Blog » Network Security Threats: Are Enterprises doing enough to prevent it?
Traditionally, WAN and network security was considered two different aspects. IT networking teams focused on connectivity; security teams protected and prevented the network against possible vulnerabilities. Enterprises used private MPLS as measure to secure WAN. Traffic was backhauled in enterprise data center (DC) and was inspected further. MPLS separated business critical traffic and networking teams could share the traffic unencrypted between two endpoints. Firewalls; in addition to measures like Intrusion Prevention System (IPS), Advanced Threat Prevention (ATP) etc were applied to guard the network perimeter. Used as mostly as a Virtual Private Network (VPN), MPLS fenced the enterprise network from the Internet. But, Traffic shared between two endpoints were not encrypted.
Sharing data between two endpoints sans encryption is no more a possibility today. In the era of edge, traditional approach to network security architecture raises question not only on security, but increases complexities and lowers network performance as well. The traditional firewalls are no match to emerging new network security threats.
All of us in the technology world remember the time [May 2017] when we were scampering after the news of WannaCryptor broke out. Specifically, if you look at the Microsoft security blog, the title of the article says it all – “WannaCrypt ransomware worm targets out-of-date systems” The ugly truth was, we all were rudely awakened to the fact that the malware attacks all the systems that have not been patched and are classified as out of date systems.
Attackers have found an easy way to cross the defensive perimeter of enterprise networks. Targeting outdated and unpatched systems in enterprise network infrastructure, attackers hunt for cases of weak authentication, weak passwords etc. These types of network security threats, poses a great risk to enterprise data and bottom line.
While transformation to digital is at its full pace, network threats are turning sophisticated. The growing number of endpoints, devices, evolving traffic pattern and transition of enterprise (workloads and processes) to cloud, are leaving loopholes in the overall enterprise security. And Attackers are no alien to this fact. Business critical applications, data centers, cloud all are at the attackers’ point blank range.
Devices and applications backed with poor security are easily targeted, and attackers use the network as a channel of disruption. Device-to-device, edge and internal enterprise networks are becoming easy target for network security threats like – DDoS, phishing, ransomware, worms and other types of malware attacks. To thrive effortlessly in a hybrid and multi cloud ecosystem, it is important for IT teams to manage and secure all end points of a connection.
“When we pick performance as the criteria, then the appliances become complex and expensive (leading NGFWs). When we pick cost as the criteria, then the appliances are unable to deliver the performance (leading UTMs). And in most cases, managing the security appliance inevitably creates a lot of internal red tape and process ———— the dreaded “firewall port opening” project”
The network security problem cannot be solved unless protection and detection mechanisms is deployed in both the two end points of modern enterprise application communication. The first end point is the combination of device, user, credentials, and the application client (most often an app or browser). The second end point is the application server cloud or web service or micro-service. So how do enterprises build security solution where performance, complexity and cost are all solved in the same architecture?
Firstly, the need of the hour for enterprise IT teams is to gain granular and end to end visibility of enterprise networks. Every kind of security breach can be detected by looking at what happens to your network before and after the attack. Even the simplest of malware, contacts it’s CnC (Command and Control center) once activated from an infected file. In fact, the most often implemented method in a malware sandbox solution is to look for suspicious application process or application NETWORK behavior when opening an infected file. Network flow analysis using a security lens is an invaluable and inexpensive way to stay on top of your security operations.
Secondly, by optimizing the simplicity and centralized control of the cloud, IT teams can better manage and networks, benefit Users with low latency, deliver the convenience of Direct to-Internet access to cloud applications and secure one of the most sensitive and valuable resources of enterprises – Data. Also, when you deploy a cloud powered SD-WAN platform it becomes possible to analyse all your network flows inline immediately for network behavior anomaly.
Thirdly, in order to achieve cloud delivered security; distributed enterprises are rethinking their network architectures, adopting automation, and centralizing network management. This infrastructure is best implemented using a Hybrid WAN routing platform — one that can handle wired/ MPLS, 4G LTE, and software-defined networking. SD-WAN has the ability to scale networks to additional people, places, and things remotely whenever its required. Using SD-WAN, enterprises can benefit flexible scalability of the cloud while ensuring performance and secured (encrypted) connectivity.
“Your value does not decrease based on someone’s inability to see your worth”. In this digital era, “Your enterprise value does not decrease if you know your worth and secure it”
– Samuel Natarajan, VP Product Engineering & Chief Security Architect at Lavelle Networks
Network security threats will continue to emerge as a domino effect to digital transformation. And as we have mentioned in our earlier blogs, digital transformation (DX) is endless. Today, when WAN is at the edge, complex protocols and weak network segmentation poses huge risk to enterprise networks.
Enterprises can do much more than just firewalls or NGFWs. The fundamental issue is that the techniques used in network firewalls have not changed. All firewalls – NGFW or UTM are built using a network traffic inspection engine, where the thesis is to look at as much traffic content as possible to identify that one flow or user or threat which is a real security attack. It’s basically a find the needle in the haystack approach.
Integrating SD-WAN with existing security appliances and solutions, allow enterprises to bid for an holistic and kaizen approach to evolving network security threats in the long run. For example, emerging architecture like SDP (Read our earlier primer on SDP). SDP addresses key challenges for enterprises when it comes to securing their access to the cloud. SDP solves one of the key problems i.e get the user traffic to the SDP cloud network. This makes SD-WAN & SDP a killer combination. The natural strength of an SD-WAN solution is policy based on-the-fly private network overlays being created from any source to any destination, this allows an enterprise to drop in extremely simple policies to redirect the right traffic to the right SDP gateway. It’s an architecture where you can deploy best of breed networking at your edge using next generation SD-WAN, and you can deploy best of breed security at your cloud using SDP. Given the astonishing pace of cloud adoption, SDP is becoming a water tight and powerful approach for enterprises to solving the challenges in keeping our networks secure.
The rising cost of networks security threats has a catastrophic impact on the enterprise bottom line. With the network security threats becoming sophisticated, enterprises need a well crafted security architecture to secure networks without slowing down the overall business processes. Gartner highlights a rise in security investments for cyber/information security by 55%. This fact well adds up to the credence that enterprises are on the right path to mitigate overall enterprise threats and risks.