What is Network Security?
Network security encompasses all the policies, tools and practices intended to protect a network from intrusion or compromise. This includes hardware and software technologies designed to prevent data corruption, unauthorized network access, misuse of information, destruction or modification of network data and privacy breaches along with many other important functions. Network security serves as a compliment to endpoint security focused on individual device protection by encompassing all elements of the network infrastructure.
Networks speeds, cloud utilization and device propagation continue to expand exponentially over time. Larger and faster networks that have enabled this transition have also created new challenges for network security experts by exposing new vulnerabilities and attack surfaces. Security methods that employ a multi-layer approach to network security can address this challenge and ensure optimal end user experience on an ongoing basis.
The Importance of Network Security
To understand the reasons why network security is so important, you only need to go online and read about all the network attacks that have occurred over the past few years. Reported security breaches continue to increase at an alarming rate every year. The advent of new technologies like artificial intelligence and the Internet of Things (IoT) will challenge existing security tools even further, providing new avenues for network intrusions. Insider attacks, those propagated from internal employees or those with authorized access to systems and networks, are also on the rise.
The value of network security becomes indisputable when weighed against the financial impact of a security breach. The 2018 IBM Security and Ponemon Institute data breach study reveals that the average cost of a network security breach in 2018 exceeded $3.8 million, with each lost or stolen record accounting for $148 of this total. These figures continue to rise each year. The overall cost includes detection and escalation, notification costs, response activities and lost business. The average cost of a breach was almost $1 million less in instances where security automation was deployed, and $1 million greater if the breach was not contained within 30 days. These statistics underscore the need for advanced analytics and superior wire-data capture capabilities.
Disrupted vendor relationships and reduced brand equity are among the hidden costs of a security breach that can be even more significant than the direct response expenditures. With the serious consequences of identity theft or privacy loss, customers and suppliers expect their confidential information to be kept secure, and rightfully so. Regardless of the causes behind the breach, the loss or corruption of customer information can significantly tarnish hard-won loyalty and the revenue that accompanied it.
A network security breach can also impact the bottom line via fines and penalties. The European Union’s General Data Protection Regulation (GDPR), which went into effect in May of 2018, regulates the reporting of EU citizen data exposure incidents within 72 hours, with fines of up to $25 million or 4% of annual revenue possible for noncompliance.
Protecting workstations is another critical aspect of network security because many forms of malware and spyware can first corrupt the workstation and later propagate throughout the network. The infrastructure of network security can also be instrumental in preventing MiM attacks, utilizing data encryption to circumvent the would be interlopers.
Network Security Basics
To effectively secure a network these days, network security programs must be comprehensive, adaptable and intelligent. As networks become more complex, so do the threats to privacy and data integrity. A viable network security strategy will include both reactive and proactive measures.
Protection, detection and response are three basic tenants that can collectively guide effective network security practices. Protection encompasses software and system configuration practices to prevent threats. Detection includes techniques for rapid identification and characterization of problems, and response emphasizes quick containment and remediation once issues are identified.
Although a wide variety of solutions designed to prevent and detect attacks are available, the response and remediation aspects should be given equal billing. Yet enterprises invest up to 50 times more in prevention and detection tools than response. The field of network security forensics is dedicated to pinpointing the nature and extent of security breaches, often utilizing wire-data analytics, such a packets or flows, for back-in-time investigation of critical sequences. As network security practices have evolved over the past several decades, specialized techniques have been developed, utilizing a comprehensive framework of network security tools.
Growing Areas of Network Security
The field of network security can sometimes evoke stereotypical images of the lone computer hacker ingeniously plotting network cyber-attacks from shadowy locations unknown. Although this scenario has not been completely supplanted, the sources, causes and motivations for security breaches have continued to diversify, making network security process improvement imperative.
- Threat Hunting
Network security has sometimes been viewed as a strictly defensive endeavor with the emphasis placed on protection from external attack. The concept of threat hunting acknowledges the difficultly in relying solely on AI or machine-learning solutions to detect potential breaches. Threats are increasing in sophistication while network are growing in complexity, making it increasingly difficult to detect where and how an attack may surface. Threat hunting involves a more proactive, offensive philosophy. Once endpoints have been sufficiently secured, threat hunting practices can be employed to seek out covert indicators of compromise that may not flag to a machine-based monitoring tool. Successful threat hunting requires continuous monitoring, behavioral analytics, advanced analysis techniques for captured data and highly trained personnel to utilize the technology effectively. As the paradigm shifts from defensive to offensive strategies, threat hunting continues to gain acceptance as the methods evolve.
- Incident Response
A more structured approach to handling network security breaches and incidents is known as incident response (IR). By nature, network security issues can be stressful and hectic, which can inherently lead to inconsistent response practices. Incident response mitigates this by putting effective response plans and checklists in place prior to the incident. This can add more structure to the containment and recovery activities after the source has been identified, as well as improving the follow-up process and lessons learned once the crisis has been averted.
