The most effective and successful organisations are usually the most informed about their industry, their markets and internal workings. They know about their competitors, they pro-actively approach new demands, and manage their people efficiently. This enables them to fine-tune their business approach and deliver exceptional outputs. Without this intelligence and strong leadership, a business can often lose well-established footholds and experience reduced productivity.
These same concepts apply directly to the management of network security within an organisation. The more you know about your networks and activity, the more you can manage and drive them to new levels of success, efficiency and protection, from unknown threats or unexpected costs.
Having a network visibility focus and the right tools, will enable IT administrators to clearly identify activities and obtain insights, that can result in strategies that will significantly improve an organisation’s defence and productivity.
Five Critical Strategies to Improve Your Network Security
- Know your employees and guide them – Modern security controls authenticate users and identify network applications based on network traffic. When you combine these capabilities with good visibility tools, you will have a whole new perspective about what occurs on your network. You will see what tools and applications your users rely on, who uses the most bandwidth, what types of files they download, and more. This insight will help you craft your business network policies.
- Understand your network’s normal patterns – Every organisation’s network traffic is slightly different, depending on the business and its activities, making it impossible to have a template for ‘proper’ network traffic. The only way to detect dangerous activity on your network is to have an understanding of what ‘normal’ looks like. The only way a human will easily recognise normal is by seeing network traffic interpreted visually. By monitoring visualization tools regularly, you’ll start to understand your network’s baseline, you’ll be able to notice ‘spikes’ of irregular network activity. These events may not be bad, but identifying them will provide you with an insight into your network, and enable you to implement organisational policies that limit and avoid incidents in the future.
- Know your network’s common targets – Many security professionals have controls like antivirus, intrusion prevention, and deep packet inspection, which can recognise and block network attacks and malware. However, most just turn them on, and don’t pay much attention to the results - this is not a smart approach. Visibility tools help you learn from attack patterns; even from attacks that fail., For example, have you looked into which server receives the most network attacks? Which users tend to be associated with blocked malware? What types of attacks are commonly tried against you? Good visibility tools can highlight these trends enabling you to adjust your policies to secure and restrict certain users, or harden the defenses of targeted servers.
- Filter your network’s background noise – Internet connected devices get a constant stream of network ‘chatter.’ This chatter is anything from legitimate robots crawling network space, security researchers scanning ports, to automated malware mass scanning for new victims. Good visibility tools will help you identify this constant chatter. This noise is undesired connections. Your firewall may already block these connections by default, however modern security appliances allow you to create auto-blocking policies. If someone is repeatedly trying to connect to something you don’t allow, they are probably up to no good.
- Assess whether or not your current tactics are working –How do you know if your current policies are working? Do you know if there are ways around those policies? Visibility tools can help you visualise network and policy flow. They can show you how particular types of traffic actually travel through your network, and which security policies that traffic hits, helping you identify potential policy mistakes that may have been made inadvertently. An example, is the identification of unused policies. An administrator may have added a temporary policy allowing access to a test server, but then forgotten to remove it. That unused policy if not removed is a risk and a security issue, and highlights the need for the implementation of more restrictive policies.
In short, visibility tools help you identify what’s really happening on your network. Gartner researchers have stated that more than 95% of firewall breaches are caused by firewall misconfigurations, not firewall flaws. I think many administrators do not have access to the network and security intelligence they need in order to help make the right policy decisions for their organisation’s specific needs. Visibility tools translate oceans of log data into actionable intelligence. Adopting these tools, will enable you to improve your organisation’s security policies, and put you one step closer to winning the war against cyber threats and vulnerabilities.
Participate in CSO and Gigamon's survey on Security Priorities today!
Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.
For full terms and conditions click here.