IT professionals from two or three decades ago would find it difficult to recognize a modern corporate network. Containers, cloud resources, micro-segmentation, and the diversity of external unsecured networks interacting with company networks, are all factors that didn't exist 20 years ago and are making networks more complex and harder to defend.
In this article, I’ll cover four concepts that are becoming critical to network security. Understanding these four core acronyms will give you a better grasp of the modern IT environment and give you the tools to secure a modern network.
Network Security Defined
Network security is a broad term that encompasses a multitude of devices, technologies, and processes. In its basic sense, it is a series of configurations and rules created to safeguard the confidentiality, accessibility, and integrity of computer networks and information. It uses both hardware and software technologies.
All organizations, irrespective of industry, size, or infrastructure, need to implement network security solutions and practices to safeguard their network from a growing landscape of cybersecurity threats.
Network architecture is becoming more and more complex, and network defenders must deal with a threat environment that is constantly changing, with sophisticated attackers out to discover and exploit new vulnerabilities. Vulnerabilities might occur in devices, users' accounts, applications, cloud services, and any other entity interacting with the corporate network.
Given this, organizations must adopt a forward-looking network security strategy with applications and tools that can deal with advanced threats, ensure regulatory compliance, and safeguard the network from threats to availability and business continuity.
Trends in Network Security
Here are some of the hottest emerging trends for managing network security.
The zero trust security model, adopted by some of the world’s biggest organizations such as Google, Microsoft, Oracle, and IBM, as well as by US government agencies and standards bodies, suggests a new way of looking at network security.
Zero trust acknowledges the breakdown of the traditional network perimeter. In a modern IT environment, with so many connected devices, cloud services, and external networks, it is no longer possible to create and defend an impervious perimeter - if there ever was. Zero trust takes an “assume breach” mentality, suggesting that attackers are already inside the network. It mandates that all access requests are strongly authenticated, even from supposedly trusted entities or user accounts, and vetted to ensure that they are legitimate and warranted.
Focusing on Incident Detection and Response (IDR)
The rise of cloud computing and remote work has increased the attack surface of the typical IT environment. With threats becoming more sophisticated, organizations are shifting from a focus on prevention and protection to a mindset of incident detection and response.
Organizations are looking for tools that identify indicators of compromise (IoCs) and reveal the root causes and context of breaches, which is essential for rapid response. The MITRE ATT&CK framework is also likely to be more widely adopted.
Merging NetOps with SecOps
Network operations (NetOps) and security operations (SecOps) can be combined to ensure agile and secure operations. Both teams should share the same set of tools and data to jointly make decisions regarding security, infrastructure, and incident response. This helps minimize the impact on performance.
Establishing a Consolidated View in a Hybrid Environment
Most organizations combine cloud services with on-premise infrastructure, operating multiple systems from various vendors in a heterogeneous environment. However, monitoring this hybrid environment can be complex, requiring the use of different tools and increasing the risk of gaps in visibility.
A consolidated, security-oriented view of an application’s performance is thus necessary. This requires tools that provide visibility across different environments, as well as the combination of cloud-based and traditional network-based monitoring techniques.
1. What Is BYOD (Bring Your Own Device)?
BYOD is a workplace trend whereby employees use their personal devices (laptops, tablets, smartphones, etc.). Allowing employees to introduce their devices to an organization’s IT infrastructure extends the risks and benefits of each device to the network.
Organizations that allow BYOD must incorporate all devices into their endpoint management strategy. Stakeholders must understand what devices are connected to the IT infrastructure in order to apply suitable security measures and minimize legal and financial risks.
BYOD policies often address security concerns by specifying which types of devices are allowed. Employees may be required to install security applications on their devices, especially when accessing sensitive data.
Employees must understand and agree to their company’s policy to connect their devices. Some employees might not wish to join the BYOD program, for example, if certain applications are blacklisted in the BYOD policy. Most employees prefer to maintain separate work and personal lives.
2. What Is Secure Access Service Edge (SASE)?
Secure Access Service Edge (SASE) is an innovative enterprise category of networking technology defined by Gartner in 2019. SASE merges networking and security point solutions into a global, cloud-native service. It is an architectural development of enterprise security and networking, which helps IT teams offer adaptable and agile service.
Solving organizational challenges with point solutions results in technical silos that are costly to own and complex to manage. SASE shakes up this paradigm via an innovative networking and security platform that is cloud-native, identity-driven, and globally distributed. This platform protects and connects all edges (cloud, WAN, IoT, and mobile). It provides resilience via a distributed infrastructure with many Points of Presence (PoPs) worldwide and enables secure access from any location or device to any application.
3. What Is a Zero Trust Network (ZTN)?
A Zero Trust Network (ZTN) is a network that functions according to the zero trust security method. It demands stringent authentication of devices and users wanting to access resources. All users and devices from outside or inside the organization’s private network need to complete this authentication process.
In the IT environment of today, the conventional network security model is no longer enough because systems and data are distributed among on-premise information centers and cloud providers. Furthermore, employees are increasingly moving to remote work. These factors make it almost impossible to carry out security measures within a conventional network perimeter.
Transitioning to a zero-trust security model indicates that no individual is trusted—whether they are outside or inside the network. ZTN solutions verify, on an ongoing basis, that every device and user can only gain access to the resources they require. The solutions are sensitive to location, time, and the nature of the behavior. Unusual activity and access are detected and immediately addressed by security teams.
4. What Is eXtended Detection and Response (XDR)?
Gartner defines XDR as a security incident identification and response platform. The platform automatically gathers and correlates information from multiple layers in the IT environment.
XDR offers correlation and integration of security data gathered at multiple points within your organization: cloud workloads, endpoints, internal network boundaries (east/west traffic), external network boundaries (north/south traffic), and adaptive decoys.
XDR enables extensive visibility into heterogeneous, hybrid networks. This visibility, together with real-time and retrospective threat analysis, use of advanced deception, and use of advanced analytics and machine learning, results in improved detection of evasive threats. It also helps an organization hunt for insider threats and accidental security misconfigurations.
XDR enables alerts to be correlated and integrated, increasing the actionability and accuracy of alerts, resulting in the preemptive discovery of attacks. XDR enables the investigation and hunting of incidents as well as active threat response on a single pane of glass, improving security analyst productivity and reducing the need to train and certify on multiple tools.
In this article, I covered important network security trends and explained four concepts that are critical to grasp for anyone managing and securing modern networks:
- Bring Your Own Device (BYOD)—an official policy by organizations allowing employees to work on and access corporate systems via non-managed personal devices.
- Secure Access Service Edge (SASE)—a new paradigm for enabling controlled, secure remote access to corporate systems.
- Zero Trust Network (ZTN)—a network that uses zero trust concepts to control all connection attempts, inside or outside the network, and originating from both “trusted” and non-trusted entities.
- eXtended Detection and Response (XDR)—a security platform that ties together security events from networks, endpoints, and clouds to identify evasive attacks.
I hope this will be useful as you prepare yourself and your organization for the new reality of network security.