Networks have been around for a long time, and each new development seems to be built into the network on top of older components, which are still left running because one application or one department still needs to use it. That historical aspect of networks has been compounded this year by the rush to get working from home a reality for large numbers of staff, with the consequence that many organizations have a network that might not be as secure as they would hope, and may be vulnerable to attacks by bad actors, which, in turn may result in the organization paying out a ransom in bitcoins in an attempt to get its data back.Â
Or the organization may find itself facing fines because it has contravened various regulations such as those specified by PCI DSS (Payment Card Industry Data Security Standard) and especially high fines from GDPR (General Data Protection Regulation) violations where the personally-identifiable information of EU citizens has been stolen.
On top of this, there are a number of well-respected vendors of networking technology that have used closed or proprietary technologies as a way for them to deliver features to customers as quickly as possible. The alternative for them would be to wait for industry standards to be developed but be slower to market with new products. Consequently, this can lead to “vendor lock-inâ€, which can prevent organizations from easily swap out devices and use best-of-breed technology from alternative vendors.
And that leaves companies with the need to secure a complicated mishmash of devices, cabling, the Internet, and the cloud. And, in many cases, the need to identify everything that is connected to their network.
Learn More: Zero Trust Networking Gains Ground Amid Pandemic: Pulse SecureÂ
The Problem Facing Most Organizations
Traditional networks were originally designed when IT resources such as computers and application infrastructure were fairly static, which meant the network, too, could be rigid in nature. And any kind of scaling, such as additional capacity or new services, usually involved the addition of new hardware. Switches and routers were usually updated manually, which, can be vulnerable to human error. This meant changes took time and added to the cost of the network.
In addition, legacy technologies are often understandably, incompatible with modern IT solutions. And changing the network so it can provide what’s needed leads to a more complex infrastructure, which then has to be managed.
It’s important to carry out network health checks to ensure that all devices are running the latest version of their software with all the security patches installed to ensure that hackers cannot gain access to them using known vulnerabilities. However, many organizations are facing a skills gap – their newer staff doesn’t really understand the older technologies they have installed. This results in staff ignoring the legacy systems, which makes them vulnerable to attack. In addition, legacy systems often support only old data and file formats – again, holding back agility, responsiveness, and scaling.
For the network team, network visibility allows them to collect and analyse traffic flow through the network – down to the packet, user, and application level. This helps organizations improve security through stricter policy enforcement and the rapid detection of malicious behaviour. Cloud and mobile computing can create blind spots. A survey from Vanson Bourne Opens a new window found approximately two-thirds of businesses say network blind spots are one of the biggest security challenges they face in their efforts to safeguard data.
Learn More: The Importance of Intent-Based Networking for Distributed EnterprisesÂ
How Current Solutions Stack Up In Remote Environments
Agility, responsiveness, and scaling are even more important in today’s WFH environment. Plus, with the introduction of social media, IoT (Internet of Things) devices, cloud, etc., the perimeter of the network has been extended and may, at times, be ill-defined. As mentioned earlier, legacy network technologies are unable to provide the performance and agility required. VPNs (Virtual Private Networks), which many companies use to connect remote workers to the corporate network, are becoming less effective and more costly. Also, VPNs are more vulnerable to newer security threats.
Another way of ensuring the security of a network is to use firewalls. These monitor and control incoming and outgoing network traffic using security rules set by the organization. In effect, they work as a barrier between a trusted network and an untrusted network, such as the Internet. However, they may contain networking hardware that runs slower than whatever they are connected to, causing bottlenecks and slowing down the network.
One solution to the problem of using VPNs is the use of SD-WANs (software-defined networking in a wide-area network). An SD-WAN makes the management and operation of a WAN (wide-area network) simpler because it decouples the networking hardware from its control mechanism. This reduces the number of network devices and connections needed at each site, which, in turn reduces network complexity and those all-important costs.Â
Also, organizations can remotely customize and reconfigure SD-WANs, which makes the network more agile and responsive. It’s also possible to separate different types of application into their own dedicated logical networks, preventing them from interacting with each other on the physical network. In a post-COVID world with more people choosing to work from home more of the time, SD-WANs offer many benefits.
MPLS (Multiprotocol Label Switching), Wikipedia tells us, is a way to route data from one network node to the next based on short path labels rather than long network addresses. This avoids complex lookups in a routing table and speeds up the flow of traffic. Like many older technologies, it is expensive. Migrating to using SD-WANs has allowed companies to uninstall this older technology.
Associated with SD-WANsOpens a new window is the use of Dedicated Internet Access (DIA), which provides a way to connect one location to another over the Internet using fully dedicated bandwidth that is not shared with speed that does not vary. This improves cloud SaaS (Software as a Service) application performance by connecting the user to the cloud.
Of course, nowadays, the Internet is treated as part of an organization’s network. However, IT has no control over it. In fact, the Internet presents a blind spot as far as traditional monitoring tools are concerned. And there can be no SLAs (Service Level Agreements) with the Internet. And this is a concern for any organization. In addition, as mentioned above, it could be a security risk.
Learn More: Zero Trust (Not VPNs) Can Solve Remote Access CrisisÂ
Factors That Raise the Stakes for Network SecurityÂ
The problem with network security really started in 1988 with the Morris worm, written by Robert Tappan Morris. The worm, a piece of standalone malware, replicated itself and infected other computers while remaining active on the infected system. Since then, things have become more serious and more expensive.
Network security has been defined as the process of strategizing a defensive approach to secure an organization’s data and resources over the computer network infrastructure against any potential threat or unauthorized access. It uses software as well as hardware technologies to achieve the optimal solution for network defense.
The first stage in network security is making the whole network visible so you can see its complete structure. The result may, sometimes, come as a surprise. From there, it’s possible to draw a diagram identifying packet flows and potential targets for attack. It’s also possible to implement endpoint security to protect the network from being accessed from remote devices.
Charting a New Approach for the ‘New Normal’
The problem with security for most networks is that they can be found by hackers – the network is visible to them. What if there were a way to make the network invisible? A survey by Tempered Opens a new window found that 70% of respondents would opt to make their networks invisible to hackers, if that were possible. The survey also found that nearly a quarter of respondents had experienced a network-based breach in the past 24 months. The report concluded that organizations continue to be threatened by outdated network security products and practices that modern threats have adapted to and can easily overcome.
In the pandemic age, organizations need to hide all IoT endpoints, devices, and networks from hackers with a technology that secures network communication between devices, enables zero-trust network connectivity for applications and users and simplifies micro-segmentation. Â
Bottom Line
Network security has had to grow over time to match the growing threats from bad actors as well as the introduction of newer technologies. It is always hampered by the presence and use of older technologies and by the slow-footedness shown at times by the big-name vendors. Each organization has to ask themselves whether their current infrastructure is the best available, in a post-COVID world, to provide the reliability and security they need? Or are there smaller, more fleet-of-foot vendors able to offer better solutions to meet all their current network security requirements?
Has the shift to remote work environments changed the way you utilize your network and think about security. Comment below or let us know on FacebookOpens a new window , LinkedInOpens a new window , and TwitterOpens a new window . We would love to hear from you!z