- Regulatory Compliance Support
Avoiding the hefty fines and penalties that can result from non-compliance to new regulations such as the GDPR involves not only taking steps to prevent costly incidents, but also establishing and auditing implementation based on the 99 individual articles that make up the standard. In addition to the U.S. federal laws regulating cyber-security practices such as HIPAA, the Gramm-Leach-Bliley Act (GLBA) and the Federal Exchange Data Breach Notification Act of 2015, individual states such as California and New York impose their own regulations. The expertise required to navigate this maze of compliance hurdles has made consulting and implementation services high-growth components of the network security landscape.
- Cloud-Based Security
Cloud-based Security as a service (SECasS) is expected to surpass on-site security deployments by the end of 2020. Outsourced SECaaS represents a major paradigm shift from the in-house IT and security specialists we have been accustomed to. Cloud-based security services can leverage economies of scale to provide the best tools and experts available; something that is not always feasible for a small-mid sized company building their security infrastructure from the ground up. SECaaS has also proven to be useful when it comes to applying the latest patches and updates in real time, and deployment of continuous monitoring.
Common Tools and Techniques Used in Network Security
- Anti-Virus Software
Spyware, ransomware, viruses and worms are just some of the forms of malware that can wreak havoc on a network by infecting essential systems while going undetected as they spread. Software that can quickly scan for these threats, remove malware and repair the harm caused is a vital tool to have. Determining how comprehensive your anti-malware tool set should be requires an assessment of network size, application types and data sensitivity.
- Behavioral Analytics
The concept behind behavioral analytics involves first creating a baseline for normal network user behavior and then using analytical tools to determine when the behavior has significantly deviated from the norm. These deviations may be early indicators of potential network security problems, so behavioral analytics can be effective as a proactive security measure.
- Application Security
Apps can become a gateway for unwanted intruders because all applications have flaws and vulnerabilities that can potentially be compromised to gain unauthorized network access. Application security encompasses hardware and software tools intended to mitigate these access points and minimize security gaps inherent to apps by locating, repairing and preventing application security flaws.
- Data Loss Prevention
Data loss prevention (DLP) tools focus on the human aspects of network security, specific to unauthorized or unintended destruction or transfer of sensitive data outside the network. DLP encompasses processes that automatically block user transmission of sensitive data. By focusing on internal data loss and leakage, DLP serves as a counterpoint to other security tools intended to block unwanted users or data from breaching the network from an external access point.
Firewalls employ a set of rules to determine whether specific traffic should be blocked, thereby creating a barrier between your network and any untrusted outside network. A firewall can be either hardware or software based or even some combination of both. With thirty years of history, firewalls are one of the oldest and most essential network security tools in existence. Network firewalls are typically located on the gateway computers of local area networks (LANs), wide area networks (WANs) and intranets.
- Network Segmentation
Network segmentation is a process used to divide network traffic into smaller segments, depending on the endpoint identity and other logical categorical factors. Segmenting traffic in an organized manner makes it easier to contain and remediate suspicious activity when necessary. Segmentation can be implemented through physical or virtual means and has become a highly recommended security practice, particularly in regulated industries.
Numerous other security best practices including email security tools, mobile device security, security information and event management (SIEM) and virtual private networks (VPNs) are also becoming more commonly utilized as the security challenges grow in intensity.
Network Security Threats
The variety of network security threats today is almost as diverse as the variety of devices and applications subject to intrusion. Viruses are perhaps the most well-known and publicized network security threat since their potential impact on data integrity can be devastating.
Studies have shown that nearly one-third of all computer’s worldwide are infected with some form of malware. Closely related are the “trojan horse” form of attacks that hide malicious code behind legitimate programs. Denial of service attacks (DoS) are another threat to network integrity with potentially disastrous consequences. By intentionally overloading a website with traffic, services can no longer be provided, and content can no longer be delivered to legitimate users.
Over the years, the types of threats in network security have grown more complex. Advanced persistent threats (APTs) use sophisticated means to gain unauthorized network access and then compromise sensitive data and network performance. Powerful algorithms have made “brute force” attacks more viable, where access is gained through voluminous trial-and-error login attempts until a network breach is successfully attained. These potentially catastrophic threats underscore the need for wire-data analytics to retrospectively decipher how and when unauthorized network access was accomplished.
Network Security for the Future
Network security continues to gain relevance as the potential consequences of failure become more untenable. An inevitable side effect of the current expansion mode is the propagation of attack surfaces that has been engendered, requiring enterprises to look beyond prevention to face the reality of security today – that is not “what if” – but when it happens to them.
Fortunately, the long list of reactive and proactive security tools and processes continues to expand as well with modern computing horsepower enabling investigation techniques such as threat hunting and network security forensics. Advanced practices can act as an ever-present camera, keeping the option of recall in play for threats that escape initial detection. The success of these tools bodes well for meeting the network security challenges of the future.
Continue your Network Security education with VIAVI!
Are you ready to take the next step with one of our network security products or solutions? Complete one of the following forms to continue:
Network Security Resources
Strategies from expert threat hunters designed for NetOps & SecOps teams
Network Security Intelligence
Network Security Products