Along with networking’s continuous advances come new security threats, which multiply seemingly by the day. The dynamic nature of attacks demands dynamic multipoint security solutions.
Network management systems, with their monitoring capabilities and unified views into infrastructure dynamics, give IT organizations a powerful weapon for fighting cyberthreats. To secure today’s distributed networks, IT teams also must develop defense-in-depth strategies that combine network-enforced security technologies with best practices.
The following products should be part of every IT organization’s network security toolset:
1. Intrusion detection and prevention systems
IDS and IPS tools help IT staff identify and protect their wired and wireless networks against several security threat types. These technologies, like several other categories of network security tools, are being deployed with greater frequency as networks grow in size and complexity. Annual IPS revenues are expected to more than double between 2012 and 2017 (from $1.21 billion to $2.44 billion) according to estimates from the research and analysis firm Frost & Sullivan.
Both IDS and IPS solutions detect threat activity in the form of malware, spyware, viruses, worms and other attack types, as well as threats posed by policy violations. IDS tools passively monitor and detect suspicious activity; IPS tools perform active, in-line monitoring and can prevent attacks by known and unknown sources. Both tool types can identify and classify attack types.
Anti-malware network tools help administrators identify, block and remove malware. They enable the IT department to tailor its anti-malware policies to identify known and unknown malware sources, for example, or surveil specific users and groups.
Malware is always on the lookout for network vulnerabilities — in security defenses, operating systems, browsers, applications and popular targets such as Adobe Flash, Acrobat and Reader — that they can exploit to fully access a victim’s network. Best practices call for a multipronged defense that might also include IP blacklisting, data loss prevention (DLP) tools, anti-virus and anti-spyware software, web browsing policies, egress filtering, and outbound-traffic proxies.
3. Mobile device management
MDM software bolsters network security through remote monitoring and control of security configurations, policy enforcement and patch pushes to mobile devices. Further, these systems can remotely lock lost, stolen or compromised mobile devices and, if needed, wipe all stored data.
4. Network access control
NAC products enforce security policy by granting only security policy–compliant devices access to network assets. They handle access authentication and authorization functions and can even control the data that specific users access, based on their ability to recognize users, their devices and their network roles.
5. Next-generation firewalls
This technology expands on traditional stateful inspection to provide next-generation network security services, including application visibility and control and web security essentials. Next-generation firewalls also improve on standard firewall capabilities through application-awareness features.
6. Authentication and authorization
Traditional directory-based services, such as Active Directory, authenticate users and grant access based on authorization rules. Newer identity-based security technologies manage authentication and authorization through such methods as digital certificates and public key infrastructure solutions. Additional security is provided by the SNMP protocol itself. The most recent version, SNMPv3, provides authentication, authorization and encryption capabilities lacking in the previous two versions.