a small piece of code to a web application. The code checks traffic and runs analysis in the cloud, letting you know if you should block or allow each attempted connection. The best part is that software-defined WAFs enable changes and updates to be applied to a small piece of code, so the chances of application performance being affected are slim.
- Lateral Movement Detection includes network traffic analysis tools that look for anomalous behavior so you can identify and mitigate malicious connections that may get by your NAC and firewall. It’s an important layer to a network security strategy because no perimeter defense can offer 100% protection. If someone slips past your firewall and gets a user to download malware, it may be difficult to detect the anomalous activity unless you are monitoring traffic. A key aspect to consider in evaluating a traffic monitoring tool is the machine learning algorithm, because it’s this feature that controls the threshold for false positives. It’s inevitable that you’ll experience some false alarms, but when there are too many, they distract the security team from investigating real threats. To find a solution with a strong algorithm that does not generate too many false positives, run a proof-of-concept for at least two weeks to see how it performs. Lateral movement detection tools also help you determine if anyone is jumping from machine-to-machine on your network. This is particularly helpful for flat networks that utilize a reduced number of routers and switches. Attackers who break into a flat network can easily jump from one part of the network to another, staying ahead of your scans. Detecting lateral movement will help you find adversaries moving around your environment and network monitoring analysis tools can help you find insider threats. You can also trace how malware spreads, making it easier to contain.
- DDoS Mitigation protects you from distributed denial of service (DDoS) attacks that use hundreds or even thousands of devices to send large amounts of traffic to overwhelm a server. When that happens, web sites and applications become unavailable, or worse, entire organizations go offline. As a result, you risk loss of revenue and customer churn. Many businesses rely on their ISP to prevent DDoS attacks, but some ISPs have better threat detection and mitigation capabilities than others so the level of security varies. Adding to the uncertainty of protection is the fact that ISPs don’t have good visibility into your applications and their use, so they don’t have the ability to determine which traffic is legitimate, so all users and traffic are blocked until an attack is thwarted. But the leading DDoS mitigation solutions are able to block only the attack traffic so that legitimate traffic can pass through the network. So, while the attack is being mitigated, the business continues as usual.
- Deception Technologies are the evolution of the honeypot, giving you a way to trick attackers with decoy servers, workstations, and user credentials. Businesses used to rely on honeypots to distract cybercriminals into spending their time in a place where they couldn’t do much harm. But attackers have caught on and know a honeypot when they see one. Today’s deception technologies feature decoy devices that you can place within a production environment. For example, if you have a /24 subnet that can host 254 devices, but you are only using 100 of the IP addresses, you can use the other 154 unused IP addresses as virtual decoys that are vulnerable to attacks. If a decoy is attacked, you will receive an alert and be able to investigate the incident and possibly find out “who done it.” So look for decoys that capture information on the methods used to compromise the network so you can stay one move ahead in the cyber war.
- Network Segmentation makes it more difficult for cybercriminals to freely navigate your network, which is relatively easy for them to do in flat networks. If you carve the network into several segments, you can protect each one with a firewall that enforces authentication. Think of a single-road town vs. one that’s broken into many streets, and has a toll booth at the beginning of each block. Besides making it more difficult for a cybercriminal to navigate the network, it’s easier for you to isolate and quarantine an attack. Small segments also allow you to control the flow of traffic and create zones where users are authorized and unauthorized. However, the goal is not just to create as many segments as possible. In order to segment the network effectively, the method should be based on a strategy that incorporates factors such as the criticality of the servers, the type of servers, and who should have access. In addition to improving network security, network segmentation can also improve network performance. For virtual environments, look for a solution that offers software-defined network segmentation.
The Next Step in Bolstering Your Defenses: Ecosystem Integration
Now that you’re familiar with the tools that can come together to fortify your cybersecurity infrastructure, you’ve probably recognized the common thread. To optimize the performance of the seven key tools, it’s important to make sure they can interoperate with one another so you can create a security ecosystem. The tools should all interconnect and report back to a centralized system for a single plane of glass view. The more information that is shared, the more intelligent each tool becomes, making it easier for them to protect your organization from attack.
It’s also important to link your security ecosystem to external threat intelligence services offered by the leading security vendors. Sharing threat information with other businesses helps everyone learn about the latest threats and cyberattack techniques. By helping our industry peers build a better knowledge base, we are unified against the unseen entity that continues to evolve and strengthen as it grows.
For further information on deploying the right mix of security tools to protect your business, visit