Securing Today's Evolving IT Environments Requires Four Things
Networks are evolving rapidly. The transformation to a digital business model has extended the network beyond the perimeter, which means that today’s networks and their related security are becoming borderless. IoT and cloud solutions require organizations to worry about an attack surface that may not even be visible to IT. Worse, many IoT devices are headless, run simple communications protocols, and are unable to run a client or even be patched. Instead, they rely exclusively on the access layer for security.
In addition, critical and proprietary business data is being moved into the cloud and managed by third parties. This means that many organizations are simply unaware of where their data is currently located, or what security measures are in place to protect it. And endpoint devices are not only highly mobile, they increasingly blend personal and work profiles, representing real risk as critical data is accessed from public locations or when devices are lost or stolen.
Securing today’s evolving network environments requires four things:
- Visibility – You can’t defend what you can’t see. You need to identify every element on your network, visualize how these components interact in order to identify potential attack vectors, and use that information to establish and enforce more effective policies and mitigation strategies
- Segmentation – End-to-end segmentation, from IoT to the cloud and across physical and virtual environments, enables deep visibility into traffic that moves laterally across the distributed network. It can be used to limit the spread of malware and allows for the identification and quarantining of infected devices.
- Automated Operations – Dynamically sharing local and global threat intelligence between security devices allows for a centrally orchestrated, coordinated threat response to stop a threat anywhere along the attack chain.
- Security Audit – Centralized management and log analysis, combined with next-generation SIEM technology allows security architecture to automatically determine and monitor trust levels between network segments, collect and store real-time threat information for forensic analysis, establish and update security policy, make recommendations based on security posture and orchestrate appropriate policy enforcement anywhere across the expanded network.
What is increasingly clear is that the sort of security today’s organizations require cannot be delivered by the legacy security solutions they currently have in place. Having a security fabric is a new approach. Integrating technologies for the endpoint, access layer, network, applications, data center, content and cloud into a single collaborative security solution that can be orchestrated through a single management interface is required for today’s businesses.
Organizations need to consider network security approaches that incorporate the following key attributes in order to safeguard their businesses from the threats of today and tomorrow:
Scalable: An important step in protecting the entire enterprise, from IoT to the cloud.
A comprehensive security strategy needs both depth (performance and deep inspection) and breadth (end to end.) Security should not only scale to meet volume and performance demands, it should also be able to scale laterally by seamlessly tracking and securing data from IoT and endpoints, across the distributed network and data center and into the cloud.
Secure: Global and local threat intelligence and direct mitigation information between individual security products enables a coordinated response across the network that accelerates the Time to Protect.
Not only does security need to include powerful tools deployed across the various places and functions of your network, but a true security solution requires that these discrete elements work together through an integrated threat detection and response system. By combining all security tools across the network landscape, you can take advantage of integrated local intelligence collected from across the network. Some solutions allow you to distribute this intelligence as actionable policies to enable a cross-network coordinated response in order to identified threats and anomalous behavior.
Aware: Leverage the power of dynamic network segmentation to expand visibility deep into the network, better detect malware and anomalous behavior and immediately impose and enforce policy to reduce the risk from advanced threats.
You not only need to see data that flows into and out of your network, but how that data traverses the network once it’s inside the perimeter. End-to-end network segmentation for deep visibility and inspection into traffic travelling the network, combined with collaborative control of who and what gets to go where, is required to help reduce the risk from advanced threats.
Actionable: Identify solutions that integrate cloud-based big data systems to correlate collected threat information, log files and network data and provide IT teams with real-time actionable threat intelligence.
It’s not enough to detect bad traffic or block malware using discrete security devices. You need a common set of threat intelligence and centralized orchestration that allows your security to dynamically adapt as a threat is discovered not just in your network, but anywhere in the world. It’s key to have big data cloud systems that centralize and correlate threat information, log files and network data to automatically deliver actionable threat intelligence to every security device in your network’s security fabric, in real time.
Open: As technology progresses, it is now possible to integrate and interoperate with an open ecosystem of security and network solutions, a critical factor in maximizing existing infrastructure investments.
Of course, a true security fabric will let you maximize your existing investment in security technologies. Integration needs to go beyond simply allowing third-party solutions to collect or redirect data and traffic. You need solutions that can truly integrate and actively collect and share threat information and mitigation instructions in order to improve threat intelligence, enhance overall threat awareness and broaden threat response from end to end.
The enterprise transition to a digital business model is driving the necessary evolution of the network. However, this evolution is also one of the most challenging aspects of network security today. As significant trends in computing and networking continue to drive change across critical business infrastructures, organizations need a new, innovative network security approach to help them embrace that change.
About the Author
John Maddison has more than 20 years of experience in the telecommunications, IT Infrastructure and security industries. Previously, he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that, John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.
Edited by Alicia Young