Future-oriented network security solutions
Companies are looking to advanced technologies to protect their critical data.
With the frequency and ferocity of cyber security attacks continuing unabated, companies are ramping up their search for new ways - and new technologies - to protect critical data.
Meeting their expectations are a number of multilevel solutions spanning the security spectrum, from tighter access control to overcoming inherent vulnerabilities in the Internet Protocol (IP).
In this light, one of the stand-out solutions is device control. Underpinned by a rapidly evolving technology, it is breaking new ground in areas such as data loss and theft prevention, as well as media encryption, detailed monitoring, forensics and malware protection.
Additionally, by eliminating the manual process of validating the compliance of device configurations across the network, device control solutions now make it increasingly easy to roll-out granular policies to conform to the latest industry and company compliance regulations.
Rules and regulations
Most legacy security solutions restrict user access to devices through the implementation of access rules. However, the fast pace of innovation in the security sector is spawning new ways of achieving these security objectives.
With endpoint security representing the front line in the fight against cyber attackers, one of the key advances in this arena is endpoint detection and response (EDR).
Going beyond simple protection methods involving traditional signature-based prevention of known malware, the technologies supporting EDR take scanning and screening for malware to new levels.
EDR employs real-time threat intelligence - artificial intelligence - to correlate suspicious behaviour and activities on the network, giving users the ability to find and block the shrewdest of attacks, even those that leave few, if any, fingerprints.
Addressing malicious URLs, Web exploit codes, unexpected system changes and variances in command-and-control traffic, EDR assists network managers to better enforce Web, application, device and data policies in their companies.
Another new security-focused technology now gaining traction and maturity is network "hyper-segmentation". Not to be confused with legacy network segmentation methods in which virtual local area networks were created with the objective of limiting broadcast domains and maximising quality of service benchmarks, hyper-segmentation is based on the segmentation of the network end-to-end to isolate and protect sensitive information and data.
Should a single segment of the network be attacked, hyper-segmentation prevents uncontrolled access to any other network segments. Companies are thus able to escape the risks or serious fallout of a hack.
Hyper-segmented networks increasingly include stealth capabilities. A key characteristic of a "stealth-enabled" hyper-segmented network is a topology that is invisible from an Internet/ IP perspective.
Stealth technology allows networks to avoid the conventional hooks that enable most cyber attacks through a reduced attack profile. There are no contiguous hop-by-hop IP paths to trace, so the network topology cannot be mapped using IP-based hacking tools.
Taking the concept a step further, stealth technology delivers significantly more than basic "security through obscurity". It creates deliberate obfuscation of the network's reachability and the services it supports. For instance, services are created and also retracted dynamically based on who or what is connecting to the network. This also eliminates any potential back-door entry points.
While simply limiting how much of a network is visible plays an important part in reducing the opportunities presented to cyber criminals, proactively obscuring the network - at and between access nodes - presents a prospective hacker with little to exploit. It creates effective and practical "dead ends" for hackers.
Hyper-segmentation is also central to the design of today's fabric-based networks that are modelled on a flattened, federated network architecture. This replaces the traditional point-to-point relationships (in which network nodes interconnect via one or more network switches) with modern, scalable, multipoint-to-multipoint architectures that enhance data throughput and flexibility, while reducing physical infrastructures.
Modern fabric networks are coalescing a wide range of industry ideas into a selection of new ways of "doing unified networking". Importantly, they avoid complex legacy protocol overlays to take advantage of faster recovery times and simplified management and troubleshooting, thanks to their support of integrated layer two, layer three, IP routing and IP multicast services via a single technology.
Fabric networks combine open standards with high speed, low latency and low power, together with lossless, resilient multipath and advanced automation and scripting. The technology ensures users looking to build a best-of-breed network with the most advanced security functions can do so with confidence.
One of the spin-off benefits of a fabric network is sizable improvements in efficiency. They deliver a simplified, agile and resilient infrastructure that makes network configuration and deployment of new services much faster and easier.
Paul Stuttard is a director of specialist distributor Duxbury Networking. Currently Cape-based, he has been with the company for 29 years and has extensive experience in the IT industry, particularly within the value-added distribution arena. His focus is on the formulation of future-oriented network optimisation strategies and business development objectives in collaboration with resellers and end-users in Southern Africa.