Networks and the defenses we put in place to protect them have become extremely complex – to the point that it can negatively impact the security practices and policies that we’ve put in place! Here are some (not an exhaustive list) network security “no brainers” to consider:
- Defense-in-depth is about as big a no-brainer as it gets these days – Since there are many openings and touch points for attackers, relying on one technology or solution to defend your organization, the network, critical applications and valuable information is asking for trouble. A layered approach also means not just at the gateway, but also at the endpoints – otherwise you’re covering just one end.
- The Security ABCs for APTs – With the rise of APTs, organizations should focus on egress gateways and networks to detect data streams leaving the environment initiated by APT’s which have embedded themselves into endpoints. The key is to be able to differentiate legitimate egress application data flows from malicious streams that exfiltrate sensitive data from the corporate environment. Oftentimes APT’s will initiate these covert channels without any obvious impact and where server and application administrators are unaware of the ongoing data leakage.
- Don’t overlook the firewall – There’s been some discussion around the looming demise of the firewall. Hogwash! While the perimeter certainly continues to evolve, it isn’t going away. Evolution has resulted in next-generation firewalls and more of a focus on depth-in-defense. Another firewall-related area best practice has to deal with keeping tabs on outbound traffic as well as inbound traffic. Recent research around the most common firewall misconfigurations shows that many organizations operate under the false assumption that they don’t need to be too concerned with traffic originating from inside the network and really only focus on external traffic. But traffic from inside the network can include for example, bots that are transmitting sensitive information.
- Manage your security – What often gets lost in the defense-in-depth concept though is that if you build so many layers and so much complexity into your security that it is hard to manage, then you may actually be creating more work and potentially create risk. Once you feel comfortable that your security measures are being properly managed, the next step is how to take that to the next level so that security doesn’t slow down business.
- Automate and integrate – Playing off of our third “no brainer”, the more you can integrate and automate in terms of gaining visibility of what’s going on in your network and your critical applications, the better you can shore up holes and more quickly respond to incidents if necessary.
- It’s all about the applications – Business applications are extremely complex and process sensitive information, thus being great targets for attack. In Palo Alto Networks Application Usage and Threat Report, 95% of all exploit logs were found in only applications, of which 9 were business applications. Gaining visibility of these applications, their connectivity, the data flows, etc. is a must.
- Ensure proper configuration of network security devices – For this one, I’m taking inspiration from SANS with their Top 20 Critical Controls which include best practices such as ensuring proper configuration of security devices such as firewalls, routers, etc. and implementing patches.
Please share your network security “no brainers” and where you think they should be on the list.
Subscribe to Blog
Receive notifications of new posts by email.