Network security basics: A Buyer's Guide
A collection of articles that takes you from defining technology needs to purchasing options
Having the right network security measures for your infrastructure is crucial, as the protection of sensitive data and the elimination of security threats are of utmost importance. When you start looking around, you'll find that there are plenty of security vendors to choose from -- and each will tell you its product is best. But some network security measures are better suited for your network architecture and specific data security needs. This article will help you establish a set of criteria to use when comparing network security products for your enterprise.
Location of mission-critical data
Understanding where your company data is stored today -- and where it may be in the future -- is a great indicator of the types of security tools needed and their importance in your overall security architecture. Whether data is stored in-house, in the cloud or both affects the security tool's effectiveness and criticality.
If the majority of data will be stored in private data centers, then perimeter security using next-generation firewalls (NGFWs) and network access control (NAC) will be crucial for ensuring data is protected. The firewalls will safeguard data from users outside of the corporate network, while NAC will assist in making sure that users and devices have proper authorization to access data.
On the other hand, if data is or will soon be stored in the cloud, your overall security posture should emphasize security tools compatible with the cloud. For instance, many NGFWs offer cloud compatibility through virtualized firewalls. Similarly, your network security measures should emphasize secure Web gateways (SWGs) and malware sandboxes to prevent data loss between networks. These tools also restrict potentially malware-infested data from moving between the corporate network and various cloud service providers and the Internet. Many SWGs and malware sandboxes offer cloud services, making them better suited for enterprises with data stored in the cloud.
Internal users and devices
Protecting a corporate organization from untrusted external connections such as the Internet and WAN edges is a no-brainer. But what if specific data should only be accessed by specific users? And what about external consultants, guests and other users who have access to the internal network, yet should not be considered trusted? This is where NAC and possibly NGFWs come into play. Using NAC, you can verify the identity of every user who attempts to access the network. Users not permitted on the network will be completely blocked from accessing it. Others with limited access rights will be allowed on the network but will only able to access the applications, networks and data that the security administrator permits. NAC rules can either be integrated into network switching/routing devices, or through the use of internal NGFWs that segment various internal networks.
Trusting devices is becoming a more critical element of network security measures, especially when the company allows non-corporately controlled devices to connect to the internal network. The bring your own device movement adds significant risk to a network because devices brought in may not be secure enough for the operating system, applications and antivirus. In a worst case scenario, a user could connect a malware-infested device, which would then infect any devices and servers it accessed. To prevent this, NAC can be set up to assess the posture of the device to identify the hardware/OS/antivirus software running on it and determine if it meets pre-defined standards. If it does not, the user is either completely denied access or placed onto a quarantined network segment until problems are rectified.
Location of network security tools
Many security tools can be deployed either in-house or as a cloud service. Cloud-deployed security tools are becoming popular for two primary reasons. First, cloud-based security eliminates the need for in-house security administrators to manage the tool at a lower level. The service provider becomes responsible for maintaining network connectivity, patches/updates and any other lower-level infrastructure tasks. It allows your security administrators to focus on configuring and managing the security tool itself.
The second benefit of deploying network security measures through the cloud is that they can be more easily leveraged if your network is highly distributed. For example, it used to be that a remote site would be designed to direct all Web traffic back to the corporate office so it could be filtered through an SWG. The cost of deploying an SWG at each location was often too high, so routing traffic back to headquarters was the most cost-effective option.
Unfortunately, this design often led to single points of failure and increased network latency if the remote site did not have redundant WAN connections and was a great distance from the corporate office. By moving SWGs to the cloud, it potentially removes single points of failure and significantly reduces latency. Cloud providers are often geographically dispersed and your SWGs can be virtually deployed around the globe, effectively placing the SWG closer to each remote site. This tactic can significantly reduce latency issues inherent in older designs that backhauled all Internet traffic to a single location.
Effectiveness of products as part of a defense-in-depth strategy
It is vital that a security architecture be viewed as a unified, defense-in-depth strategy. To that end, many network security measures must work together to optimize performance and increase effectiveness. When you begin vetting different vendor products, make sure you understand and confirm what dependencies the application may have on other security tools. This will ensure you have the right security tool for this specific task, as well as other components that integrate with it.
Case in point: Some malware sandboxes work completely independently. All data flows through the sandbox and the malware sandbox tool filters out the legitimate traffic while flagging data that looks suspicious -- and thus needs additional testing. But other malware sandboxes rely on NGFWs and/or SWGs to flag data as suspicious. Because of this, you must make sure your NGFWs and SWGs can perform the functions that the malware sandbox demands.
Additionally, all of your network security measures must dovetail with your security information and event management (SIEM) platform. The role of a SIEM is to pull in event and log data from the various security tools into a single repository. The SIEM then can analyze the data to correlate potential malicious security trends and compliance issues. While most data collection techniques use standards-based logging and Simple Network Management Protocol, it's important to verify that the security tool you plan to rely on meshes with the SIEM you already have, or plan to implement.
Learn how to apply network security measures to an AWS cloud.
Protect yourself from security risks posed by middleware tools.
Deal with cloud security threats efficiently.
Reduce the hassle of VPN security in the cloud.