Effective network security can be reduced to two goals; keeping unauthorised users out and keeping sensitive data in. But as IT systems continue to evolve, particularly in the era of the cloud, the strategies and techniques to achieve these twin goals must also change.
So as you refine your strategy, here is some best practice advice from the FastNetMon team of experts.
Adopt a Zero Trust policy
The border between corporate systems and the world has completely disappeared as cloud services, remote working and BYOD become the norm. This means that the IT security team has had to yield much of the control over the devices used to connect to company resources.
The solution is to adopt a Zero Trust approach, where users, devices and applications pass through multi-factor authentication mechanisms before being granted access. Zero Trust authentication will also consider the context of every request, providing granular controls on what is being accessed, by whom, from which device, at which time and whether the connecting device meets certain basic security criteria.
By trusting nothing (Zero Trust), you can ensure complete control over network resources without having to control the endpoints or granting excessive access rights. Which means that you can solve many of the shortcomings of traditional VPN connections which do not offer the granular access control your network needs.
Audit infrastructure regularly
Without definite borders, the network continues to grow and evolve, particularly as new cloud-based assets are adopted. This means that the various interconnections of applications, devices and infrastructure will change over time. And unless your IT security team stays on top of these changes, new vulnerabilities will be created or exposed.
Conducting regular audits of network and security controls will be essential for identifying and rectifying vulnerabilities before they can be exploited. Audits are also a good way to ensure your IT team is up-to-date in their knowledge of current infrastructure, allowing them to be more effective in their roles.
Implement an SIEM strategy and toolkit
Your infrastructure is under constant threat, making event analysis even more important. But with so much ‘noise’ being logged, identifying genuine threats can be quite difficult.
Implementing Security Information and Event Management (SIEM) automates event log analysis, highlighting only those issues which do require further investigation. A dedicated SIEM toolkit or platform can automate many of the initial exploratory functions too, accelerating your response to a potential event and better protecting assets. All of which means that you can focus your resources fully on dealing with incidents.
If nothing else, adopting SIEM encourages your network security team to formulate an effective strategy for identifying and responding to events. Which means they will be better prepared when the inevitable happens and your business is attacked.
Strengthen your DDoS Defences
Distributed Denial of Service attacks are becoming more frequent, more devastating and more devious. In fact, DDoS attacks make up 40% of all cybersecurity incidents each year. Worse still, any internet-connected business is at risk of DDoS attack. Having a solution to detect and mitigate suspicious / malicious activity is absolutely essential to ensuring your web-facing assets remain online.
FastNetMon provides near instant (~2 seconds) detection of DDoS activity, allowing you to apply the appropriate mitigation strategy before your users are even aware there may be a problem. FastNetMon can detect all DDoS variations and can be used to protect assets on-premises and in the cloud alike.
Combining FastNetMon with a traffic scrubbing service offers even greater protection against DDoS attacks, ensuring that your services continue to run unaffected for legitimate users.
Upgrade your firewalls
As previously mentioned, cybercriminals are becoming more devious. So although traditional firewalls remain an essential network security safeguard, you must consider implementing Next Generation firewalls (NGFW) too.
NGFWs provide Layer 7 (application layer) packet inspection functionality. This deep packet inspection (DPI) capability can be used to detect and block malicious application traffic. Which is particularly useful in an age where distributed applications based in the cloud are a regular aspect of business and network operations.
Secure Web Gateways (SWG) offer similar Layer 7 functionality, allowing administrators to secure web traffic. An SWG increases network oversight through URL filtering, application control, inspection of encrypted traffic delivered over HTTPS and malware protection for files delivered over the web.