Today’s networked world is constantly shifting, and the number and type of devices it connects changes minute by minute. The combination of in-house computing, cloud-based resources and a mobile workforce armed with a growing diversity of devices means advanced network security systems need to be both flexible and agile to detect intrusion and malware activities. Historical cybersecurity models such as perimeter-based security, the simple trust model and the assumption of a static environment are simply no longer effective.
Cybercrime Is a Business
Security analysts can make some basic assumptions about the kinds of threats they are protecting against, but the most important one is that the threat landscape has evolved into a business. Like any business, cybercriminals are focused on return on investment (ROI).
Whether the ROI is based on dollars or some other motive, perpetrators are no longer working alone in a dark basement. Successful intruders employ highly skilled researchers to understand the internals of the computing environments they target, including the operating systems, network components and applications that companies rely on to manage and store their data. More importantly, they make a point to understand the security systems enterprises use to protect themselves. Attackers are focused on the vulnerabilities they can identify in those systems.
Four Keys to Advanced Network Security
Companies can and must deploy sophisticated cyberdefense systems, but those systems need to look at the meta environment that surrounds the technology in addition to the specifics of vulnerabilities. Security professionals should consider the following four areas when implementing advanced network security.
1. Visibility of Traffic
Network traffic has become complex with the virtualization of origins and destinations. The difference between physical and virtual environments means it is no longer viable to identify specific physical systems as secure, because the application and data served by the virtual device can exist over a variety of physical systems. The addition of cloud-based computing resources increases that complexity. Security systems need to be able to monitor, identify and evaluate traffic, regardless of the source and destination.
2. Encryption and Decryption
Encryption is now more important than ever because interception techniques make it trivial to listen in on network traffic. But the same encryption that protects data while it is in transit makes it difficult to detect malware concealed in encrypted communication. Cybersecurity systems need to be able to decrypt traffic to evaluate its content while maintaining confidentiality and security of the data it processes.
3. Segment Content Delivery
Not all content requires the same kind of threat analysis. Security professionals can direct specific types of content to security systems designed to best handle that type of traffic. For example, video traffic from YouTube should be evaluated differently from chat and email traffic. Segment traffic to best utilize both security analysis and bandwidth resources.
4. Inline and Out-of-Band Security
Inline network security is standard fare for monitoring threats in real time, but advanced persistent threats (APTs) are able to infiltrate computing resources slowly and become active after a period of time. Out-of-band security measures need to be deployed to analyze threats that have already made their way into the network and are probing vulnerabilities and internal structures in preparation to launch an attack. APTs have been known to wait as long as four months after initial infection before they become active.
Think Outside the Box
Today’s security professionals need to think beyond the standard protections of just a few years ago. They must implement multiple approaches that match up to the highly skilled and dedicated teams trying to break into their enterprise computing systems.
Freelance Writer and Former CIO