Strategies from expert threat hunters designed for NetOps & SecOps teams
What is Network Security?
Network security encompasses all the policies, tools and practices intended to protect a network from intrusion or compromise. This includes hardware and software technologies designed to prevent data corruption, unauthorized network access, misuse of information, destruction or modification of network data and privacy breaches along with many other important functions. Network security serves as a compliment to endpoint security focused on individual device protection by encompassing all elements of the network infrastructure.
Networks speeds, cloud utilization and device propagation continue to expand exponentially over time. Larger and faster networks that have enabled this transition have also created new challenges for network security experts by exposing new vulnerabilities and attack surfaces. Security methods that employ a multi-layer approach can address this challenge and ensure optimal end user experience on an ongoing basis.
The Importance of Network Security
To understand the reasons why network security is so important, you only need to go online and read about all the network attacks that have occurred over the past few years. Reported security breaches continue to increase at an alarming rate every year. The advent of new technologies like artificial intelligence and the Internet of Things (IoT) will challenge existing security tools even further, providing new avenues for network intrusions. Insider attacks, those propagated from internal employees or those with authorized access to systems and networks, are also on the rise.
The value of network security becomes indisputable when weighed against the financial impact of a security breach. The 2018 IBM Security and Ponemon Institute data breach study reveals that the average cost of a breach in 2018 exceeded $3.8 million, with each lost or stolen record accounting for $148 of this total. These figures continue to rise each year. The overall cost includes detection and escalation, notification costs, response activities and lost business. The average cost of a breach was almost $1 million less in instances where security automation was deployed, and $1 million greater if the breach was not contained within 30 days. These statistics underscore the need for advanced analytics and superior wire-data capture capabilities.
Disrupted vendor relationships and reduced brand equity are among the hidden costs of a security breach that can be even more significant than the direct response expenditures. With the serious consequences of identity theft or privacy loss, customers and suppliers expect their confidential information to be kept secure, and rightfully so. Regardless of the causes behind the breach, the loss or corruption of customer information can significantly tarnish hard-won loyalty and the revenue that accompanied it.
A network security breach can also impact the bottom line via fines and penalties. The European Union’s General Data Protection Regulation (GDPR), which went into effect in May of 2018, regulates the reporting of EU citizen data exposure incidents within 72 hours, with fines of up to $25 million or 4% of annual revenue possible for noncompliance.
Protecting workstations is another critical aspect of network security because many forms of malware and spyware can first corrupt the workstation and later propagate throughout the network. Infrastructure can also be instrumental in preventing MiM attacks, utilizing data encryption to circumvent the would be interlopers.
Network Security Basics
To effectively secure a network these days, network security programs must be comprehensive, adaptable and intelligent. As networks become more complex, so do the threats to privacy and data integrity. A viable strategy will include both reactive and proactive measures.
Protection, detection and response are three basic tenants that can collectively guide effective network security practices. Protection encompasses software and system configuration practices to prevent threats. Detection includes techniques for rapid identification and characterization of problems, and response emphasizes quick containment and remediation once issues are identified.
Although a wide variety of solutions designed to prevent and detect attacks are available, the response and remediation aspects should be given equal billing. Yet enterprises invest up to 50 times more in prevention and detection tools than response. The field of network security forensics is dedicated to pinpointing the nature and extent of security breaches, often utilizing wire-data analytics, such a packets or flows, for back-in-time investigation of critical sequences. As security practices have evolved over the past several decades, specialized techniques have been developed, utilizing a comprehensive framework of network security tools.
Growing Areas of Network Security
The field of network security can sometimes evoke stereotypical images of the lone computer hacker ingeniously plotting network cyber-attacks from shadowy locations unknown. Although this scenario has not been completely supplanted, the sources, causes and motivations for security breaches have continued to diversify, making security process improvement imperative.
Common Tools and Techniques Used in Network Security
Network Security Threats
The variety of threats today is almost as diverse as the variety of devices and applications subject to intrusion. Viruses are perhaps the most well-known and publicized network security threat since their potential impact on data integrity can be devastating.
Studies have shown that nearly one-third of all computer’s worldwide are infected with some form of malware. Closely related are the “trojan horse” form of attacks that hide malicious code behind legitimate programs. Denial of service attacks (DoS) are another threat to network integrity with potentially disastrous consequences. By intentionally overloading a website with traffic, services can no longer be provided, and content can no longer be delivered to legitimate users.
Over the years, the types of threats in network security have grown more complex. Advanced persistent threats (APTs) use sophisticated means to gain unauthorized network access and then compromise sensitive data and network performance. Powerful algorithms have made “brute force” attacks more viable, where access is gained through voluminous trial-and-error login attempts until a network breach is successfully attained. These potentially catastrophic threats underscore the need for wire-data analytics to retrospectively decipher how and when unauthorized network access was accomplished.
Network Security for the Future
Network security continues to gain relevance as the potential consequences of failure become more untenable. An inevitable side effect of the current expansion mode is the propagation of attack surfaces that has been engendered, requiring enterprises to look beyond prevention to face the reality of security today – that is not “what if” – but when it happens to them.
Fortunately, the long list of reactive and proactive security tools and processes continues to expand as well with modern computing horsepower enabling investigation techniques such as threat hunting and forensics. Advanced practices can act as an ever-present camera, keeping the option of recall in play for threats that escape initial detection. The success of these tools bodes well for meeting the security challenges of the future.
Continue your Network Security education with VIAVI!
Are you ready to take the next step with one of our products or solutions? Complete one of the following forms to continue: