How secure is your network?

Jaco Prinsloo, Saicom

---

It should come as no surprise that every organisation requires robust network security. If you have connected devices like computers, servers and smartphones, network security is what will keep your business data safe from threats and ensure your network remains usable. But as technology advances, so do the cyber criminals that seek to exploit vulnerabilities. Threat actors have become more advanced in their methods of attack and the network has had to evolve into sophisticated intrusion detection systems.

“Protecting at the network layer has become more complex with hybrid work modules and cloud-based solutions,” says Dean Vorster, Zinia’s CTO. “Network security products will reduce the threat exposure to an organisation, but it’s not the silver bullet. Cybersecurity is a holistic approach and needs to be addressed from all verticals.”

The first step is creating a good network security policy that should outline the rules, procedures and guidelines governing the access, usage and protection of critical assets.

Saurabah Prasad, a senior solution architect at In2IT, says a network security policy should be regularly reviewed and should also look at factors such as password management, remote access and incident response.

With the number of connected devices (29.3 billion) far exceeding the number of humans (5.3 billion), according to Cisco’s “Annual Internet Report”, a solid network security policy is not only good practice, but good hygiene as every user on a network represents a possible vulnerability. “The focus of a good network security policy is identifying potential threats and vulnerabilities and prioritising security measures based on those risk levels,” says Check Point Software’s Rudi van Rooyen. Here are some basic guidelines:

• Asset management: define critical and non-critical assets
• Data discovery: where does data reside, and who has access to it?
• Access control: define which user has access based on their role
• Track network security events: have a threat prevention policy that will run automatically
• Reporting: granular reporting to stakeholders in the company
• Incident response plan: includes procedures on identifying security breaches and how to contain the event by isolating the infected host.

A robust network security policy should be the bedrock of cyber resilience, and blend threat assessments, access controls, and agile response mechanisms, says Roy Alves, Africa sales director for J2 Software. “It’s not just a set of rules; it’s a dynamic shield that anticipates, adapts and fortifies, ensuring data integrity and operational continuity in the face of ever-evolving cyber threats.”

From access control policies to encryption and incident response policies, implementing the right network security policy can be a demanding undertaking. Some of the most effective network security policies weave in the concept of zero trust, which combines technology, policy and education.

“It’s heartening to see that many businesses are adopting zero trust concepts and frameworks. However, they must take a step back,” says Mark Campbell, a principal sales engineer at Netscout. “Modern ransomware attacks often use legitimate IT and enduser tools such as a VPN or Remote Desktop Protocol (RDP) to gain access. These tools are used by authorised staff as part of their jobs, making initial detection of modern ransomware attacks difficult,” says Chris McCormack, Sophos’ director of product marketing. “The root of the problem is that there’s too much implicit trust in these tools; anyone who can access a VPN or RDP is assumed to be trusted, a practice that has proven time and time again to be unwise.”

Campbell’s advice is for a business to first define its critical assets, the risks associated with these, how the organisation would be affected should these be lost or stolen, and the relative impact of these to the company.

Each organisation’s risk profile is unique and its security policy should be too, says Campbell. “Implementing a network security policy needs to strike a balance between disrupting business processes and frustrating users (as more security policies could be put in place and additional points of enforcement introduced), with minimising risk and taking the needs and capabilities of the users into account.”

Campbell adds that while it’s important to implement a network security framework, the research done beforehand will dictate what is applicable for your organisation in particular. “Continuous monitoring is then essential to measure compliance and expose any gaps. This is where packet-based network security systems can play a critical role,” he says.

AI and machine learning (ML) have become important tools that have the ability to enhance a company’s network security strategy. “Imagine a human processing 31 billion alerts on a daily basis. It’s impossible, and this is where AI and ML are of great value to bring the attention to the exceptions,” says Vorster. “Managed threat response (MDR) is a key aspect to IT security, where a human is behind the threat hunting. AI and ML can reduce the noise that’s generated so it’s easier for the threat analyst to do hunting.”

While AI has a role in assisting to reduce the network attack surface, it’s only as good as the code behind it. Generative AI has made it easier for cybercriminals to target the network, using prompting to level up their attacks. “Even though attackers are increasingly using GenAI solutions to enhance their methods, the benefits of GenAI are still more beneficial to defenders,” says Saicom’s head of security Jaco Prinsloo. “This aspect of AI and ML in network security suggests a dynamic where technological advancements, although available to both sides, tend to offer a greater strategic advantage to those defending networks against cyber threats.” Prinsloo says that the biggest advantage of AI in network security is the ability to quickly sift through, and make sense of, the enormous quantities of security data ingested daily by security operations centre (SOC) solutions.

“This frees up human resources, allowing them to focus on higher-level services rather than getting bogged down in the vast amount of data,” says Prinsloo. AI and ML also have the potential to mitigate the skills shortage faced by the cybersecurity industry. “By employing these technologies, the efficiency of network security operations can be improved, providing more effective and actionable security information,” says Prinsloo.

“These days, you need modern firewall, endpoint, and message protection working together with the latest machine learning and sandboxing technology to identify evolving targeted threats attempting to access your network,” adds McCormack. “Ideally, you need to stop these threats before they get on your network or isolate and prevent them from moving if they get a foothold on your network.”

In network security, the concept of layered security, or defence in depth, often takes centre stage because in a real-work scenario, a cybercriminal faces hurdles like firewalls, IDS/IPS, endpoint security, access controls, and IAM protocols when attempting to breach a network.

“This multi-layered defence not only deters attackers, but also limits the impact if one layer is compromised,” says In2IT’s Saurabah Prasad. “Importantly, layered security demands continuous monitoring, evaluation, and adaptation to stay effective, underscoring the dynamic nature of this strategy against evolving cyber threats.”

Layered security is driven by two key factors:

1. The acknowledgment of an imminent breach, which embraces the idea that security compromises are an inevitable part of a business’ operations.
2. The threat of zero day vulnerabilities and exploits emphasises the need for robust security layers. 

“The primary objectives of a defence in depth approach include minimising the impact of a breach by preventing attackers from moving laterally into more sensitive systems and areas within the network,” says Saicom’s Jaco Prinsloo. “This approach aims to reduce the dwell time of attackers on the network through early detection and to protect sensitive data with multiple layers of identity and access controls.”

As cloud solutions gain traction, technologies integral to the defence in depth strategy are expected to include the Secure Access Service Edge (SASE) stack of solutions – this approach combines Wide Area Network (WAN) capabilities with network security functions.

Prinsloo explains that the key components of the SASE stack include:

1. Software-Defined Wide Area Network (SD-WAN)
2. Zero-trust network architecture (ZTNA)
3. Secure Web Gateway (SWG)
4. Cloud Access Security Broker (CASB) or SaaS Security Posture Management (SSPM)
5. Firewall as a Service (FWaaS)

“An often underrated, but potentially highly effective technology in reducing the dwell time of attackers on a network, is the use of honeypots. These are physical or virtual devices designed to mimic normal systems within a network, like a file or web server,” says Prinsloo. When any activity is detected on these devices, such as accessing a port, service, or file, an alarm is triggered. “These alarms, when configured correctly, are highly accurate indicators of malicious activity, providing actionable information for SOC teams.”

This approach, alongside the advancements in AI and ML in reducing false positives typically found in Security information and event management (SIEM) solutions, enhances early detection and response capabilities, making honeypots an invaluable tool in a comprehensive defence in-depth strategy.