Three Ways You Can Use the Network to Protect Your Business
Technical Solutions Architect - Cybersecurity
Technology, Innovation, Enterprise Networking, SDN, Security
In our previous blog we spoke about the challenges of keeping businesses secure in today’s dynamic environment, where the number of users, devices and things continue to grow at an unprecedented pace.
Our approach: leverage the network. Why?
First, it’s the most data-rich asset in every business. When you enter the network, you enter the most knowledgeable IT and business platform. A platform that can give you visibility over the who, what, where and when of everything that comes in touch with it. Secondly, it is much easier and more cost effective than adding layers of standalone products and vendors. When those are not integrated - and typically they are not – our adversaries’ job becomes easier, as there will be complexity and less information sharing between these disparate systems. This helps explain why, in a recent study by ESG, 62% of enterprises said they are consolidating the number of cybersecurity vendors they transact with.
For these resons, using the network as a security platform is an integral part of Cisco’s innovation. So if you want to fortify your castle and grow your business with security, here’s 3 ways you can do so by leveraging the network.
Network for visibility
The key principle to an effective security plan is visibility. How can you fight what you can’t see? In order to protect your business, you must be able to see what comes in contact with your network. Only when we are able to identify an asset – say a printer, a phone, a medical cart – and authenticate it or profile it for non-user devices, are we then able to apply a known understanding of its baseline.
To do this, Cisco is leveraging a technology called Netflow that absorbs, stores, models and analyzes all the information that flows through the network. The flows include very detailed information - such as source, destination, protocol information, timestamps, packet sizes, and much more – making it easier to detect any faults. And since we’re leveraging the network to extract this data, there is no requirement for extra taps or other sensors, nor to redesign, recable or supply power to gain visibility. It’s all there in the network.
This visibility also plays a pivotal role in determining if the firewalls and other protection devices are in fact doing their job, if there are any internal threats or if segmentation policy is correct – which brings us to the second reason why networking is critical in security.
Network for segmentation
As discussed in the previous blog, segmentation policy is built around trust. And once we have visibility into the connected systems, segmentation allows to define the privileges or trust between these systems. This is highly relevant given the volume of users and things that are connected in a business, but differ in terms of profile. The trust relationship between a user in the headquarters talking to an internal HR website is very different from a contractor at the branch talking to the core banking application, and as such, should be treated differently.
After the policy has been implemented, we can continue to see the traffic (Netflow) and if any of the established trust relationships (segmentation) have been broken, we can alert or take reactionary measures. In the case of the user access to the HR system, if we were to see something malicious or a user’s device shows symptoms of malicious intent, we can dynamically adjust the trust policy to enforce a more restrictive set of rules.
The beauty of this is that now it can all be done automatically, with Cisco’s Software-Defined Access, helping businesses decrease the time and costs once spent on these tasks.
Network to crack the hidden information
Encryption is a great tool for data privacy and, because of this, the majority of our traffic is already encrypted. However, it is also a great tool for the bad guys to hide what they’re doing. A tool for us is a tool for them. But what if we could see symptoms of malicious traffic, even when encrypted?
In keeping with innovation in the network, Cisco has created Encrypted Traffic Analytics (ETA), which is an embedded capability within our latest switching and routing platforms. Without breaking into the flow, ETA allows us to further inspect data traffic, identify key characteristics of a connection, export that into the Netflow collection platform, and find threats with 99.9% accuracy. By combing the collection of netflow data with the enhanced telemetry from the network for encrypted data, we’re able to add enhanced capabilities within existing products.
Bring it all together
All of these 3 things can be done by enabling technology capabilities, but not adding more boxes to to an already complex infrastructure. It truly can be as straightforward as identifying the users, enforcing the policy and continuously monitor traffic flows to ensure the effectiveness of that segmentation policy. This approach reduces the risk for companies and allows for a flexible yet strict network architecture.
Learn more about Cisco’s security portfolio.