The Importance of Securing Your Network

Every organization, in every vertical market today is under relentless, systematic attack from an increasingly sophisticated, if renegade, community of professional hackers. 

Cisco estimates the global cybercrime market is worth somewhere between $450 billion and $1 trillion. One thing is certain: You will get hacked.

These statistics from Cisco tell the story:

  • 60% of data is stolen within hours
  • 54% of breaches remain undiscovered for months
  • 100% of companies are connected to domains that host malicious files or services

Endpoints, networks, email, virtual environments, clouds and data centers. Every device and every interface in your IT environment is an access point for attack. The prospect of the Internet of Things scattering millions of hackable devices across the IT landscape adds a whole new dimension to the security threat.

The only effective approach to security is a holistic, risk-management based approach that is manageable, adaptable, resilient and responsive.

Within that context, Logicalis has identified four often-overlooked security considerations that deserve your attention. Three of them involve defending vulnerabilities that too many organizations today leave unprotected. The fourth consideration involves an opportunity to tap security data for business enablement. The four security considerations are:

  1. Network segmentation — Separating networks from each other based on the relative risk of intrusion. Don’t let your partners access the same network as your accounts receivable.
  2. Network access — Arm your network to act as a sensor and an enforcer. Capture network flow data to see who is using your network, and authorize your networks to enforce your security policy.
  3. Managed security alerts — Security monitoring platforms can overwhelm you with a continuous swarm of alerts. Managed security services helps you decide what is a real threat and what is not and respond accordingly.
  4. Business enablement — Security tools capture a tremendous amount of data about how your compute resources are being used. Use the visibility security technology provides to into your environment to identify opportunities to be more efficient, and more productive. 

Using Network Segmentation to Keep Your Critical Data Safe

Legitimate users have reasons for accessing data on your corporate networks. Employees need to get their work done, customers need to research your offerings and interact with your brand, and partners need to share relevant data so they can work efficiently with your organization. Not everyone needs access to all your data, however. And that’s the key to network segmentation.

The first step in implementing network segmentation is identifying the assets and data that are critical to running your business and then isolating them on separate networks so only people with the correct authority, and best intentions, can access them. By properly segregating the networks, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it.  

This is such an obvious vulnerability that it is amazing, if not disturbing how many organizations ignore it. The much reported hack of a large retailer, for example, was made possible because HVAC contractors had access to the same network within the retailer’s environment that contained its point-of-sale systems.

In conjunction with segregating front-end customer focused networks from back-end critical networks, you need to critically review who needs to have access to which networks.

A useful rule of thumb in network segmentation is the “Rule of Least Privileged” which stipulates only giving a user privileges essential to that user’s work. Organizations that apply this rule diligently, stand a better chance of keeping their brand off the walk of shame on national news for losing customer data.

A good approach to authorizing users access to specific systems is to deny privileges unless there is a specific need for access. It may even be appropriate to block users from whole geographic regions from access to specific networks. When in doubt, deny access until convinced otherwise.

Network segmentation is a simple concept, but it would be misleading not to acknowledge that accomplishing it often involves dozens of firewalls, switches and routers and hundreds of security rules. It can be overwhelming for an IT department, even with a well-staffed network team, to segregate networks effectively while they are focusing on upgrading, patching and putting out fires.

Don’t put off closing these vulnerabilities until it’s too late, however. A security breach can start fires in your IT environment that will burn your organization all the way to the Wall Street Journal.  

Arming the Network as the First Line of Defense

Your corporate networks are your organization’s nervous system. Trends like bring your own device (BYOD) and the use of public and hybrid clouds can extend your nervous system and effectively your presence throughout your marketplace. The prospect of the Internet of Things (IoT) promises to carry your network even further from the relative security of your data center. As your network expands, virtually nothing happens in your world that doesn’t touch your network at some point.

Your network as a sensor
Conventional networks were just conduits of data. They had limited awareness of the types of data they transported or the types of users who accessed them.

Network sensor technology available today can enable your networks to become aware of how they are being used and by whom. From a security perspective, this kind of intelligent visibility into your network traffic serves as a valuable tool to identify anomalous traffic from the furthest branch office down to the traffic in the data center. 

Implementing network sensor technologies turns your network into an integrated web of ever-vigilant digital sentries that can detect malware, identify user access policy violations and obtain broad visibility into all network traffic so the appropriate action can be taken to protect the network against threats.

