With few exceptions, everyone realizes the importance of network security. Organizations of all sizes and across every industry understand that it’s crucial to defend against malware, botnets, ransomware, unauthorized access, and other cyber attacks from a constantly shifting threat landscape. The rise of wireless networks, mobile devices, cloud computing, DevOps, and containers has completely eroded the concept of a network “perimeter”, though, and leads to the question, “What is network security?”
Where is your network?
Once upon a time, I was a network administrator. I am dating myself to some extent, but I knew where my network was. It was contained—for the most part—within the walls of the building my company was in. I could walk into the data center and physically remove Ethernet cables to disconnect a server or endpoint from the network. There was a distinct “inside” of my network, and a separate and distinct “outside”. There was a clearly defined perimeter that defined what was inside and what was outside.
It was a simpler time then. Today, your network can be everywhere and nowhere. Users have laptops, tablets and smartphones. They connect wirelessly to access applications, data and other resources, or work remotely over the public internet from home or a Starbucks on the corner. Many organizations have hybrid environments that span local data centers and public and private cloud environments—with applications and data replicated across multiple sites around the world for resilience. There is no perimeter.
What is network security?
If you can’t define where your network is, how can you effectively protect it? The trick is to change the way you think of your network, or information security in general. Instead of viewing things through the lens of inside or outside of your network, consider what it is you actually need to secure and protect.
Network security has evolved. There are many different types of network security and many elements involved in securing your applications and protecting sensitive data: web security, email security, application security, mobile device security, data loss prevention, and more. Effective network security requires a holistic view that encompasses all of the ways your applications and data are exposed to potential threats.
It is also essential to understand that keeping all bad guys and malware out of your network is not a viable goal. There is no such thing as perfect cybersecurity or an impervious network. So, instead of viewing the world as “us vs. them” or “inside vs. outside”, focus on effective detection of suspicious or malicious activity inside your network and on tools and processes that minimize the time an attack can remain undetected and limit the potential consequences or damage.
You also can’t--or shouldn’t--treat everything the same. Prioritize your resources and effort based on the relative risk each asset is exposed to, and the value or sensitivity of the asset should it be compromised. Prioritizing security for servers, applications, and data that are at the greatest risk is more important than defending a non-existent perimeter or separating “inside” from “outside” of the network.
Effective Network Security
Cybersecurity can’t impede productivity. Authorized users need to be able to access resources and data without unnecessary friction. At the same time, you need to have tools and processes in place capable of detecting suspicious or malicious activity and alerting IT personnel or initiating some action to block the attack.
You can’t protect what you can’t see, though. In a world of DevOps, containers, and hybrid cloud environments, the concept of a network is much more fluid and dynamic. The first step to effective security is to ensure you have comprehensive visibility of your environment—wherever that may be—and tools capable of providing an accurate inventory of the devices, services, applications, and users connected to your network at any given moment.
The lack of network perimeter and more advanced cyber attacks make tools like intrusion prevention systems (IPS) and behavioral analytics more important. Attacks frequently use social engineering or cracked or stolen credentials to gain access to the network, so they appear at first glance to be authorized users. IPS monitors traffic on the network to identify malicious activity, and user behavioral analytics enable you to detect suspicious or unusual behavior that might indicate a compromise.
So, what is network security? The answer to this fundamental question is that the network has evolved, but the goal of network security is the same. Organizations want to avoid cyber attacks and protect applications and data from compromise. As technology changes and attackers adopt new techniques, cybersecurity needs to adapt as well. Effective network security requires cloud-native tools that can scale as needed to keep up in a rapidly-changing environment.