Cyber Resilience for the Network

IT has seen a lot of change in the last five years, but few things have changed more dramatically than networking. Unlike in the distant past when everyone connected to on-premises resources from the company network, today’s networks handle a significant amount of traffic from remote workers.

This has expanded the scope of concern for IT professionals who are challenged to protect more devices in more locations. In this environment, networking professionals must think about how they can ensure that the protections in place for in-the-office workers on the corporate network can be provided for remote workers as well.

In addition, hybrid cloud environments have made networking — and securing the network — a bigger challenge. Because the network is a component of everything in the computing environment, a secure network is crucial to overall cyber resilience.

Limiting Access with Patched Firewalls and Posture Scores

The last few years has seen a massive increase in the number of organizations suffering a cyber incident from firewall vulnerabilities being exploited, enabling access into the environment. Minimizing vulnerabilities should be a key priority in shoring up the cyber resilience of the network.

Switches and firewalls need to be regularly updated with the latest patches to ensure the vendor’s latest security features are in place. In addition, switch and firewall configurations must be regularly maintained to ensure they meet standards.

Another way to limit access is with posture scores. By feeding endpoint data into network security tools, network teams can set rules around who gets access to data. The score can be based on a user’s identity, location, the quality or health of the endpoint in terms of patches, software updates, and whether antivirus or endpoint detection and response (EDR) tools are installed. Devices with a low score can have network access limited to basic functions such as email and collaboration to keep the organization’s crown jewels safe. Location is a key consideration. Public wireless access from places like coffee shops are high risk and could warrant limited access.

Limiting Lateral Movement with Network Segmentation

The most successful cyberattacks rely on lateral movement through the network to gain access to and exfiltrate data. One of the primary goals of network security is to limit lateral movement and data exfiltration in the event of a successful attack.

From a security perspective, network segmentation is critical because it’s the best way to limit at-will lateral movement for threat actors through the network. The more you can restrict lateral movement through segmentation, the less exposed your data is to exfiltration. Smaller containment zones lead to better resilience. It’s a bit like your house. In addition to locks on the front and back doors, you can also lock doors to rooms to limit the movement of an intruder and their ability to take something.

Most organizations are at the point where the internal doors are in place, but the locks aren’t. It takes a lot of planning and time to lock these segments down, which is why many organizations haven’t had the opportunity to do so.

Enabling Visibility to Detect Anomalous Behavior

One thing many organizations lack is visibility into network activity. Without visibility, it’s nearly impossible to determine if a bad actor is at work in your network and what they’re up to.

With better visibility into the network, IT teams can detect anomalous behavior and see what data is moving around the environment, what’s coming in from the outside, and what’s moving from the inside out.

The NIST Cybersecurity Framework (CSF) provides helpful guidance in developing a resilient network. However, meeting the NIST framework objectives goes beyond having the tools in place. It requires configuring and implementing the tools correctly to help you understand your network traffic — who’s allowed in and who’s not. More specifically, NIST recommends having the ability to monitor network traffic to block inappropriate activity and allow authorized traffic.

Modern Tools to Monitor Network Traffic

There are several tools available to improve network resilience, most of which have emerged over the last five years to meet the needs of remote work and hybrid cloud environments.

Intrusion Detection and NDR

Intrusion detection systems detect suspicious activity to catch threat actors before they do damage. Intrusion detection systems enable network teams to put rules in place to limit access to network segments and get visibility into anomalous activity, such as an unauthorized user trying to access the network. Intrusion detection is like putting a Ring camera in every room of the house, giving you a documented trail of an intruder gaining entry, moving around the network, and possibly taking data outside the network.

In addition, network detection and response (NDR) systems apply behavioral analytics to network traffic to detect abnormal network behavior.

Secure Access Service Edge (SASE)

Another popular network security tool is secure access service edge (SASE), which consolidates multiple security functions such as secure web gateways, cloud access security brokers, and firewall as a service to reduce complexity and improve speed and agility for software-defined networks. SASE delivers security controls as a cloud service to the source of the network connection rather than a data center, gives network teams visibility into every network request, and enables them to apply policies to the data in each request.

Now’s a Good Time to Review Your Network Architecture

Because networking has seen more change in the last five years compared to the 10-20 years prior, now is a good time to have conversations about the architecture and design of your network, especially in light of the consequences of not doing so. Once something malicious gets into an endpoint, it can run everywhere inside the network if proper controls and tools aren’t in place.

By taking a step back and evaluating your entire network infrastructure, you can find new and effective ways to incorporate resilience into your network, such as intrusion detection, NDR, and SASE, which extends network and firewall capabilities to cloud resources so organizations can start treating cloud resources in a similar way as they handle on premises resources. Legacy tools and processes for network connectivity and resilience simply don’t have these same capabilities.

While network segmentation and containment aren’t new concepts, the technology for enabling segmentation and containment has improved to make it much easier and more effective to implement. By creating opportunities to add visibility to the front doors of your data center and cloud providers, network administrators will be on a better footing to find and react to adverse network conditions.

How Evolving Solutions Can Help

Evolving Solutions experts have been having network architecture and design conversations with clients for many years. We’ve seen what works, what doesn’t work, and what makes sense in a Modern Operations environment where business transformation is key to organizational success.

Because networking has changed more than other aspects of computing in recent years, and because remote work is here to stay, we encourage you to make network architecture a priority discussion.

Evolving Solutions can help by running workshops to help your organization understand how to secure the different components of a modern network, what your organization should consider based on your environment and business goals, and help you update your network design and implement the technologies that will improve cyber resilience and help you meet your objectives for network performance.

Jon Roberts

Security Architect

Jon Roberts is a Security Architect at Evolving Solutions. Connect with Jon on LinkedIn here.

Photo of Jon Roberts

Related Blog Posts