Blog :: Security Operations

Network security: How effective is your security posture?

scottr

Network security is described as the implementation of technologies, processes, and protocols designed to safeguard an organization’s communications and information.

Network security: How effective is your security posture?

Today I’ll talk about the underlining principles of network security, some common security strategies, and the impact a breach or a security incident has on an enterprise.

There are three underlying principles that every security admin strives to maintain when it comes to network security.

  1. Confidentiality: sensitive/private information is only available to those whom network policies allow
  2. Integrity: the data is whole with no missing content
  3. Availability: when customers and users need access to the data, it is available and 100% intact

The goal of the security team is to ensure that these principles are not compromised.

Administrators implement security policies that verify user authentication and assure proper user access to assets on the network. They install anti-malware or anti-virus agents on workstations and servers. The anti-virus detectors check for known signatures of malware, and quarantine when necessary. They tighten up access or firewall rules at the edge that block communication to and from a bad actor

So why do we see so many high-profile corporate data breaches?

The answer lies in how security administrators answer the following questions.

How quickly can the security team account for suspect network behaviors?

Can you detect when legitimate user credentials are stolen and subsequently used for lateral access to resources in the network?

How likely are you to detect subtle deviations in what looks like normal applications and protocols on the network?

Do you have the visibility into traffic behaviors occurring on the private segments of the network?

Scrutinizer Alarms tab

If you understand the anatomy of a cyber-attack, you realize the value in utilizing security solutions that provide traffic insight relative to each phase of an attack. By detecting and eliminating threats in the early stages of an attack, you will be less likely to move into the impact phase, where you feel the financial and social cost of the data breach.

To do this correctly, you need across-the-board visibility in every segment of the network. This is easily done using flow and metadata exported from your network infrastructure.

Unlike pure packet capture solutions, which can be both resource- and cost-prohibitive, flows provide fast actionable forensic data from nearly 100% of the network by using monitoring protocols that you already own. As mentioned above, today you need visibility into the east/west lateral movement occurring on the LAN segments of the network. Flows easily provide this visibility and awareness.

Security today means managing the risk and the cost of a business disruption

Enterprises today are forced to think in terms of managing their risk of business disruption. Gone are the days of assuming your prevention measures will stop attackers from accessing your network. Now the assumption is that you will be compromised, and security measures are instead focused on minimizing the impact of that compromise. ​

When it comes to the detection of network traffic anomalies, fast and actionable data is enterprise intelligence. If you want to see Plixer’s security solution in action, book a demo today.