Alexa 5 things must need for securing modern network

5 things must need for securing modern network

Science & IT

Published: 12:18 10 July 2019  

File Photo

File Photo

There is a saying, “The network is the computer.” It means IT infrastructure was linked together in a loosely-coupled architecture, tied together via networking technologies such as Ethernet cables and the TCP/IP protocol. Thus, it was critical to engineering the network correctly to maximize network availability, performance, and business benefits.

Things have changed since the early 1990s. Some networks live in the cloud, some are virtual, and some rely on application-to-application connections, but networks still connect IT systems together in one way or another.

Amidst this transformation, network security has had to change with the times. There are five things must need to support the modern network. 

End-to-end coverage 

Modern network security controls must be instrumented into all network segments for inspection of east or west traffic, network communications in the cloud, and network communications from remote workers to software as a service (SaaS) applications where the traffic never touches the corporate network. In other words, all network traffic should be inspected. 

Encryption or decryption capabilities 

According to ESG research, 50 to 60% of all network traffic is encrypted in recent times and this will only increase in the future. That means comprehensive network security architecture must include the ability to decrypt and inspect traffic at a multitude of control points. 

Modern network security technologies should also be able to detect suspicious traffic without the need for decryption in all cases. This capability is already included in offerings such as Cisco Encrypted Traffic Analytics (ETA) and stand-alone solutions from vendors such as 

Business-centric segmentation 

Reducing the attack surface should be a primary requirement for all modern network security technologies. This equates to two capabilities- first, segmenting east or west traffic between application tiers, and – second, enforcing software-defined perimeter network segmentation rules between users or devices and network-based services. These capabilities are often vaguely referred to as “zero-trust.” 

Central control plane and distributed enforcement 

This one is a “must-have.” All network security controls (i.e. physical, virtual, cloud-based) must report into a common control plane for management activities (i.e. configuration management, policy management, change management, etc.). 

The central control plane will likely be cloud-based, so CISOs should prepare risk-averse auditors and business managers for this change. Armed with instructions from central command and control, network security systems must be instrumented to block malicious traffic and enforce policies regardless of their location or form factor. 

Note that while every network security vendor will pitch its own central management service, third-party software providers such as FireMon, Skybox, and Tufin may play a role here. 

Comprehensive monitoring and analytics 

As the old security adage goes, “the network doesn’t lie.” Since all cyber attacks use network communications as part of their kill chain, security analysts must have access to end-to-end network traffic analysis (NTA) up and down all layers of the OSI stack. 

The best NTA tools will supplement basic traffic monitoring with detection rules, heuristics, scripting languages, and machine learning that can help analysts detect unknown threats and map malicious activities into the MITRE ATT&CK framework.

CISOs must cast a wide net, as there are lots of strong solutions to choose from pure-play startups (i.e. Bricata, Corelight, DarkTrace, IronNet, Vectra Networks, etc.), networking experts (i.e. Cisco, ExtraHop, NETSCOUT, etc.), and network security vendors (i.e. Fidelis, FireEye, Lastline, HPE, etc.).  Caveat Emptor!

Network security technologies must support granular policies and rules, subject to immediate alteration based upon changes in things such as user location, network configuration, or newly discovered threats or vulnerabilities. 

Organizations must have the ability to spin up or spin down or change network security services whenever and wherever they are needed. Modern network security controls must be able to accommodate the internet of things (IoT) devices and protocols with the same types of strong policies and enforcement as they offer for standard operating systems. Finally, network security architectures must be built around easily accessed APIs for rapid integration.