​Five Critical Strategies to Improve Your Network Security

Author: David Higgins, Regional Director, Australia & New Zealand, WatchGuard Technologies

The most effective and successful organisations are usually the most informed about their industry, their markets and internal workings. They know about their competitors, they pro-actively approach new demands, and manage their people efficiently. This enables them to fine-tune their business approach and deliver exceptional outputs. Without this intelligence and strong leadership, a business can often lose well-established footholds and experience reduced productivity.

These same concepts apply directly to the management of network security within an organisation. The more you know about your networks and activity, the more you can manage and drive them to new levels of success, efficiency and protection, from unknown threats or unexpected costs.

Having a network visibility focus and the right tools, will enable IT administrators to clearly identify activities and obtain insights, that can result in strategies that will significantly improve an organisation’s defence and productivity.

Five Critical Strategies to Improve Your Network Security

  • Know your employees and guide them – Modern security controls authenticate users and identify network applications based on network traffic. When you combine these capabilities with good visibility tools, you will have a whole new perspective about what occurs on your network. You will see what tools and applications your users rely on, who uses the most bandwidth, what types of files they download, and more. This insight will help you craft your business network policies.
  • Understand your network’s normal patterns – Every organisation’s network traffic is slightly different, depending on the business and its activities, making it impossible to have a template for ‘proper’ network traffic. The only way to detect dangerous activity on your network is to have an understanding of what ‘normal’ looks like. The only way a human will easily recognise normal is by seeing network traffic interpreted visually. By monitoring visualization tools regularly, you’ll start to understand your network’s baseline, you’ll be able to notice ‘spikes’ of irregular network activity. These events may not be bad, but identifying them will provide you with an insight into your network, and enable you to implement organisational policies that limit and avoid incidents in the future.
  • Know your network’s common targets – Many security professionals have controls like antivirus, intrusion prevention, and deep packet inspection, which can recognise and block network attacks and malware. However, most just turn them on, and don’t pay much attention to the results - this is not a smart approach. Visibility tools help you learn from attack patterns; even from attacks that fail., For example, have you looked into which server receives the most network attacks? Which users tend to be associated with blocked malware? What types of attacks are commonly tried against you? Good visibility tools can highlight these trends enabling you to adjust your policies to secure and restrict certain users, or harden the defenses of targeted servers.
  • Filter your network’s background noise – Internet connected devices get a constant stream of network ‘chatter.’ This chatter is anything from legitimate robots crawling network space, security researchers scanning ports, to automated malware mass scanning for new victims. Good visibility tools will help you identify this constant chatter. This noise is undesired connections. Your firewall may already block these connections by default, however modern security appliances allow you to create auto-blocking policies. If someone is repeatedly trying to connect to something you don’t allow, they are probably up to no good.
  • Assess whether or not your current tactics are working –How do you know if your current policies are working? Do you know if there are ways around those policies? Visibility tools can help you visualise network and policy flow. They can show you how particular types of traffic actually travel through your network, and which security policies that traffic hits, helping you identify potential policy mistakes that may have been made inadvertently. An example, is the identification of unused policies. An administrator may have added a temporary policy allowing access to a test server, but then forgotten to remove it. That unused policy if not removed is a risk and a security issue, and highlights the need for the implementation of more restrictive policies.

In short, visibility tools help you identify what’s really happening on your network. Gartner researchers have stated that more than 95% of firewall breaches are caused by firewall misconfigurations, not firewall flaws. I think many administrators do not have access to the network and security intelligence they need in order to help make the right policy decisions for their organisation’s specific needs. Visibility tools translate oceans of log data into actionable intelligence. Adopting these tools, will enable you to improve your organisation’s security policies, and put you one step closer to winning the war against cyber threats and vulnerabilities.

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Start survey NOW!

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityOpinionsit administratorsCritical Strategiesecurity researchersnetwork applicationsCSO Australia

More about AppleCSOGartnerGigamonModernVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Higgins

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place