Securing an organization’s computing environment from malicious external actors is a critically important and extremely complex undertaking. It demands a comprehensive approach that incorporates all aspects of the enterprise IT landscape. This includes securing all applications and databases with strong passwords and authentication procedures, encrypting data resources at rest and in transit, and keeping software products patched and updated.
Protecting your network is an essential component of a viable security initiative. In the case of external threats, the network is the most likely entry point into your organization’s infrastructure. While phishing emails delivering malware may also be an avenue for gaining access to your systems, many attacks are conducted directly against the portions of your network that can be reached by outsiders. Keeping intruders out is a top priority.
Network Security Concepts
Securing a computer network requires a coordinated framework that consists of three complementary levels of activity.
- Protection – Configuring the network correctly is the first step in providing security. The goal is to limit access to the network to authorized and authenticated users.
- Detection – Detecting changes to the network’s configuration or identifying anomalies in its activity is essential to address situations where protection efforts fail. Despite your best efforts, there is always the chance that your network defenses can be compromised.
- Reaction – Once an intrusion has been identified, a plan needs to be in place to react to the issue as quickly and efficiently as possible. This might include activities such as removing the intruder from the network, identifying any damage that has been done, and addressing the security gaps that have been brought to light.
There are multiple methods for providing network security. Individually, each technique focuses on a specific defensive measure and furnishes some degree of protection. An organization that adds more layers of defense will inevitably have a more secure network.
- Firewalls – A firewall is a hardware or software barrier that monitors incoming and outgoing network traffic and either permits or blocks the transfer of data packets based on configured security rules. Packet-filtering firewalls are most commonly used and compare the source and destination of data packets against security guidelines. Next-generation firewalls also implement deep packet inspection which examines data within a packet for more stringent security.
- Email security – An increased reliance on phishing campaigns to gain access to enterprise networks raises the importance of strong email security. An email security solution can block incoming messages and control outbound traffic to limit the exposure of sensitive data.
- Anti-malware software – Also known as anti-virus software, these applications scan, identify and eliminate malicious software from systems and networks. The software uses a combination of definitions of known malware signatures and heuristics to identify and remove dangerous programs.
- Network segmentation – Network security and performance can be improved by the process of segmentation. This practice divides a network into smaller parts and is also referred to as partitioning or segregation. A segmentation policy is then implemented to control how traffic flows among the network’s parts. Benefits include the ability to protect vulnerable or sensitive devices and systems as well as limiting the damage if a network segment is breached.
Providing Network Visibility
Detecting suspicious network activity is vitally important in an overall security posture. A sudden spike in outbound traffic can be a sign that data is being illicitly exfiltrated. Numerous failed attempts to access a network can indicate that a brute-force attack is underway, threatening your data resources. These types of issues need to be investigated to determine if the cause is linked to legitimate system operation or an aberration that demonstrates the presence of malicious actors.
Network intruders do not announce themselves when trying to infiltrate your defenses. The first indication that your network has been comprised may be the degradation of normal services or an abnormality in the use of a particular segment. Uptime Infrastructure Monitor from IDERA Software provides visibility into your network that is required in the detection phase of network security.
The tool allows you to find network bottlenecks quickly and perform root-cause analysis to ascertain if the issue has malicious potential or is simply a valid problem that needs to be addressed. Bandwidth use can be monitored so anomalies can be identified and investigated. It may be that a new excessive usage pattern is the result of malware transferring enterprise data to an offsite location. This is the kind of information you need to keep your networks and the systems and data that rely on them safe and secure. Don’t get caught by surprise when your data breach becomes CNBC headline material.