Network Security is crucial for any organisation operating in the 21st century and helps define and guarantee business success. Unfortunately, many enterprises struggle to define what network security solutions are essential to securing their network and data within such a vast field of technologies.
Organisations will inevitably overlook systems and users in their network as they scale up in size. These undetected systems, or overlooked users who “hop’' on and off the network represent broken links in the security chain.
Poor password policy enforcement leaves them vulnerable to increasing brute-force credential theft and “silent failure" where attackers gain access to and remain (silent) in your network without being noticed.
We asked our cyber security experts what network security solutions they consider to be essential to protecting the network from modern day cyber threats.
IT Hygiene (patched OS, whitelisted applications)
First, a note on IT Hygiene. You can’t protect what you can not see. IT hygiene is therefore pivotal to successful network security. It addresses security risks before they become issues and helps you to get visibility into:
- who is working on your network and what they can do
- what applications are running and what security risks they pose
- where unprotected systems lie within the security chain.
With this information you can sort, analyse and remove out of date information — so you can accurately perform your own network security assessment. This includes analysing the patch level of Operating Systems, whitelisted applications and out of date users.
1. Next-Generation Firewalls
When the boundaries extend to cover multiple sites, on-premise data centres, and private, hybrid and multi-cloud environments, enterprises look into extensive firewall solutions that help defend against the adversaries targeting users, content and applications.
Because enterprises are always facing sophisticated cyber-attacks that threaten business continuity, Next-Generation Firewalls (NGFWs) are put in place. Next-Generation Firewall protection helps to secure the data center, branch, network perimeter and harsh industrial environments.
NGFW Vendors to consider
Next generation firewalling is part of 3rd generation firewall technology. An NGFW combines the capability of an enterprise firewall, intrusion prevention system (IPS), Application Control, URL filtering, VPN, sandboxing and more. The best NGFW vendors offer firewalls that instantly find and stop cyber attacks with fully automated platforms, that in certain scenarios even help to simplify security.
Palo Alto Networks NGFW
Palo Alto Networks’ Next Generation Firewalls are all based on a consistent Single-Pass Architecture. Gartner recognized Palo Alto Networks as a Leader for the seventh time in their 2018 Magic Quadrant for Enterprise Network Firewalls, positioned highest in ability to execute and furthest in completeness of vision for enterprise network firewalls.
FortiGate Next Generation Firewall (NGFW)
Having been named a Leader in Enterprise Network Firewalls in Gartner’s 2018 Magic Quadrant, the FortiGate Firewall is definitely worth considering. It offers high threat protection performance with automated visibility to stop attacks. The intent-based segmentation allows network operators to create security domains or segments based in accordance with business intent. Intent-based segmentation is the ability to deploy threat protection wherever it is needed, both on-premises and in all cloud instances, to reduce risk, achieve compliance, and protect business-critical applications.
2. Secure Access
Network Access Control (NAC)
Network Access Control is an effort to create order out of the chaos of connections from within and outside the organisation. Personnel, customers, consultants, contractors and guests all need some level of access. In some cases, it is from within the campus and at other times access is remote. NAC has become more complex over the years, with bring your own device (BYOD) policies being adopted, the prevalence of connected smart devices and the rise of Internet of Things (IOT) to name a few.
Restricting and monitoring this access to your network and data effectively is done through Network Access Control solutions. By determining which users and devices have authorised permissions, another level of security is added to the network and its data.
NAC intercepts connection requests, then authenticates them against a designated identity and access management system. Access is either accepted or denied based on a predetermined set of parameters and policies that are programmed into the system. NAC helps enterprises to implement policies for effective control over devices and user access to their networks. With Network Access Control you can set policies for device, resource, role and even location-based access. NAC also gives you the ability to enforce security compliance with security and patch management policies, among other advanced controls.
