Today’s networked world is constantly shifting, and the number and type of devices it connects changes minute by minute. The combination of in-house computing, cloud-based resources and a mobile workforce armed with a growing diversity of devices means advanced network security systems need to be both flexible and agile to detect intrusion and malware activities. Historical cybersecurity models such as perimeter-based security, the simple trust model and the assumption of a static environment are simply no longer effective.

Cybercrime Is a Business

Security analysts can make some basic assumptions about the kinds of threats they are protecting against, but the most important one is that the threat landscape has evolved into a business. Like any business, cybercriminals are focused on return on investment (ROI).

Whether the ROI is based on dollars or some other motive, perpetrators are no longer working alone in a dark basement. Successful intruders employ highly skilled researchers to understand the internals of the computing environments they target, including the operating systems, network components and applications that companies rely on to manage and store their data. More importantly, they make a point to understand the security systems enterprises use to protect themselves. Attackers are focused on the vulnerabilities they can identify in those systems.

Four Keys to Advanced Network Security

Companies can and must deploy sophisticated cyberdefense systems, but those systems need to look at the meta environment that surrounds the technology in addition to the specifics of vulnerabilities. Security professionals should consider the following four areas when implementing advanced network security.

1. Visibility of Traffic

Network traffic has become complex with the virtualization of origins and destinations. The difference between physical and virtual environments means it is no longer viable to identify specific physical systems as secure, because the application and data served by the virtual device can exist over a variety of physical systems. The addition of cloud-based computing resources increases that complexity. Security systems need to be able to monitor, identify and evaluate traffic, regardless of the source and destination.

2. Encryption and Decryption

Encryption is now more important than ever because interception techniques make it trivial to listen in on network traffic. But the same encryption that protects data while it is in transit makes it difficult to detect malware concealed in encrypted communication. Cybersecurity systems need to be able to decrypt traffic to evaluate its content while maintaining confidentiality and security of the data it processes.

3. Segment Content Delivery

Not all content requires the same kind of threat analysis. Security professionals can direct specific types of content to security systems designed to best handle that type of traffic. For example, video traffic from YouTube should be evaluated differently from chat and email traffic. Segment traffic to best utilize both security analysis and bandwidth resources.

4. Inline and Out-of-Band Security

Inline network security is standard fare for monitoring threats in real time, but advanced persistent threats (APTs) are able to infiltrate computing resources slowly and become active after a period of time. Out-of-band security measures need to be deployed to analyze threats that have already made their way into the network and are probing vulnerabilities and internal structures in preparation to launch an attack. APTs have been known to wait as long as four months after initial infection before they become active.

Think Outside the Box

Today’s security professionals need to think beyond the standard protections of just a few years ago. They must implement multiple approaches that match up to the highly skilled and dedicated teams trying to break into their enterprise computing systems.

More from Network

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

4 min read - View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

4 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in New Space

7 min read - View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth, there has also been an expansion of the cyberattack surface of space systems. Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture. Threat Actors' Methodology Every space system architecture is composed of three…

7 min read