Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Remaining Nimble During Times of Rapid Change

There is an adage that goes, “the only constant is change.” And that has never been more true than right now, as organizations are having to rapidly adapt to current world events at an unprecedented pace. And traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security. 

There is an adage that goes, “the only constant is change.” And that has never been more true than right now, as organizations are having to rapidly adapt to current world events at an unprecedented pace. And traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security. 

This is especially true now as security leaders have to support the rapid transition of the network to a secure remote access model. During such transitions, fixed-in-place security solutions – and their rigid policies and configurations – struggle to keep up. Network connections that can change instantaneously in response to shifting business requirements can take a security solution minutes or hours to be reconfigured. And that lag time is prime for exploitation. 

Six Critical Elements of an Agile Security Strategy

To close that gap, security administrators need to leverage critical security solutions and strategies to ensure that security can function as nimbly and quickly as the networks they need to protect. But rather than addressing this challenge using a one-off solution, as many organizations under severe time constraints may be inclined to do, they must instead be part of a broader and tightly integrated security-driven networking strategy.

This approach not only solves the problem at hand but can also be easily adapted over the next few weeks and months to augment and further refine the initial strategy. The ultimate goal for network changes is that they should work together as a single, integrated system. An agile security solution enables security functionality to define the limits of network expansion to ensure that new initiatives don’t open up the attack surface to exploitation.

For many organizations, all of their initial secure teleworker solutions are now in place. What’s next will be to enhance and further secure this new networking model with agile security solutions designed to roll seamlessly into your current security strategy.

1. Endpoint controls – As end-users seek network access from remote locations, many may be using personal devices that are connected to home networks that include children engaged in e-school, other remote teleworkers, and even game, entertainment, and home security solutions. This can expose these devices to infection and risk. So in addition to VPN software that simply provides a secure connection back to the core network, they need an agent that can share the security state of the endpoint device and an endpoint management system that can push appropriate security and access policies and updates back to the endpoint device. 

In addition, new EDR (endpoint detection and response) solutions provide real-time threat protection for endpoints both pre- and post-infection. In addition to things like advanced antivirus tools to detect and eliminate threats, they also have the ability to detect live threats and defuse them before they are able to execute, enabling endpoint devices to continue functioning securely without extended reimaging or other measures from the remote helpdesk.

Advertisement. Scroll to continue reading.

2. Dynamic cloud access – Automated security and access controls also need to be applied to users and devices seeking remote access to cloud-based resources. Because users are no longer accessing cloud services from inside the network perimeter, organizations can lose visibility and control over who is accessing SaaS and other cloud resources, and how those resources are being used. The other challenge is that remote workers who are using a split tunnel model to directly access the internet are also being exposed to online threats that the core network security solutions were protecting them against.

There are a wide range of cloud-based controls that can fill these gaps, ranging from security services placed in cloud environments, such as cloud-based email or web filters, to cloud application security broker (CASB) solutions designed to protect access to SaaS applications such as Salesforce or Office 365.

3. Network access control: Implementing a massive teleworker program can create a network access nightmare. Even with a VPN and multifactor authentication place, organizations still need to control which devices can connect to the corporate network, and when they connect, which resources they have access to. Network Access Control can see and identify everything connected to the network, as well as control those devices and users, including dynamic, automated responses. 

NAC solutions enable IT teams to see every device and user as they connect. They also provide the ability to limit where devices can go on the network, such as older personal devices that require patching and system upgrades. And they provide continuous monitoring combined with automated response to automatically react to devices that fall out of policy or begin to misbehave.

4. Network segmentation – The next step is to ensure that devices, applications, and workflows are separated, secured, and monitored once they gain network access. In most organizations, once a hacker or piece of malware manages to get past a network access control point, virtually no active network scanning is taking place. Which is why the average dwell time of an attack is anywhere from 49 to 150 days. Network segmentation ensures that all devices, users, data, applications, and workflows are automatically assigned to a specific, security-based segment of the network the moment they gain network access or are initiated by an internal device. This not only ensures that edge-based policies are extended deep into the network, but that workflows initiated inside the perimeter are isolated and protected, from origination to destination.

5. AI-based threat intelligence – Adding automation, machine learning, and artificial intelligence to your network management and control systems help your organization identify and respond to new threats in near real-time. For example, AI-driven intelligence can quickly pivot to new COVID-based threats and lures as the cyber-criminal community embraces a new attack vector, rooting out attacks before security analysts are even aware of them. These systems can also correlate the massive amount of data now being generated by remote workers to identify even the most evasive threats, and then take direct, immediate action to shut them down.

6. Integrated security management – Of course, even though the location of your workers may have shifted, the same management tools that are needed for normal operation continue to remain important (and useful) during remote operations. Tools designed to consolidate, simplify, and automate the management of multiple security devices is essential when human resources are necessarily focused on other priorities. 

With the Right Tools in Place, Change can Occur Rapidly and Organically

Deploying security tools and strategies such as these, built around a unified and integrated security fabric, ensure that security administrators can quickly and easily provide full security protections to even the most dynamic and rapidly changing elements of their network. It also ensures that radical changes in network environments, such as the rapid rollout of a corporate-wide secure remote worker strategy, are not only done with confidence but that the tools needed to enhance that transition over the next weeks and months can be deployed quickly and cost-effectively.

Learn More at SecurityWeek’s Security Summit Virtual Event Series

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.