April 3, 2017 By Scott Koegler 2 min read

Today’s networked world is constantly shifting, and the number and type of devices it connects changes minute by minute. The combination of in-house computing, cloud-based resources and a mobile workforce armed with a growing diversity of devices means advanced network security systems need to be both flexible and agile to detect intrusion and malware activities. Historical cybersecurity models such as perimeter-based security, the simple trust model and the assumption of a static environment are simply no longer effective.

Cybercrime Is a Business

Security analysts can make some basic assumptions about the kinds of threats they are protecting against, but the most important one is that the threat landscape has evolved into a business. Like any business, cybercriminals are focused on return on investment (ROI).

Whether the ROI is based on dollars or some other motive, perpetrators are no longer working alone in a dark basement. Successful intruders employ highly skilled researchers to understand the internals of the computing environments they target, including the operating systems, network components and applications that companies rely on to manage and store their data. More importantly, they make a point to understand the security systems enterprises use to protect themselves. Attackers are focused on the vulnerabilities they can identify in those systems.

Four Keys to Advanced Network Security

Companies can and must deploy sophisticated cyberdefense systems, but those systems need to look at the meta environment that surrounds the technology in addition to the specifics of vulnerabilities. Security professionals should consider the following four areas when implementing advanced network security.

1. Visibility of Traffic

Network traffic has become complex with the virtualization of origins and destinations. The difference between physical and virtual environments means it is no longer viable to identify specific physical systems as secure, because the application and data served by the virtual device can exist over a variety of physical systems. The addition of cloud-based computing resources increases that complexity. Security systems need to be able to monitor, identify and evaluate traffic, regardless of the source and destination.

2. Encryption and Decryption

Encryption is now more important than ever because interception techniques make it trivial to listen in on network traffic. But the same encryption that protects data while it is in transit makes it difficult to detect malware concealed in encrypted communication. Cybersecurity systems need to be able to decrypt traffic to evaluate its content while maintaining confidentiality and security of the data it processes.

3. Segment Content Delivery

Not all content requires the same kind of threat analysis. Security professionals can direct specific types of content to security systems designed to best handle that type of traffic. For example, video traffic from YouTube should be evaluated differently from chat and email traffic. Segment traffic to best utilize both security analysis and bandwidth resources.

4. Inline and Out-of-Band Security

Inline network security is standard fare for monitoring threats in real time, but advanced persistent threats (APTs) are able to infiltrate computing resources slowly and become active after a period of time. Out-of-band security measures need to be deployed to analyze threats that have already made their way into the network and are probing vulnerabilities and internal structures in preparation to launch an attack. APTs have been known to wait as long as four months after initial infection before they become active.

Think Outside the Box

Today’s security professionals need to think beyond the standard protections of just a few years ago. They must implement multiple approaches that match up to the highly skilled and dedicated teams trying to break into their enterprise computing systems.

More from Network

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today