Accelerating change and sophistication in the global cyber threat landscape makes knowledge of network security best practice imperative. A clear understanding of weak links and fast detection methods are vital to stop the new generation of network invaders.
Too many tools from too many vendors ramps up the complexity of network security, making its defence haphazard, fragmented and therefore at risk.
Security professionals get confused about where to look for threats when dealing with multiple products from numerous vendors. The challenge lies in integrating many different vendors’ products to gain a big-picture view on threats.
By consolidating the number of vendors – and determinedly creating an open, integrated strategy – security teams can be better prepared to monitor, review and protect their organisations’ data from the explosion of potential vulnerabilities coming with the Internet of Everything.
Most attacks exploit known vulnerabilities in network security making patching a no brainer for network readiness. Developed in response to cyber attacks or potential breaches, software patches should be applied on release. The spread of WannaCry ransomware in May 2017 presents a spectacular case for patching.
Another key reason for immediate patching is the unintended impact of a patch release – it’s the equivalent of a vendor waving a flag and alerting potential attackers to a likely vulnerability.
While auto-updates are timely reminders, be mindful of risks from third-party software and cloud-connected apps which need manual patching – and don’t patch and relax. Vulnerabilities still present, even with the most assiduously tended software.
Employee behaviour should be guided by a security policy – top-down and bottom-up. Educating employees on the critical importance of network security means setting clear rules for use and access (remote and on-site) and privacy, for starters.
Many security-smart organizations globally, including the FBI, now use two-factor authentication.
Detail rules for external devices and drives, password protection and account use for all, including contractors, and provide training for new hires, regular catch-up security sessions for existing employees, updates and reminders. Generate awareness of the resurgence of phishing attacks, for example, or correct procedure when confronted by a ransomware demand.
Be sure to review privileged access. Some big recent breaches began with misuse of a privileged user account – and research by CISCO reveals 60% of privileged users fail to log off properly leaving a wide window of opportunity for hackers.
A well-managed firewall is network security 101. Firewalls are more than the frontline for preventing assets from being compromised.
Strategically positioned for where critical data is stored, network segmentation using multiple internal firewalls is a popular best practice for controlling data flows, deterring network traffic from outside and limiting the movement of attackers around a network.
Remember though, a firewall is not a set-and-forget tool. All firewall rules must be reviewed frequently, not only to keep threats at bay but also to ensure smooth organisational performance.
Visibility across a network allows an IT team to evaluate how security checks are working and to keep a constant eye on breaches. Without it, sections of a network go unmanaged. Organisations need real-time security intelligence.
Research by cyber situational awareness company Lumeta shows lack of visibility can leave 20– 40% of network and endpoint infrastructure, on average, out of sight.
Experts talk about “the single pane view” needed for a full perspective on security effectiveness, so keep an inventory of systems and connecting devices which can be updated automatically.