rvlsoft - Fotolia
The network edge is where an enterprise network connects to a third-party network. Commonly, this connection will be a WAN service provider at the WAN edge or an internet service provider at the internet edge.
The point is: You're connecting your equipment to someone else's. In these cases, added network edge security is required to prevent malicious activity from the foreign network moving into yours.
Many tools are available to protect the network edge. The most common choice today is a traditional network-based firewall. A firewall is a great first line of defense to permit or deny traffic based on IP address and protocol or port number.
Getting more granular, you can implement an intrusion prevention system to monitor traffic to see if any known malicious signatures are matched. If a packet is found to contain a malicious signature, it is stopped and blocked from entering the secure side of your network.
More modern methods to reinforce network edge security include application-layer firewalls that perform deep packet inspection up to Layer 7 of the OSI model. These firewalls can look further into an IP packet to enable administrators to block traffic based on the application or service being used.
Other network security tools, such as network-based malware protection, data loss prevention and cloud-based threat intelligence and sandboxing services, are also great ways to protect the network edge from more advanced threats.
Dig Deeper on Edge computing
Related Q&A from Andrew Froehlich
The zero-trust model demands infosec leaders take a holistic approach to security. Learn about the benefits of zero trust and how it differs from ... Continue Reading
Never trust, always verify. Learn how to implement a zero-trust architecture to help manage risk and protect IT workloads at your organization. Continue Reading
Andrew Froehlich breaks down how authentication and digital identity differ and how each of them are intrinsic to identity and access management. Continue Reading