Aug 14 2017
Security

How a Network Refresh Can Improve Your Security

Businesses need to take multiple steps to upgrade their network technology and stay ahead of evolving cybersecurity threats.

As technologies mature, organizations are leveraging their network infrastructures for longer periods. Yet one thing never stays the same: cyberattackers. In fact, evolving attack vectorslike the Petya malware attack that struck in June — represent a key reason for organizations to refresh their networks.

Security issues affect organizations in every sector, including manufacturers, retailers and energy providers. No organization is too big, too small or too specialized to escape the threat of a cyberattack.

Malware and other attack techniques have matured greatly in recent years. “Today, we see a proliferation of advanced persistent threats that users have unwittingly introduced to the network and an unprecedented surge in cybercrime,” says Klaus Gheri, vice president of network security with Barracuda Networks.

With attackers constantly scheming to steal data, cripple services and cause havoc, many organizations now look to network infrastructure refreshes as an effective way to stay ahead of the enemy

Add Advanced Network Technologies

Due to their static nature, legacy networks are particularly vulnerable to attacks. “Aging IT can’t support the move toward digital transformation securely or effectively,” says Judson Walker, chief technology officer of Brocade Federal.

“A network refresh that leverages software, open source and open standards is a step in the right direction, providing organizations with visibility and automation so they can gain better control of their security,” he adds.

Brian A. McHenry, senior security solution architect for F5 Networks, notes that a network refresh provides the ideal moment for moving to more advanced and secure architectures.

“In recent years, a network refresh has often meant network function virtualization and software-defined networking which create an unmatched opportunity to inject dynamic security controls into the network topology,” he says.

Prevent Network Intrusions with Multiple Strategies

A complete network overhaul isn’t always necessary to improve security. Many providers offer easy-to-deploy network solutions that incorporate powerful security features.

Firewalls built into routers, for example, allow IT staff to monitor incoming and outgoing network traffic and decide whether to allow or block specific traffic based on a defined set of security rules. A proven and reliable network security technology, firewalls create a barrier between secure internal networks and untrusted external networks, such as the internet. 

“Leverage next-generation firewalls,” Gheri recommends. “These devices can identify traffic based on applications. And good next-generation firewalls can apply different traffic optimization techniques to different kinds of application traffic.”

An intrusion prevention system (IPS), implemented either as a device or through software, is a powerful tool that examines traffic flows to detect and block vulnerability exploits, an approach attackers frequently use to access or cripple an application.

Intrusion prevention is a standard feature in most next-generation firewalls. “It provides base-line security, but be aware that an IPS should not have a blind spot regarding SSL-encrypted traffic,” Gheri warns. “Encrypted traffic needs to be decrypted and then matched against malware signatures and payload needs to be inspected for advanced malware.”

Segmentation, a technique widely supported by network technology providers, splits a network into multiple subnetworks, commonly known as segments. The approach allows organizations to group applications and related data together for access only by specific users (such as sales or finance staff). This technique can also be used to restrict the range of access provided to a particular user.

Segmentation is perhaps the simplest way to improve an organization’s security posture, since using network address segments to control access hampers cyberattackers. “It can also help to contain malware outbreaks,” Gheri says.

To find out how to better protect your network, visit CDW.com/networking

Emerging Network Security Threats

Network security currently exists in a state many industry analysts describe as “fluid.” In other words, as soon as an existing threat is nailed down, several more pop up.

Here’s a quick look at three network threats that keep security experts awake at night:

Ransomware: This malware blocks an organization’s access to applications or data until it pays a ransom to the attacker. For example, in January, cyberattackers froze the computers and electronic room-key system of a luxury hotel in Austria. The attack prevented guests from entering their rooms and staff from issuing new key cards until the hotel paid the ransom.

Internet of Things attacks: Connecting systems and sensors via networks creates valuable benefits for organizations in every industry, but it also creates security risks. This threat is exacerbated by the fact that some IoT solution vendors don’t make security a priority.

Negligent users: Users have always posed a major network security threat. All it takes is one lazy or negligent user to click on a phishing link or use a weak password to crash an organization’s entire network security infrastructure. User training and strong policies can bolster network security and mitigate this threat.

baranozdemir/Getty Images

More On

Related Stories

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now