Ways to improve your corporate network security posture
Networks are getting faster, IT is migrating to the cloud, applications are sharing the web and people are bringing their own devices to work. These factors, coupled with the fact that the bad guys are playing a smarter game than they’ve ever played before, combine together to have a profound impact on the way that organizations must start behaving. In order to effectively create a strong security posture, you must understand the eight categories of cyber security which are affected.
These categories include:
If you are responsible for protecting a mission-critical network, here are a few things that you need to think about:
- Record network traffic for the purposes of forensics
You will never make sense of a security breach without a complete record of every last packet after the fact. Event and log management can indicate some type of breach occurred, but without having all the data to reconstruct the precise activity of the session, your company will not be able to determine if the attackers merely got onto a system, versus having gotten away with sensitive data.
- Use recorded traffic for retrospective threat detection
The fact that your IDS or IPS didn’t alert you on an attack at the first pass doesn’t mean that there wasn’t one there. It simply means that your rules engine didn’t know about it. If you record traffic, you can re-run it through your network security systems the next day or the day after with updated rule sets. With network recording you reduce the risk of being caught out by a zero-day attack.
- Get visibility into the application layer
You can’t truly know where you are vulnerable until you have complete visibility into exactly what’s traversing the network in real time. Different applications have different risk profiles, and you need to know which applications are present on your network and who is using what. With more and more applications sharing a common port, the ability to distinguish between applications at layer 7 is critical.
- Don’t oversubscribe your systems
When resources are constrained and space is limited, there’s a natural tendency to push more traffic through systems than they can handle. What a security system—such as an IDS or IPS—says it can handle and what it can handle are frequently two different things. It’s essential that you understand what throughput your systems can handle before they start missing important events and exposing you to unnecessary levels of risk.
- Consider the demands of tomorrow, today
As you make strategic decisions about which systems that you’re going to use to protect your organization, make sure you think about the way your network is changing. For many large organizations, 40Gbps networking will become a reality inside the next system refresh cycle (3-4 years). When your core infrastructure upgrades, will your tools be able to keep up? To avoid the need to retrain your teams and switch hardware vendors, work with vendors that can show you a 40 and 100Gbps roadmap today?
- Use a common data source
Network security—and monitoring tools for that matter—all rely on captured packets to generate intelligence. One way to improve your security posture is to ensure that all your tools are sharing the same source of 100 percent accurate traffic, either by putting them all behind a single accurate source of packet capture OR by co-locating them on a common platform.
- Think about your rules
Your network and your traffic are uniquely yours, and for that reason it’s critical that the rules you choose to run on your network security systems are relevant to you. By understanding your traffic profile and insisting on a network security platform that enables you to choose your rule supplier and write your own rules where necessary, you can dramatically improve your posture.
- Take an Inventory of your business and security requirements
Compare your business and security requirements to what’s actually happening. For most companies, there’s a significant delta between what the business side and security side want to capture and analyse on the network, versus what is actually being captured and analysed. Ask yourself the following questions:
- Is the business getting information it needs to be secure?
- Which security solutions are leaking data or not getting the whole picture?
- What hardware and software are due for replacement?
- Are there consolidation opportunities?
- Prepare your employees.
Cyber-attacks that exploit unsuspecting employees are pervasive. And lack of employee awareness can be the biggest threat to an organization’s network security. New hires need foundational cybersecurity training, and existing employees need regular refresher courses. Regular drills need to be staged to ensure continued compliance.
- Plan for the inevitable.
Constantly test and harden your network and have a detailed incidence response plan in place. This plan should include steps for backing up data, locking down systems, and deploying an incident response team at a moment’s notice. Minimizing response times and institutional hiccups following an attack is the best way to survive one.