Timothy Liu is the CTO and cofounder of Hillstone Networks.
getty
I remember being very excited when I first started working from home. My home felt like an extension of my office, and I had almost unlimited access to corporate resources. I was thrilled about the freedom remote work offered me and my colleagues. However, I wondered if my network security was ready for this new working method. After all, remote work is the future—but are we prepared for it?
The distinction between work and home, or the conventional network perimeter, has vanished entirely due to the rapid expansion of remote work caused by the Covid-19 pandemic and the emergence of cloud computing. As a result, borderless networks have become more complex, and devices and applications are now commonly used. These factors make it challenging to manage security and identify vulnerabilities in the environment.
In addition, sophisticated threats such as advanced persistent threats (APTs) are becoming more widespread. Even insiders can pose a significant security challenge by circumventing the perimeter with legitimate access.
Is your network security ready for the future?
Over the years, many organizations have built their networks on outdated security systems and infrastructure not designed to secure a network with a vanishing perimeter. When I started working remotely, I became concerned about the security of my corporate network, and I still have the same concerns listed below for many organizations that support remote work.
Lack Of Visibility
Modern network security heavily relies on encryption. However, encrypted traffic makes it challenging for traditional security inspection tools such as firewalls and intrusion prevention systems (IPS) to analyze the payload contents. This lack of visibility makes it difficult for security teams to detect and respond to security threats efficiently.
Malware Communicating Back To Command And Control
Malware is a widespread problem that utilizes domain generation algorithms (DGAs) to create random domain names for connecting to command and control servers. DGAs allow attackers to generate a massive number of domain names dynamically, making it hard for security solutions to blacklist or block malicious domains effectively. Traditional security measures based on static blacklists or signatures are often insufficient against domains generated by DGAs.
Weak Abnormal Traffic Patterns Identification
Identifying legitimate traffic within attacks is challenging. Traditional security mechanisms often have problems distinguishing between genuine traffic spikes, flash crowds and distributed denial of service (DDoS) attacks.
Expanded Attack Surface
The attack surface expands significantly as employees access corporate resources from different locations and devices, including their personal devices and public networks. This makes it easier for threat actors to exploit vulnerabilities and gain unauthorized access to sensitive data and systems.
Insider Threats
Excessive access privileges increase the risk of insider threats where malicious insiders or compromised accounts misuse their privileges to steal data, disrupt operations or cause other harm to the organization. Detecting and mitigating insider threats requires comprehensive monitoring and behavioral analytics capabilities.
Insecure SD-WAN
SD-WAN is primarily a networking solution for routing traffic to its destination faster and more efficiently. However, many SD-WAN solutions do not provide advanced security features. Therefore, organizations must implement advanced security inspection and policy enforcement to protect employees and organizations from advanced cybersecurity threats.
Monitoring and analyzing network traffic across a WAN can be challenging, particularly when traffic is encrypted or passes through third-party networks. Limited visibility into network traffic makes it difficult to detect and respond to security incidents quickly.
Building More Robust Network Security For The Future
While modern network security can help overcome the challenges of vanishing network perimeters, transitioning to a future-ready network security strategy requires planning. Here are five steps to take toward a future-ready network security model.
1. Inspect encrypted traffic.
Encrypted traffic has become increasingly common these days, and it poses a challenge to security measures that cannot inspect the contents of these packets. However, machine learning algorithms can analyze patterns in encrypted traffic and identify anomalies that may indicate a threat. By studying these patterns, machine learning can help organizations detect and prevent attacks that may go unnoticed.
2. Use good machines to defeat the bad machines.
Relying on traditional security measures to protect against the constantly changing domains generated by DGAs is becoming increasingly difficult. Implementing a machine-learning mechanism can help analyze DNS traffic patterns and identify domains likely to be generated by DGAs.
3. Use machines against an army of machines.
DDoS attacks can inundate a network with traffic, making it difficult to operate. One effective way to mitigate DDoS attacks is to use machine learning algorithms to analyze traffic patterns. Machine learning tools can dynamically and automatically identify and establish thresholds, which can help mitigate DDoS attacks more accurately.
4. Less access is more security.
Implement zero trust network access (ZTNA) solutions, which I have written about in a prior Forbes blog post. Implementing a ZTNA strategy requires four significant steps: identifying resources and applications, developing a ZTNA policy, upgrading legacy security solutions for ZTNA, and monitoring and managing the ZTNA solution.
5. Ensure SD-WAN security and eliminate blindspots.
Advanced security and threat detection capabilities should be operational on all WAN links, including intrusion prevention, anti-DoS/DDoS, protocol anomaly URL filtering and Botnet C&C protection. Additionally, SD-WAN must provide visibility at the edge and solutions that offer intelligence beyond your network into your applications.
Conclusion
To overcome the security challenges associated with the vanishing network perimeter, you need a proactive and multifaceted approach that can adapt to the evolving threat landscape and changing network architectures. Several strategies can be implemented to address these challenges, including leveraging machine learning, adhering to the principle of least access and reassessing the security posture of your SD-WAN.
By integrating and coordinating these strategies, you can enhance your network security posture and mitigate the risks associated with the vanishing network perimeter.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