Your network as an enforcer
Once your network has been given the intelligence to recognize how it is being used, it can be used to dynamically enforce security policy through software-defined network segmentation to isolate critical systems. It can also be used to contain attacks by preventing the lateral movement of threats across the network, as well as minimize the time needed to isolate threats when detected. Armed with the authority of your security policies, your network can automatically act on your behalf to quarantine threats, segment network traffic and provide the policy engine for making changes to enforce new policy based on detected threats over time.

A daunting assortment of tools and technologies are available to outfit your network with sensory intelligence and the authority to enforce your security policy. Trying to pick the best of the breed—or cheaper technologies for specific components of your network runs the risk of creating a tower of Babel with technologies that don’t speak the same language. A better choice is to go with a set of tools that are designed to work together. 

Unblinking Vigilance 24/7 with Managed Security Services

Many organizations have learned the hard way that implementing a security monitoring platform that is not tightly integrated with an effective service management toolset can overwhelm an IT department with a continuous swarm of alerts as threats are identified.

Here’s a common series of events that occurs when an IT staff decides to implement a monitoring tool for themselves: After dutifully following all the procedures for implementation, when they see alarms start showing up on the monitor, they pat themselves on the back and say, “Awesome. It works. This wasn’t so hard.”

An hour later they are holding their collective heads in their hands saying, “OMG! What have we done?” as hundreds of alarms swarm at them, each one seemingly demanding immediate attention.

The onboarding process of top tier managed services providers (MSPs) essentially loads data about your systems into their ITSM toolset providing a range of functions including incident and change management, a service catalog and a configuration management data base. By integrating the service management tool with the monitoring platform, MSPs can separate the informational alerts from actionable ones and act as a first responder to decide what’s a real threat and what is not.

Managed security services extends this capability to monitor, evaluate and respond to security threats to your critical business systems. Services can include:

  • Maintenance and patching of your systems to remove potential vulnerabilities.
  • Antivirus and Malware protection.
  • Firewall management and monitoring including next generation application aware firewalls.
  • IDS/IPS management and monitoring
  • Application monitoring
  • Internal resource monitoring
  • Antivirus Software
  • Security event log management and correlation (SIEM and Active Device Management)
  • Security Incident response management
  • Data Encryption at rest and in transit
  • Identity and Access Management including directory services.
  • Mobile device management.

Monitoring and managing critical systems for security threats is a 24/7 undertaking that needs to able to learn and evolve as rapidly as hackers vary and update their attacks. Just because you were able to thwart an attack today, doesn’t mean you will be safe tomorrow. For IT departments that don’t have the staff or expertise to outsmart hackers 24 hours a day, managed security services can provide unblinking vigilance to keep your data safe and your corporate brand out of the newspapers.

Five Ways to Use Security as a Business Enabler

When people hear the word “security,” they almost certainly think about breaches, firewalls or governance policies that strictly allow or deny access to business information. Protection and prevention is, after all, its primary role.

But modern security tools can do a lot more than protect. Used strategically, they can also provide valuable insight – a deep visibility into a company’s IT infrastructure, a better understanding of how corporate computing resources are used, even insight to power targeted advertising.

Often overlooked, here are five business-enabling benefits that advanced security solutions can provide:

  1. Investment prioritization: Gaining a better understanding of who and how many people use applications within the data center provides the insight required to support effective prioritization and more targeted investments.
  2. Geo-location data: Learning where customers reside can be used to optimize advertising.  Equally, questioning unusual communication patterns can reduce risk, putting the organization on the front foot by quickly determining whether behavior is marketing-driven or malicious.
  3. Troubleshooting: Security tools can be used to give IT teams a baseline for “normal” IT system states and performance, which helps isolate faults and get things back online faster.
  4. IT capacity planning: Visibility gives IT a handle on what resources are being used. No one wants to overbuy capacity that sits unused or to be caught short by under buying.
  5. Social media measurement: Find out how sales and marketing interacts with customers and measure engagement by traffic volume. You can also help with promotional targeting by determining which social media outlets are most relevant to customers.

If you have been diligent about implementing security technology and procedures, don’t forget to take advantage of these benefits from your investments to save money and support business objectives.

If you haven’t been diligent, now is a good time to start. 

Contact Logicalis