If you’re a network engineer or have been following some of the recent trends in network security space, you may have come across terms such as “erosion of trust”, “zero trust ecosystem”, “the increased attack surface” and “new attack vectors”. What this means for a network engineer is that as application migrate from on-prem to cloud, and trends like mobility and IoT vastly expand the scale of assets and forms of access to be secured, traditional network security, which historically was centered around securing the perimeter of your network, is no longer sufficient.
I was recently reading the Symantec Internet Security Report. This report has been quite appropriately themed as “2013: Year of the Mega-Breach”. In particular, the Point-of-Sale type of attack, mostly prevalent in the retail segment of the market, is a great indicator of the anatomy of a typical breach. So I’ll use that as an illustrative example for the purposes of this post.
Traditional perimeter security such as firewalls and IPS are effective tools for defending against Phase 1 -- the Infiltration phase in the above lifecycle. The network infrastructure plays a critical role much beyond defending against Phase 1. In fact, network infrastructure technologies including network segmentation, access control, and traffic analytics can help accelerate discovery and defend against the entire lifecycle of a data breach across all 5 phases of an attack. This is not just for outsider threats and infiltrations but also for any kind of access -- including internal wired/wireless access from your corporate environment and remote user access.
In particular, the network is your defense to prevent an intruder or malicious user from accessing the most sensitive resources -- the “crown jewel” pieces of data -- in your environment. With appropriate network segmentation and access control policies in place, you can help ensure that only authenticated users with the appropriate privileges are allowed access at Layer2/Layer3 to the resources where your protected data resides. The Cisco Unified Access architecture provides solutions for authenticated identity and role-based network segmentation for your entire network with Cisco TrustSec.
Beyond that, network security analytics against network traffic is emerging as a way to discover several activities on your network which may pose a security risk -- right from IP/MAC spoofing and DoS attacks to more recent and sophisticated forms of attack vectors including malware/APTs and Botnet activity. Flexible NetFlow capabilities are built into the Cisco Unified Access Catalyst 3850/3650, Catalyst 4500E with Sup8E, Catalyst 6800 and WLC5760. Cisco’s NetFlow with Lancope’s StealthWatch Flexible NetFlow analyzer provides the industry’s most sophisticated network analytics with unprecedented threat-centric visibility.
In particular, I’d like to highlight a couple of recent case studies of Cisco IT with Cisco’s Flexible NetFlow and Lancope and an Austrian manufacturer who adopted TrustSec as cases where these technologies have not only improved the security posture for the organization, but also streamlined and improved efficiency of their security operations.
upcoming (now!) on demand webinar on “Securing your network with Catalyst Switches”, I’ll be talking more about how the Cisco Unified Access architecture with Catalyst Switching can help improve your network’s security with solutions for network visibility, access security, access control and segmentation.