Back to Cybersecurity Basics – Part 10: Network Security
Gone are the days when a network was confined within the walls of your business. In 2018 organisations of all sizes are taking advantage of the rapid advances in technology to provide their employees with a more distributed, flexible working environment.
This flexibility brings with it numerous benefit’s including greater productivity and lower costs (sounds brilliant doesn’t it?), however these benefits don’t come without their challenges, especially within the security space.
When the network was confined to being within the walls of the building, it was relatively (and I mean relative in terms of comparing network security in 2005 to 2018) easy to manage. Of course, years ago there were different challenges to overcome but 13 years ago, each person didn’t have on average 3 devices each, no business had a BYOD policy, signature-based Malware detection was the norm and Firewalls were Firewalls – nothing ‘Next or Cloud Generation’.
Fast forward to 2018 and how businesses protect the network has changed massively. Not only must they protect data that’s held within the building, but also data held on mobile devices and in the Cloud. Throw into the mix that it’s not only external but internal threats that organisations need to be wary of and its easy to see how complex this can become.
A computer network can be anything from two linked devices to a network combining 100,000 devices or more. Network Security described basically is the policies and practises an organisation puts in place to prevent and monitor unauthorised access (internal or external), misuse, modification or denial of a computer network or resource.
In keeping with the theme of our blog series, we will look at some of the basic network security tools an organisation should roll-out as a minimum.
Firewall – sounds obvious right? And of course, anybody in our industry knows that you must have a Firewall in place if you have any devices, be that servers or workstations, that are connected to the internet or 3rd party networks. A firewall in its most basic form, simply decides what network traffic can enter or leave the network.
Back in 2005 this was great, but as threats have evolved and organisation challenges have become more complex, so to have Firewalls. It seems there is no longer such a thing as just a Firewall. Many of these devices are now branded ‘next generation’ or ‘cloud ready’ and include a whole raft of features including – IPS, Application Control, Anti-Malware Sandboxing, SD-WAN, Dynamic Routing, SSL Interception, Web Filter, DDoS Protection and Advanced Threat Protection amongst other things.
The real challenge nowadays comes with finding the right product.
Web Security – As mentioned above, many organisations who utilise Next Generation or Cloud Ready Firewalls will have some form of web security available, however in many cases, and for various reasons these features aren’t utilised or may just be basic URL Filtering. An organisation will get a much more comprehensive set of capabilities with a dedicated Web Security Appliance.
A dedicated Web Security Appliance will allow businesses to be much more granular in how it controls the use of the Web and Web 2.0 applications. For example, administrators can permit certain users or groups of users to use Facebook or Dropbox whilst stopping them from ‘liking’ comments or uploading documents.
Other features of a dedicated appliance may be in-depth reporting capabilities, Data Loss Prevention and Advanced Malware protection. Many dedicated appliances will also protect roaming users by initiating a VPN tunnel that routes back through the on-premise appliance.
Email Security – Email continues to be the most used business communication tool, despite the emergence of technologies such as Skype for Business.
Sadly, because of this, Email is also the number one threat vector. Even as far back as 2016, Verizon claimed that phishing was present in nearly a quarter of security incidents and over 90% of so-called “social” attacks, and it wouldn’t surprise us if these figures were even higher today.
This size of attack surface means that organisations need to ensure, as a matter of priority, that their email platform is secure. Many organisations have of course now moved over to Office365 and whilst there is a certain level of security built in, it still has a long way to go to protect organisations from the more advanced cyber threats.
Due to the rise in Office365 use, many security vendors, over the past 18 months, have reacted by releasing products to combat the perceived lack of security surrounding Office365 including the likes of Barracuda and Mimecast. These products include several additional security features, specifically designed for O365, including Advanced Threat Protection, Back-Up, Archiving and eDiscovery.
The fact remains though that not all organisations have migrated to Office365…yet, and for those who prefer to host their email on premise Appliance and Virtual Deployment options are still very much available.
As time has moved on, so too has the requirement for Email security vendors to provide additional features over and above the spam filtering and virus protection that forms the basis of their products. Among the features to creep into many email gateway platforms are encryption (usually AES with 256-bit keys) and data loss prevention. Although these products won’t be as ‘feature rich’ as would be provided by a true Encryption or Data Loss Prevention vendor, they would still serve a purpose.
Endpoint Security – Remember back in 2014 when Symantec declared ‘Anti-Virus is Dead’? Yeah, we do too. Whilst we understand the sentiment behind the statement, Anti-Virus is very much alive and kicking, albeit within a shell more commonly known as ‘Endpoint Security’. In fact, the heartbeat of any Endpoint Security solution is in fact it’s Anti-Virus or Anti-Malware engine.
To combat the massive tidal wave of threats, vendors had to either adapt or drown in the amount of new malicious software variants that were being developed every hour of every day and adapt they did.
In 2018, using only signatures to detect Malware is no longer a viable option. Whist signature-based detection still has its place, many vendors realised that this was no longer a viable option and so devised a method of detecting Malware using behavioural analysis alongside signatures.
Using McAfee as an example, they recently released McAfee ENS 10.5 which, alongside signature-based detection, also provides modules that:
- Provide containment protection for unknown applications and prevents them from performing malicious behaviour
- Configure thresholds to log, limit, or block actions contained executables perform
- Provides threat intelligence functionality from McAfee Threat Intelligence Exchange server
It’s also important to remember that an Endpoint security solution should also include desktop firewall and IPS features to monitor incoming and outgoing traffic for unusual or suspicious behaviour that could indicate an attack. For larger organisations a network-based device should also be deployed and any alerts coming from these devices should be actioned by appropriately trained staff.
Again, many Endpoint Security solutions will also contain some form of Web Control features.
The above solutions should form the backbone of a network security portfolio which can be built on and enhanced over time. There will of course, from time to time, be some crossover, however providing the solutions don’t clash there is no harm in layering security products for additional protection.
Other solutions that can be deployed to boost your cyber security defences include Patch & Vulnerability Management, Encryption, Privileged Account/Access Management, Access Rights Management, Data Loss Prevention, Back-Up, Network Access Control, DDoS Protection, Two-Factor Authentication, Enterprise Mobility Management and User Awareness Training.
All of the above solutions come with their own specific benefits, the trick is prioritising which is of most importance to you and your business!