Network security is complex material. In order for even the largest organisations to determine what and where to apply the right security policies, a detailed assessment should take place.
On this note, ITWeb, in partnership with Infoblox, is conducting an online Network Security Survey during May to gain valuable insight into the networking security strategies within South African organisations.
"Applying the correct security solutions also depends on the organisation's line of business. For example, a mobile service provider has different requirements compared to a financial institute. It is important to apply what's right for the business and more importantly for its customers, says Rene Bosman, manager at Infoblox Africa.
According to Bosman, applying the right network security solutions will result in brand protection and customer awareness.
"This is the number one success criteria. For example if a bank does not apply correct security policies, across multiple layers, it could seriously impact their brand and reputation."
Protect your organisation with successful deployments of security
"This is maybe easier said than done because the 'bad guys' out there will continue to find ways to penetrate your network and, as an organisation, it's important to be up to date with the latest threats."
Performing penetration tests in your network to understand holes and risks is a very good starting point, Bosman advises.
"This will expose your company to certain risks, depending on the line of business you are in.
"Interestingly enough, we have learned that most security threats take place from within the company/enterprise and most organisations are not aware of this. It could be as simple as clicking on the wrong Web site and malware is installed on the desktop or laptop. Or even by inserting a flash drive that contains a botnet."
Security is not just having adequate end point software or a firewall.
"Security is a layered approach and (unfortunately) there is no such thing as a one-size-fits-all solution or vendor. As security threats evolve and change all the time, security architects and officers continuously need to review their strategies and apply new policies. Many security vendors have automated threat intelligence feeds."
Bosman goes on to say that it's important to not only select the right threat intelligence feed (to keep your systems updated against new threats), but to also ensure these feeds are renewed and automatically updated.
"Failure to do so, may lead to security holes exposing your company. As mentioned before, security is a layered approach and there is no such a thing as one vendor that provides all your security needs. This is also where the complexity comes in."
With regard to effective cost management of network security solutions, Bosman says that the best way to manage cost is to ask questions from multiple vendors, integrators and analyst.
"Get free advice as much as possible before making a buying decision. This is one way to control and manage cost. Second, also ensure to have one view of all your security events. This will save time to find the security threat and will allow you to action much faster."
DNS experiences high volume of cyberattacks
"The biggest shift we have seen is the security threats involves DNS servers. Today DNS is the number one attack vendor for 'the bad guys' because it's quite easy to penetrate a network using existing legacy DNS servers."
There are basically two types of security attacks on DNS solutions; one is the so-called volumetric attacks (also known as DDOS) where the attacker has the objective to disrupt your business by "flooding" your DNS server, says Bosman.
"Bear in mind, DNS is the most critical network component, both to allow you to communicate within your enterprise, but also to communicate to the outside world. If the DNS is 'out', your business is 'out' and customers should start looking at DNS as a key component of their overall network and security strategy. The second type of attacks are the non-volumetric ones where the DNS is used to or steal data from within your company."
In terms of South African organisations, Bosman believes that South African organisations are not any different than other regions or countries, and our banking segment is a best practice when it comes to overall security applied to its customers and other financials in the world
"Possibly the biggest challenge is to make the right decisions and investments, in a financially challenged climate. Success factors are performing the right assessments and understand your security gaps and threats, doing the right proof of concept, understand the risk to your business, discussions with vendors, analysts, etc and finally selecting the right vendor and partner to implement these solutions," Bosman concludes.
Complete the survey here and you could win a Samsung DVD Home Theatre System.
Share