Being much more susceptible to interception compared to wired technology, many organisations experience challenges when securing information transmitted wirelessly between a device and access point. Eavesdroppers can gather logins, passwords, proprietary information, intranet server addresses, and valid network and station addresses. ‘Wireless intruders’ transmit spam, steal Internet bandwidth or use enterprise networks to attack others. In large enterprises, WLAN intrusion detection may be necessary, which offers a type of distributed monitoring with central collection and analyses.
Here’s a few tips on having a secure Wi-Fi solution in place:
- Define access requirements throughout the policy requirement framework. (Who needs access to which resource and how?)
- Have security policies in place that define rules for ‘walled garden’ guest access. (For example, logged guest sessions through access points with limited destinations, protocols, duration and bandwidth could be permitted, while you may prohibit peer-to-peer networking. When guest access is banned, your policy must state this so that steps can be taken to prevent visitor intrusion.
- Identify assets and enumerate threats and quantify risks to ensure costs weigh up against risks and security measures taken.
- Perform WLAN penetration tests and vulnerability assessments to discover which Access Points are unprotected or vulnerable and can be found by war drivers.
Top Network Access Control providers
Aruba 360 Secure Fabric starts with an analytics-ready secure infrastructure. Extensive protection is embedded in the foundation of all Aruba indoor and outdoor Wireless Access Points (APs), switches, gateways and controllers to secure the physical network infrastructure and the traffic that flows through it.
The Aruba security portfolio includes:
- Aruba Policy Enforcement Firewall
- Aruba ClearPass Policy Manager (network access control)
- Aruba ClearPass Device Insight (advanced visibility of all devices connected to the network)
- Aruba IntroSpect UEBA and NTA (integrated User and Entity Behavior Analytics and Network Traffic Analysis).
Forescout Network Access Control
The ForeScout platform offers comprehensive NAC capabilities and more, based on real-time visibility of devices the instant they access the network— regardless of where that network exists within your extended enterprise. It continuously scans networks and monitors the activity of known, companyowned devices as well as unknown devices such as personally owned and rogue endpoints.
It lets you automate and enforce policy-based network access control, endpoint compliance and mobile device security. The vast majority of IoT devices and Operational Technology on your network don’t include—or can’t handle—software agents. That’s why the ForeScout platform offers agentless discovery technologies and passive monitoring techniques to avoid business disruption.
Forescout NAC use-cases
- Control access to confidential data based on device and user profiles
- Prevent infected or noncompliant devices from spreading malware
- Automatically enforce actions for identified situations without human involvement
3. Data Loss Prevention (DLP)
As mentioned in our expert blog on Data Loss Prevention, data has become the main pillar of organisations’ business. We store, use, send and create data on a daily basis. This is why data has become a critical asset to protect and maintain.
Unfortunately, data leaks happen constantly at many different organisations. We’ve seen examples in which credit card data of hundreds of thousands of users were leaked, or where disgruntled workers copy sensitive data of the organisation they are planning to leave, publishing or selling that data, in that way causing severe (reputational) damage to users and businesses.
Recommended Data Loss Prevention Vendors
There is no limit to the amount of data that can be leaked, nor to the amount of damage that can be done. This is why it is essential for network security to have the best Data Loss Prevention solutions in place that fit your requirements.
Forcepoint Data Loss Prevention
Forcepoint's Data Loss Prevention solutions allows you to follow your data across networks and devices—both at rest and in use. Create and enforce policies that provision the access and movement of data to prevent data breaches and help ensure compliance with Forcepoint Data Loss Prevention (DLP). With full GDPR coverage and having been named a Magic Quadrant Leader for 9 times, Forcepoint DLP should definitely be on your research list of DLP vendors to consider.
- Discover and protect unknown PII and PHI, source code, engineering drawings, M&A documents, financials, trading algorithms, and sensitive trade secrets.
- Gain visibility and control over data at rest, in motion, or in use across popular enterprise cloud apps, including Office 365, Box, Salesforce, and more.
