5 things must need for securing modern network
Published: 12:18 PM, 10 July 2019
There is a saying, “The network is the computer.” It means IT infrastructure was linked together in a loosely-coupled architecture, tied together via networking technologies such as Ethernet cables and the TCP/IP protocol. Thus, it was critical to engineering the network correctly to maximize network availability, performance, and business benefits.
Things have changed since the early 1990s. Some networks live in the cloud, some are virtual, and some rely on application-to-application connections, but networks still connect IT systems together in one way or another.
Amidst this transformation, network security has had to change with the times. There are five things must need to support the modern network.
Modern network security controls must be instrumented into all network segments for inspection of east or west traffic, network communications in the cloud, and network communications from remote workers to software as a service (SaaS) applications where the traffic never touches the corporate network. In other words, all network traffic should be inspected.
Encryption or decryption capabilities
According to ESG research, 50 to 60% of all network traffic is encrypted in recent times and this will only increase in the future. That means comprehensive network security architecture must include the ability to decrypt and inspect traffic at a multitude of control points.
Modern network security technologies should also be able to detect suspicious traffic without the need for decryption in all cases. This capability is already included in offerings such as Cisco Encrypted Traffic Analytics (ETA) and stand-alone solutions from vendors such as Barac.io.
Reducing the attack surface should be a primary requirement for all modern network security technologies. This equates to two capabilities- first, segmenting east or west traffic between application tiers, and – second, enforcing software-defined perimeter network segmentation rules between users or devices and network-based services. These capabilities are often vaguely referred to as “zero-trust.”
Central control plane and distributed enforcement
This one is a “must-have.” All network security controls (i.e. physical, virtual, cloud-based) must report into a common control plane for management activities (i.e. configuration management, policy management, change management, etc.).
The central control plane will likely be cloud-based, so CISOs should prepare risk-averse auditors and business managers for this change. Armed with instructions from central command and control, network security systems must be instrumented to block malicious traffic and enforce policies regardless of their location or form factor.
Note that while every network security vendor will pitch its own central management service, third-party software providers such as FireMon, Skybox, and Tufin may play a role here.
Comprehensive monitoring and analytics
As the old security adage goes, “the network doesn’t lie.” Since all cyber attacks use network communications as part of their kill chain, security analysts must have access to end-to-end network traffic analysis (NTA) up and down all layers of the OSI stack.
The best NTA tools will supplement basic traffic monitoring with detection rules, heuristics, scripting languages, and machine learning that can help analysts detect unknown threats and map malicious activities into the MITRE ATT&CK framework.
CISOs must cast a wide net, as there are lots of strong solutions to choose from pure-play startups (i.e. Bricata, Corelight, DarkTrace, IronNet, Vectra Networks, etc.), networking experts (i.e. Cisco, ExtraHop, NETSCOUT, etc.), and network security vendors (i.e. Fidelis, FireEye, Lastline, HPE, etc.). Caveat Emptor!
Network security technologies must support granular policies and rules, subject to immediate alteration based upon changes in things such as user location, network configuration, or newly discovered threats or vulnerabilities.
Organizations must have the ability to spin up or spin down or change network security services whenever and wherever they are needed. Modern network security controls must be able to accommodate the internet of things (IoT) devices and protocols with the same types of strong policies and enforcement as they offer for standard operating systems. Finally, network security architectures must be built around easily accessed APIs for rapid integration.
- Issues that will be discussed during Jayashankar’s visit
- Gibraltar rejects US request
- Man United faces Wolverhampton tonight
- Hong Kong protesters march peacefully
- Marium, a lovely animal dies after eating plastic
- New Indonesian capital to be in Jungle?
- How to cook meat faster
- Tourists unhappy over Teknaf`s odor-pollution
- Fatima: The Wonder Lady!
- Rail links with Khulna snapped
- Maududist modern era devil: Agriculture Minister
- ‘Blood Bank of Kaliganj’ saved thousand lives
- ‘Mayaboti’ release date scheduled
- Dressing room rift misinterpreted in media: Mahmudullah
- Humayun for all-side interest on rawhide issue
- Tannery owners to buy rawhide form tomorrow
- JKS for transport workers’ fixed work hrs rein road accident
- How long should Kashmiris wait for peace?
- JnU’s Olympiad winner dies
- Day laborer Dalip Singh became ‘Great Khali’
- Shirin Sharmin to join South Asian Speakers’ Summit
- 1 day after buying bike, youth killed in accident
- Happy birthday Mia Bhai
- Serious health risk in handling taka: research reveals
- Minni’s bail petition to HC again
- Cumilla road crash: 6 of a family among deceased
- Jumps from boat get a divorce!
- DMP files 4,780 cases over traffic violations
- Tk 120 cr allotted for flood recovery
- Writ seeking HC order to find out culprits in rawhide fall
- All News »
- Truck driver rescues girl from rape on moving bus
- National Mourning Day Thursday
- 7 killed as auto-rickshaw crashes into bus
- Priyanka anxious over Nick’s diabetes!
- Immortal sayings of Bangabandhu
- Jacqueline stuns in yellow during birthday trip in Sri Lanka
- Army Chief off to Indonesia Sunday
- Kona disclosed her marriage 3 months later!
- Fire breaks out at Mirpur slum
- 60pc animal waste of Capital disposed
- Hong Kong protesters march peacefully
- Nayan`s last SMS to Minni
- Removal of animal wastes almost completed: DSCC Mayor
- No foreign prog broadcast without permission
- Keep environment clean to prevent dengue: President
- Mirpur slum fire doused
- Two Bangladeshis killed in Saudi road crash
- 63 Bangladeshi Hajj pilgrims died in Saudi Arabia
- Pak-India war! 8 soldiers killed on LoC
- 2 gang rape accused killed in gunfight
- Last Hajj ritual heralds Eid Al-Azha
- 4 of a family killed in M’singh bus-car collision
- Momo stares in Hindi film!
- Flood victims to get 24,000 houses
- `Our prayer for abolition of evil power`
- BCB seek clarity from Mashrafe Mortaza about ODI future
- 8 births recorded during Hajj 2019
- La Liga: Atletico Madrid faces Getafe tonight
- Kashmir outposts divided over status change
- 2 dead, 3 missing after boat sinks in Jamuna