In light of surging ransomware cases and recent high-profile cyberattacks like those on SolarWinds, Colonial Pipeline, and meat supplier JBS, enterprise security teams may fall into the trap of thinking, “more defenses are better.” They implement an arsenal of point solutions, hoping their bases will be covered. The reality is, an organization can spend as much as they can afford and add as many tools as they want to their portfolio–but if the underlying network infrastructure is not secure, these tools may not make a difference.
The way businesses often approach network security hasn’t kept pace with the demands of the increasingly distributed workforce or attacker sophistication. In the past, the hard edges of the traditional firewall were enough to protect an organization against outside access. But with today’s highly distributed workforce and the proliferation of IoT and personal devices, the traditional perimeter is obsolete. It’s nearly impossible to identify a rigid perimeter, with connections spanning the campus edge, user devices, IoT devices and both public and private clouds.
Sufficiently defending an “everywhere perimeter” calls for fundamentally new capabilities within today’s security model. Organizations must find new ways to tackle the increasingly tedious task of securely onboarding thousands of devices, servers, users and applications to the network while ensuring safe transport of data, protection of customer data and compliance with regulations.
The network is the key to securing the everywhere perimeter. Here are three ways to turn your network into your greatest cybersecurity asset.
Segment Networks to Protect Critical Systems
It’s important for organizations to take a holistic approach to protecting critical systems and data, which starts with the ability to isolate traffic belonging to different applications. Effective network segmentation enables an organization to deliver separate virtual networks, each tuned to meet specific requirements. The ability to separate mission-critical applications and protect confidential data is especially necessary as the attack surface expands across the distributed enterprise.
With hyper-segmentation, organizations can establish borders to defend against unauthorized lateral movement, reduce their attack profile, deliver highly effective breach isolation, improve the effectiveness of anomaly scanning and greatly bolster the value of specialist security appliances.
Outsmart Hackers with Stealth Networking
Hyper-segmentation should be combined with ethernet-based fabric. Traditional, IP-based fabric is a mainstay in the enterprise, but it’s vulnerable to attackers who can easily invade and move laterally across the network once they’re in. On the contrary, ethernet-based fabric doesn’t use IP underlays, limiting the visibility of the network and reducing attack opportunities.
Making the network “dark” to potential attackers who would otherwise penetrate and move laterally is known as “stealth networking.” What hackers cannot see, they can’t attack. Additionally, this method of using provider backbone bridges (PBB or mac-in-mac) over Ethernet has proven to offer absolute network segmentation, which has been validated by several penetration testbeds over numerous years. As a result, the compromise is contained within the given hyper-segment, or virtual service networks (VSNs), and there’s no possibility of “hopping” between these VSNs.
Ensure Network Elasticity
Network elasticity is a critical enabler in securing the everywhere perimeter. An elastic hyper-segment automatically stretches services to the edge, only as required and only for the duration of a specific application session. As workplaces start to move to a hybrid work model—where employees split their time between home or remote work and the office—users are constantly connecting and disconnecting from the enterprise network. Network elasticity allows services to extend and retract based on current needs.
As applications terminate or endpoint devices disconnect, the redundant networking services retract from the edge. By deleting a network configuration that isn’t required anymore, back door entry points to the network are eliminated, helping prevent hackers from infiltrating.
Defense Starts with Your Foundation
With the high volume of sophisticated attacks enterprises are facing and IT environments complicated by the shift to a distributed workforce, it’s easy to be pessimistic about enterprise cybersecurity. But there’s no reason to be defeatist. Contrary to what many security vendors will try to tell you, strong cybersecurity isn’t entirely dependent on the latest bells and whistles, more tools or more platforms. Though it feels like new security categories emerge every month (XDR, SOAR, IDS, UEBA, etc.), remember that effective security starts at the foundation— your network. By ensuring your network is protected, you’re setting up your enterprise for success and security.