- Prepare your business with built-in expertise for regulations involving PII, PHI/HIPAA, and 2018 GDPR with DLP software.
McAfee Data Loss Prevention
McAfee Total Protection for Data Loss Prevention offers universal data protection across endpoints, networks, and the cloud. The open platform, McAfee ePO software, makes it easier to enable device-to-cloud DLP. McAfee DLP customers can extend current enterprise DLP policies to the cloud and leverage common policies to ensure consistent data loss detection. A single-pane-of glass management console manages all DLP violations and incident workflows, regardless if the DLP violations are coming from corporate devices or cloud applications. With more data being created in and sent to the cloud every day, it is more important than ever to have a set of consistent DLP policies that protect data from any leakage vectors—whether it’s corporate endpoints, unmanaged devices on the network, or even in cloud applications.
4. Cloud Access Security Broker (CASB) vendors
Essentially, a Cloud Access Security Broker (CASB) vendor helps you to protect data on somebody else’s system. According to Gartner analyst Steve Riley, they are becoming as important to cloud as firewalls became to data centers.
CASB software is deployed on-premises or in a public cloud. It sits between cloud-service providers and cloud-service consumers, and enforces security and governance policies for cloud applications, allowing enterprises to extend their on-premises policies to the cloud. With employees choosing convenience over security all the time, CASBs address this need by only allowing employees and partners to use approved cloud services and making sure they steer clear of the high-risk ones. Additionally, CASB protects data that lives in cloud service providers’ servers.
Top CASB Vendors
McAfee MVISION Cloud
McAfee MVISION Cloud is named in the Gartner Magic Quadrant for Cloud Access Security Brokers as well as The Forrester Wave: Cloud Security Gateways Q1 2019. The solution helps you to encrypt personally identifiable information in CRM’s, using encryption keys you control, while preserving searching and sorting functionality. It also enables security policies enforcement like rights management, data classification, threat protection, and encryption through a single security platform designed in the cloud, for the cloud.
Forcepoint’s CASB solutions promises to leave no cloud apps unprotected. The CRN Product of the Year 2017, offers security for all cloud applications, as well as cloud application discovery and data classification. With complete visibility into shadow IT, you can identify and categorize cloud apps to access risk and pinpoint which services to allow and monitor with Forcepoint Cloud Access Security Broker. You can also apply unique access and security policies on a per-device basis by easily distinguishing between managed and unmanaged (BYOD) devices.
5. Email security
Because Email is one of the most popular communication channels for organisations today, it is also the most prominent attack vector. Email is being accessed using multiple devices, from different locations (home, office, on the move) shaping a 'converged device landscape' for Email use. When accessing Emails employees usually inadvertently click on the links to malware hosting web sites or even worse, they install malicious content directly to the device without knowing it, which are then also being sent as attachments to others.
Top Email Security vendors
If you’re looking for the critical aspects of Email security, including the vital features to have in any Email security product, and how to integrate those into your existing ecosystem, read our expert blog on the Cyber Kill Chain and decoding Email security.
Proofpoint Email Protection
Proofpoint has been a true pioneer in Email Security for many years now. Proofpoint’s Email Protection offers advanced Email filtering, control and visibility as well as imposter Email threat protection and internal mail defense. With Proofpoint’s next generation Email security, you can protect your people, data, and brand from today’s threats and common nuisances such as:
- Impostor Email
- Bulk mail
FortiMail Email Security
Having earned the SE Labs’ top AAA rating in the 2018 Email Security Services (ESS) group test, Fortinet demonstrated their commitment to developing and innovating effective Email security solutions in the industry. FortiMail is typically selected by organisations to shield users, and ultimately data from cyber threats such as: ever growing volumes of unwanted spam, socially-engineered phishing and business Email compromise, accelerating variants of ransomware and other malware, increasingly targeted attacks from adversaries of all kinds, and more.
8 August 2019