Connect with us

Hi, what are you looking for?


Network Security

Perimeter vs Persistent Security: Five Steps to Ensure Network Security

Enterprises Must Formulate a Plan of Action Through Testing and Remediate Issues Before They Get Out of Control

Enterprises Must Formulate a Plan of Action Through Testing and Remediate Issues Before They Get Out of Control

Enterprise security used to be dependent on network boundaries. Data sat on tightly guarded systems in the data center, and the network was locked down at the perimeter, preventing anyone without authorization from worming their way in. From every access angle, the enterprise maintained tight control over their infrastructure, apps and data.

Digital transformation, self-service and the cloud certainly have changed this dynamic. Users with little IT or cybersecurity training are now responsible for IT systems that run newly automated business processes. At the same time, mission-critical workloads have migrated from static data center architectures to dynamic cloud architectures —even across multi-cloud environments—where the underlying infrastructure is owned, managed and secured by one or more third-party providers.

The result is that enterprises have lost much of the definition that made perimeter defenses possible. Hackers can probe cloud systems or target unsavvy users, looking for weak links that they can exploit. Once in, they can lay and wait for weeks—even months—searching for a chance to gain access to valuable information. Traditional perimeter defenses—while still a vital component of an enterprise security strategy—provide limited protection against attacks that originate inside the network. Enterprises need to rethink security to focus less on the perimeter and more on identifying anomalies in user and network behavior that may be indicators of an attack in progress.

In addition to these issues, the rollout of the General Data Protection Regulation (GDPR) in May is also forcing enterprises to rethink how they approach information security.  It forces enterprises to take greater responsibility for the impact data breaches have on customers, employees and partners. Under the EU law, companies that suffer any breach of personally-identifiable information (PII) is liable up to 4 percent of annual global revenue. While the public has largely borne the brunt of previous breaches, GDPR will force organizations to take greater financial responsibility over their protection of PII since failure means a large hit to their bottom line.

Network visibility and network security testing are critical components of a persistent security strategy. Rather than try to defend against threats only at the perimeter like traditional security approaches, organizations need to be able to quickly identify threats and vulnerabilities inside the network, formulate a plan of action through testing and remediate issues before they get out of control.

Here are five steps enterprises can take to rethink their security strategies:

Advertisement. Scroll to continue reading.

1. Assign roles specific to these new threats

One of the most important things an enterprise can do is assign specific roles to take on greater responsibility for data security. Rather than spreading responsibility across the IT department or giving an existing manager additional responsibility, putting a single person or team in charge ensures that a persistent security strategy will be given the attention it deserves.

2. Audit data and infrastructure immediately

This new role needs access to information to do the job properly—and this begins and ends with visibility inside the network. Enterprises need to know exactly what data they are dealing with, what policies need to be attached to each type of data, who has access to that data, and where workloads accessing critical data are running—whether they are running in a private, public or multi-cloud environment. It is also important to document data capture methods for compliance. An initial audit, in addition to ongoing asset discovery, is essential to understanding security and compliance postures in real-time.  This enables the enterprise to identify what and where it may be vulnerable, so action can be taken to close those gaps.

3. Create baselines

Once the enterprise has a solid understanding of its data and who should have access, it needs to take steps to capture expected behaviors. Things like what roles within the organization should have access to what data, who should not have access, and how that access is granted or denied, should be recorded and turned into a baseline of expected behavior.

4. Monitor for abnormalities

Enterprises then need to monitor user and network behavior against these established baselines to identify anomalies in expected behavior. A user downloading terabytes of data should set off red flags. A user with marketing credentials should not be accessing server logs. Critical development information should not be downloaded to an unknown offsite server. The enterprise must ensure that no mechanisms, such as these, are being put into place that would enable a breach to take place.

5. Ensure security data is also secured

Lastly, enterprise security teams need to get their own houses in order. PII, included in everything from vlogs to personnel data, needs to be secured through masking technologies. Information, such as social security or credit card numbers, can be routed into masking appliances and inked or x’ed out. That way, the team in charge of security is not the weak link.

The world of business is changing, and enterprise security needs to keep pace. Emerging regulations are making companies take more responsibility for PII including the financial repercussions of a breach. It is critical that enterprises assign specific roles to meet these new challenges, get a better understanding of current security states, understand expected behavior, monitor for abnormal behavior and deploy masking technologies to ensure PII is always protected.

Written By

Marie Hattar is chief marketing officer (CMO) at Keysight Technologies. She has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before becoming Keysight’s CMO, Marie was CMO at Ixia and at Check Point Software Technologies. Prior to that, she was Vice President at Cisco where she led the company’s enterprise networking and security portfolio and helped drive the company’s leadership in networking. Marie also worked at Nortel Networks, Alteon WebSystems, and Shasta Networks in senior marketing and CTO positions. Marie received a master’s degree in Business Administration in Marketing from York University and a Bachelor’s degree in Electrical Engineering from the University of Toronto.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...