NetworkSecurity

What is network security?

Network security is a set of technologies that protects the usability and integrity of a company’s infrastructure by preventing the entry or proliferation within a network of a wide variety of potential threats.

A network security architecture is composed of tools that protect the network itself and the applications that run over it. Effective network security strategies employ multiple lines of defense that are scalable and automated. Each defensive layer enforces a set of security policies determined by the administrator.

Why network security?

In today’s hyper-connected world, network security presents a greater challenge as more business applications move to private and public clouds. Moreover, the applications themselves now tend to be virtualized and distributed across many locations, some of which are outside the physical control of IT security teams. With the number of attacks on companies climbing ever higher, protecting network traffic and infrastructure is critical.

Why network security?

In today’s hyper-connected world, network security presents a greater challenge as more business applications move to private and public clouds. Moreover, the applications themselves now tend to be virtualized and distributed across many locations, some of which are outside the physical control of IT security teams. With the number of attacks on companies climbing ever higher, protecting network traffic and infrastructure is critical.

Benefits of network security

Network security is key to an organization’s ability to deliver products and services to customers and employees. From online stores to enterprise applications to remote desktops, protecting apps and data on the network is essential to advancing the business, to say nothing of protecting an organization’s reputation. In addition, effective network security can improve network performance by eliminating downtime due to successful attacks.

What are the key tools of network security?

• A multi-layered approach to network security implements controls at numerous points within a network to provide comprehensive access control and threat control.
• Firewall : A firewall establishes a barrier between the trusted and the untrusted areas of a network. Thus, a firewall performs access control and macro-segmentation based on IP subnets. The same firewall may also perform more granular segmentation, known as micro-segmentation.

• Load Balancer : A load balancer distributes load based on metrics. By implementing specific mitigation techniques, a load balancer can go beyond traditional load balancing to provide the capability to absorb certain attacks, such as a volumetric DDoS attack.

• IDS/IPS : The classic IDS/IPS is deployed behind a firewall and provides protocol analysis and signature matching on various parts of a data packet. Protocol analysis is a compliance check against the publicly declared specification of the protocol. Signature matching prevents known attacks such as an SQL injection.
• Sandbox : A sandbox is similar to an IDS/IPS, except that it does not rely on signatures. A sandbox can emulate an end-system environment and determine if a malware object is trying, for example, to execute port scans.
• NTA/NDR : NTA/NDR looks directly at traffic (or traffic records such as NetFlow) and uses machine learning algorithms and statistical techniques to evaluate anomalies and determine if a threat is present. First, NTA/NDR tries to determine a baseline. With a baseline in place, it identifies anomalies such as traffic spikes or intermittent

Types of network security

Firewalls

Firewalls put up a barrier between your trusted internal network and untrusted outside networks, such as the Internet. They use a set of defined rules to allow or block traffic. A firewall can be hardware, software, or both. Cisco offers unified threat management (UTM) devices and threat-focused next-generation firewalls.

Email security

Email gateways are the number one threat vector for a security breach. Attackers use personal information and social engineering tactics to build sophisticated phishing campaigns to deceive recipients and send them to sites serving up malware. An email security application blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data.

Anti-virus and anti-malware software

"Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware, and spyware. Sometimes malware will infect a network but lie dormant for days or even weeks. The best antimalware programs not only scan for malware upon entry, but also continuously track files afterward to find anomalies, remove malware, and fix damage.

Network segmentation

Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier. Ideally, the classifications are based on endpoint identity, not mere IP addresses. You can assign access rights based on role, location, and more so that the right level of access is given to the right people and suspicious devices are contained and remediated.

Application security

Any software you use to run your business needs to be protected, whether your IT staff builds it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application security encompasses the hardware, software, and processes you use to close those holes.

Behavioral analytics

To detect abnormal network behavior, you must know what normal behavior looks like. Behavioral analytics tools automatically discern activities that deviate from the norm. Your security team can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.

Intrusion prevention systems

An intrusion prevention system (IPS) scans network traffic to actively block attacks. Cisco Next-Generation IPS (NGIPS) appliances do this by correlating huge amounts of global threat intelligence to not only block malicious activity but also track the progression of suspect files and malware across the network to prevent the spread of outbreaks and reinfection.

Security

information and event managementSIEM products pull together the information that your security staff needs to identify and respond to threats. These products come in various forms, including physical and virtual appliances and server software.

Identity Services Engine with SIEM (PDF - 439 KB)

VPN

A virtual private network encrypts the connection from an endpoint to a network, often over the Internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to authenticate the communication between device and network.

VPN and Endpoint Security Clients

Web security

A web security solution will control your staff’s web use, block web-based threats, and deny access to malicious websites. It will protect your web gateway on site or in the cloud. "Web security" also refers to the steps you take to protect your own website.

Wireless security

Wireless networks are not as secure as wired ones. Without stringent security measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking lot. To prevent an exploit from taking hold, you need products specifically designed to protect a wireless network.