To talk about network security and management, we need to split this subject into smaller bits of information, concepts, and a bit of history. First, let us go back to the concept of security and where it comes from. Security is described as the state of being free from danger or threats. Discussing a network free of dangers or threats is something utopic and unrealistic, which is why when we talk about network security we should focus on reducing or controlling threats to an acceptable level to the organization and its processes.
Many of the concepts applied to cybersecurity, network security, information security, and related fields are concepts already used in military practice. A few decades ago, we were talking about Demilitarized Zones in the network to expose our services to the internet; defense-in-depth, and many other concepts that are part of the military vocabulary, which is why some of the concepts still apply.
We can build the concept of network security as the strategies, policies, processes, and technologies used to secure an organization’s data, applications, devices, systems, and resources connected to the organization’s network. It is important to understand that network security is a part of cybersecurity. In the past, we used to see organizations as castles or fortresses and the data as the gold inside the chest located in the safest room in the castle.
How important can Network Security be for an organization?
Nowadays, we need to see our organizations as ships, ships that travel in a vast ocean of interconnected organizations, and that sometimes the information travels from one ship to another by small boats that leave the ship with precious cargo. Those little boats represent the fact that now we have adopted other ways of working with colleagues, other ways of communication, and other technologies in our daily lives.
The precious cargo we mention is data, sometimes sensitive and critical. And as we know from the basic cybersecurity awareness courses, humans are the weakest link in the chain. Networks are now extended to places outside the physical constraints of an office or a corporate network, they have extended to public Wi-Fi at coffee shops, our desktop or dining table while doing home office, and even sometimes the bench on a sandy beach while nomad working.
The way we use devices now, statistics are incredible, they show that mobile devices represent about 68% of the total traffic on different websites globally, and desktops are becoming a thing of the past.
We are changing the way we access our information and how we share it. These new ways of being interconnected to networks and how we work, consume, and share information provides a solid base to create new conversations, that we as security practitioners, need to address and respond to according to our organizational priorities.
We need to ask ourselves what new risks we face and if we are ready to provide our organization and users with the right strategies, policies, processes, and technologies to secure information and assets. Therefore, Network Security is still a growing and exciting field, with new strategies to be developed, and new technologies to be invented.
One of the biggest insurance companies in the world categorizes cybersecurity incidents as the number one risk organizations of any size, location, and sector face. Insurance companies are aware of the risks.
This talks directly into management, cybersecurity is no longer an IT thing, it is a transversal function and should be addressed with a risk approach.
What about the new risks we face?
Besides the traditional strategies we already know and do, such as perimeter defense, defense-in-depth, and others, we need to talk about the ones that can affect our networks as we have them today. As we mentioned before, networks are now more than just Ethernet cables and Wi-Fi at our offices, with a bunch of servers and network devices connecting computers, users, and services.
Networks now can be as extended as the coffee shop’s Wi-Fi where the C-Level executive takes the morning coffee while checking an email or CRM, to the sandy beach in Thailand where the developer you hired is working on your new project. This means that our devices, no matter where they are, have become the “last mile” of our networks.
With the “new mobility” we have achieved, cybercriminals have found a very fertile soil to grow cybercrime and create more advanced ways of achieving their goals.
One example is the way ransomware is expanding now, as it has grown almost 150% in the first quarter of 2020. Usually, it uses three main methods to spread; social engineering, credential harvesting, and vulnerability exploitation. Each method takes advantage of different organizational vulnerabilities. However, the innovation of ransomware attacks is that it has become more alike cybercrime, as a service model manner, rather than just one individual looking for data or crime monetization.
This expands the threat horizon even more, if our devices are the “last mile” of our networks, it means that they are an entry point to our network and our information.
Another entry point that represents high risk and that sometimes we do not see as a real threat are suppliers. Supply chain attacks have been in the news more recently and the impact we know is that those attacks can become a red flag for any organization. It is true we cannot extend our controls to our supplier’s network most of the time, but we can generate policies that can help our organization to choose better suppliers and enforce compliance with our acceptable risk levels. Risks and threats now go beyond our local area network or our data centers, they go wherever there is a user accessing our data or services.
Is it a visibility problem?
We have discussed a bit about cybersecurity, network security, and threats, and this discussion led us to understand that network security is not only a technology problem. As engineers, we say that the more information we have, the better decisions we make. Visibility in the networks is something all cybersecurity professionals want to achieve, yet, how can we achieve visibility in an environment that changes and moves so fast? Some network security solutions have come to solve this kind of problem. SIEM, for example, which stands for “Security Information Event Management”, is a technology that together with other new technologies, such as artificial intelligence, gives us not only visibility but also the ability to prevent incidents before they happen. If it were only a visibility problem, Syslog and other known logging technologies would solve it. The problem is that we need to have confidential information digested, and be quick to make the right decisions.
Sometimes we are even letting technology take care of big decisions, such as the case of using machine learning to create anomaly behavior detection. Something security teams and network security devices rely on a lot these days. In the end, it is not a visibility problem but a speed problem.
How fast can we make decisions based on the information we have; how fast can we respond to attacks and compromise; how resilient we are when we face attacks.
What is the right approach?
Let us talk about risks before we decide on technologies. Many organizations burn millions of the cybersecurity budget purchasing network security hardware and software, sometimes without a previous strategy or risk approach.
We do understand that some technologies that need to be there just because they are the foundations. Firewalls, endpoint protection, intrusion prevention, and detection, and user management are examples of network security technologies that need to be in place before going for more advanced solutions. Also, strategies such as network segmentation or least privilege access have been there for a reason.
The goal here is not to criticize the purchasing of new technologies but to take the right approach. We need to hit where it hurts. Where it hurts us in fact, everything we do needs to be based on lowering the risks we face.
Whether it is to deploy new technologies or to create a new policy or process. Everything should be against threats and minimize our vulnerabilities. This way, we can say that we are doing a smart investment and not just reactive purchasing.
Is Zero Trust network security?
When we talk about network security, the new concept is Zero Trust. It talks about defining our users as our final frontier. The Zero Trust security model tells us that users should only have the necessary access and permissions that they require to accomplish their roles in your organization. This allows organizations to have more granularity on what users can and cannot do, also get more visibility and less reaction time in case of an attack. The answer is yes, zero trust is network security, and managers should start to dig into it.