Network security can be defined as any process, software, or hardware that is designed to prevent and/or react to a cyberattack or intrusion on a private network (e.g. a company network). Effective network security manages access to the network, targets a variety of threats, and stops active, harmful malware from spreading to other devices or networks.
Network security can be strengthened by identifying the specific risks to a private network, prioritizing the most impactful risks, and solving using a combination of tools and process. Therefore, risk assessment is a powerful first step in defining the proper network security strategy for the type of network being protected.
After proper assessments have been done, network administrators then select the fewest tools and processes possible to solve for all of their high priority network security challenges. These include:
Threat intelligence and prevention tools help a modern network administrator manage IT security. Among these tools are:
- Intrusion Detection Systems (IDS) which scan and alert when unauthorized access or threats have been detected on the network
- Intrusion Prevention Systems (IPS) which scan for malicious traffic that has made it behind the firewall
- Endpoint Security products such as antivirus or email protection software
- Security Information and Event Management (SIEM) tools, that allow IT administrators to configure specific alerts attached to specific actions, increasing visibility into the security stack
- Network Access Control tools which enhance IT security visibility with policy governance, user governance, guest network protection, and automated reactions to common intrusion attempts
- Cloud Security tools to remotely manage devices, data, and networks from a central location
- Physical and Digital Access Control Tools which only allow authorized people or devices access to company property, networks, or information
Company Security Policies and Processes help IT administrators and end-users understand and protect company information, resources, and data. Among these processes are:
- Remote Work Policies which enforce VPN access for sensitive company data, and forced endpoint security updates/reboots for company issued equipment
- BYOD and Guest Access policies, systems, and processes that mitigate company risk and liability, decrease risk of an active malware infection making its way onto private networks, and enforce a minimum standard of device-level protection for access to sensitive company data
- Security Awareness Training, especially for non-technical users, highlighting the most common cyberattack vectors that end-users can prevent, common social engineering and phishing themes, password management, and how to protect company property/information
Origins, History, and Evolution of Network Security
Network security came about as a topic as soon as people started realizing that there was intrinsic value in data. This happened in a series of events as the Information and Digital Age unfolded in the second half of the 20th century.
In the late 1960s and into the early 1970’s, digital storage became a reality. Large, room-sized mainframes were responsible for storing this information, and access to those storage repositories was granted by plugging directly into the mainframe itself, or accessing the mainframe’s data from one of many terminals inside of the building. Early adopters of digital storage technology didn’t have a problem protecting company sensitive information, as you actually had to be inside the building to get to the information.
Less than a decade later, as more and more data was stored, there was a shift in thinking: Data had value and large helpings of personally identifiable information. During this shift, information started becoming a commodity. Credit card data, bank account numbers, profit and loss statements, personal details, demographic information on large population groups… this proliferation of digital data brought with it unprecedented risk of the most sensitive of information ending up in the hands of the wrong people.
The introduction of online access and the Internet exacerbated this risk. Not only did companies have large amounts of personal information on employees and customers, they also started sharing, selling, and repackaging this data.
The genesis of cybercrime and the modern approach to network security came about as a result of data becoming a commodity. Anything with value can be bought, sold, and most importantly, stolen. Companies now had to face the new reality that their sensitive information needed to be kept safe from cybercriminals.
Network Security as a Fortress
The modern approach to network security is to have as many layers as it takes to keep the cybercriminal from getting at your most important and sensitive information. This is not unlike how medieval fortresses were constructed; The farmlands would be on the very outside, and multiple layers of walls would deter the enemy, with the very most important of possessions and nobility behind the last wall.
This layered strategy exists within cybersecurity as well. Large enterprise organizations often have a wide combination of firewalls, content inspection appliances, endpoint antivirus, proxy servers, and IAM or Network Access Control systems in play, protecting dozens or hundreds of private company networks. Each of these represent a layer of IT security that must be beaten, often prior to encountering the next layer. Make it past the firewall, there might be an Intrusion Prevention System waiting behind that to stop the malicious code from executing. There could be other content inspection processes waiting behind that as well.
In contrast to a brick-and-mortar fortress, there are constant, internal threats to a company network. Employees take laptops home and use them on their home networks. People bring their mobile devices to work and connect to the guest or private network. Each of these two actions could bring an active malware infection onto the network. At that point, DNS-level protection in the form of a firewall or secure web gateway would need to prevent malicious code from downloading or executing.
In the modern security stack, organizations that handle very sensitive information (Social Security numbers, bank account or credit card account numbers) have compliance standards that must be met. These standards stipulate that a minimum level of network security must be applied to protect cardholder and medical data, as well as other types of company or personal information. These security standards are nearly 100% reliant on the network security technology stack, which is designed to keep criminals from breaching your defenses.
The Shift to Cloud Security
At the turn of the 21st century, a new form of computing resource management came about: Virtualization. This new technology allowed an IT Administrator to build massive networks of virtual machines and provide reliable application and server access via the Internet. Starting in 2009, companies like VMware, Apple, Microsoft, Amazon, and Adobe started to provide services and applications in the cloud, and also provided storage for users who were accessing those applications. In many cases, there was no need to install or store anything on a users' endpoint system, as the application itself was running on a cloud-based service.
This shift to the cloud presented another challenge to IT Administrators and Security Specialists. Applications, data, user information, personal information, and company sensitive data were being increasingly stored in the cloud instead of the company network, and the hub-and-spoke security model started to crack under the pressure.
Security software and hardware providers then started that same shift: If cloud apps and data were a security vulnerability, then cloud-delivered cybersecurity was the solution to protect that data, no matter where it was located.
By 2014, security providers were delivering DNS protection, email security, content filtering, and various other tools via the cloud, which reduced the dependency on appliance hardware, brought down backhaul costs, and provided opportunity for companies who were using multiple security vendors to consolidate.
By 2017, companies like Zscaler and OpenDNS had released fully-capable, cloud-based Next Generation Firewall (NGFW) services that rivaled and even surpassed the capabilities of appliance hardware, at a greatly reduced cost. Not only could companies step away from the appliance carousel, they could potentially retire all of their security appliances. Companies with multiple offices who were backhauling traffic to the central office often realized tens or hundreds of thousands of savings yearly just in telco costs, because they no longer had to backhaul through the central office.
This shift to Cloud Security happened fairly naturally. As companies' contracts for security appliances came up for refresh, many organizations would look to the cloud for similar functionality, without having to maintain in-house hardware.