Every network has a security vulnerability – where is yours? In this guest commentary, Keith Bromley from Keysight Technologies shares a three-point plan on how to find your security vulnerability before hackers beat you to it.
Keith Bromley from Keysight Technologies shares his 3-step plan to help you discover your network security vulnerability before hackers do it for you.
One of the top questions on the minds of network security personnel is “how do I reduce my security risk?”
Even for smaller organisations this is important because every network has a weakness. But, do you know where you are the most vulnerable? Wouldn’t you like to fix the problem now, before a hacker exploits it?
Here is a three-point plan that works to expose intrusions and decrease network security risk.
Network security – It all starts with prevention
Inline security solutions are a high impact technique that businesses can deploy to address security threats. These solutions can eliminate 90% or more of incoming security threats before they even enter your network.
Keith Bromley’s 3-pt plan to make your network safer.
- Prevention — Reduce as many attacks from entering the network as possible
- Detection — Find and quickly remediate intrusions that are discovered within the network.
- Vigilance — Periodically test your defenses to make sure they are actually detecting and blocking threats.
While an inline security architecture will not create a foolproof defense against all incoming threats, it provides the crucial data access that security operations (SecOps) teams need to make the real-world security threat load manageable.
It is important to note that an inline security solution is more than just adding a security appliance, like an intrusion prevention system (IPS) or a web application firewall (WAF).
The solution requires external bypass switches and network packet brokers (NPBs) to access and deliver complete data visibility. This allows for the examination of ALL data for suspect network traffic.
Hunt down intrusions
While inline security solutions are absolutely necessary to lowering your risk for a security intrusion, the truth is that something bad will make it into your network.
This is why you need a second level of defense that helps you actively search for threats. To accomplish this task, you need complete visibility into all segments of your network.
About the Author: Keith Bromley is a senior solutions marketing manager at Keysight Technologies, with over 25 years of industry experience in marketing and engineering. Keith is responsible for marketing activities for Keysight’s network visibility and security solutions. As a spokesperson for the industry, Keith is a subject matter expert on network monitoring, network security, management systems, cloud computing, unified communications, IP telephony, SIP, wireless and wireline infrastructure.
At the same time, not all visibility equipment is created equal.
For instance, are your security tools seeing everything they need to?
You could be missing more than 60% of your security threats and not even know it.
This is because some of the vendors that make visibility equipment (like NPBs) drop packets (without alerting you) before the data reaches critical security tools, like an intrusion detection system (IDS).
This missing data contributes significantly to the success of security threats.
A combination of taps, bypass switches, and NPBs provide the visibility and confidence you need that you are seeing everything in your network – every bit, byte, and packet.
Once you have this level of visibility, threat hunting tools and security information and event management (SIEM) systems can proactively look for indicators of compromise (IOC).
Stay vigilant and constantly validate your security architecture
The third level of defense is to periodically validate that your security architecture is working as designed.
This means using a breach and attack simulation (BAS) solution to safely check your defenses against real-world threats.
“This three-point plan can help you ensure that you are doing the most to make your security tools protect your organization now and in the future,” says Keith Bromley, is senior marketing manager at Keysight Technologies.
Routine patch maintenance and annual penetration testing are security best practices; but they don’t replace weekly or monthly BAS-type functions.
For instance, maybe a patch wasn’t applied or was applied incorrectly. How do you know? And penetration tests are only good for a specific point in time.
Once a few weeks or months have passed, new weaknesses will probably exist. And crucially, were the right fixes applied if a vulnerability was found? For these reasons and more, you need to use a BAS solution to determine the current strength of your defenses.
While updating your security tools is great, constant vigilance goes a long way to security your organization.
Tags: insights, intrusions, Keysight, networking, opinions, security, Tech Focus, technology, vulnerability
Or you COULD let hackers find your vulnerabilities for you by outsourcing to Redteams. 😉
Yes indeed. But if you’re managing network security in-house, this would be how you can go about it by rolling up your sleeves.