Skip to main content

Network Protection: Adding Intelligence to Security

Network protection devices should have the ability to deliver additional control analytics and provide insight into the content and applications users are accessing.

Adding intelligence to a network mitigates risks through real-time situational awareness of network activity, and adds critical transparency to allay fears of potential customers. You can use intelligent network protection to harden network security to restrict data leakage or data theft. You can also audit trails of all network transactions related to a customer’s account, assuring compliance with regulation and standards.

Network protection: business intelligence for data networks

Nowadays the typical business infrastructure depends on network connectivity. Even brief outages or slowdowns can cause significant economic loss. To stay on top of events, hosting companies and Internet service providers need to know what’s going on in their servers. To achieve this goal, monitoring is critical.

By monitoring network traffic, one can…

  1. Resolve issues before clients or users notice a problem.
  2. Discover which applications are using up too much bandwidth.
  3. Reduce costs by buying bandwidth and hardware according to actual load.
  4. Be proactive and deliver a higher quality service to your users.
  5. Quickly troubleshoot network problems.

An efficient approach to 24×7 monitoring for large enterprises, service providers, and SMEs involves automated workflows, intelligent alerting engines, configurable discovery rules, and extendable templates. Effective application of these tools can allow fully capable network protection monitoring systems within hours of installation

Network protection tools:

Business models usual require online connectivity to be both available and secure. As more data and business processes move online, organizations sometimes struggle to protect websites and infrastructure without sacrificing performance for security.
With modern threats bypassing conventional protection systems almost routinely, a new approach to security is imperative.

Network protection is required in order to secure websites and data centers to reduce the risk of downtime and data theft. Below are some common tools used for network protection:

1. Firewalls:

A firewall applies an array of rules that to each packet moving between trusted and untrusted networks. The rules determine whether a packet can pass or not. When it’s a large network that needs protection, the firewall software often runs on its own dedicated hardware. Firewalls can also be helpful for monitoring network traffic.
In general, there are two types of firewalls network protection:

  1. Software-based firewalls are often run as additional programs on computers that are primarily used for other purposes.
  2. Hardware-based firewalls run on a dedicated computer (or appliance). While they often provide better performance than software firewalls, they are also more expensive.

2. IPS: an active network protection security solution:

Intrusion Prevention Systems (IPS), can definitely deliver next-level security technology to provide security at all system levels from the operating system kernel to network data packets. An IPS will support various policies and rules for tracking network traffic and for alerting system or network administrators to suspicious traffic.

Besides triggering alerts in the face of potential attacks, an IPS will also employ active defenses to stop it. An IPS has the ability to prevent known intrusion signatures and can also prevent some unknown attacks due to its database of generic attack behavior. In combination with an IDS and an application layer firewall, a well-designed IPS is generally considered “state of the art” in network protection.

Network-based vs. Host-based IPS

Host-based intrusion prevention systems are used to protect servers and workstations through software which runs between a system’s applications and OS kernel. Network-based intrusion prevention systems intercept all network traffic and monitor it for suspicious activity and events. But while they can both be effective, each has its own limitations:

  • Host-based systems are generally more secure than network-based.
  • Both are costly.
  • Both require regular updates.
  • NIPS implementation is more complicated.

3. IDS: a passive network protection security solution

An Intrusion Detection System (IDS – see this post on Server Security) will look for any suspicious activity and events that might be the result of a virus, worm or hacker. This is done by looking for known intrusion signatures or attack signatures that characterize different worms or viruses and by tracking general variances which differ from regular system activity. The IDS is able to provide notification of only known attacks.

Passive vs. Reactive Systems

In a passive system, the IDS will detect a potential security breach, log the information and signal an alert. In a reactive system, the IDS will respond to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.

Network-based vs. Host-based IDS

Intrusion Detection Systems are network or host-based solutions. Network-based IDS systems (NIDS) are often standalone hardware appliances that include network intrusion detection capabilities. It will usually consist of hardware sensors located at various points along the network or software that is installed on system computers connected to your network. The IDS will analyze data packets entering and leaving the network.

Host-based IDS systems (HIDS) do not offer true real-time detection, but if configured correctly they can reach close to true real-time. Host-based IDS systems consist of software agents installed on individual computers within the system. HIDS analyze the traffic to and from the systems on which they’re installed. HIDS systems often provide features you can’t get with network-based IDS.

4. HIPS (Host IPS) (similar to Antivirus on a consumer PC):

HIPS are installed software packages that analyze events occurring within a host, to monitor for suspicious practices. By monitoring code behavior, HIPS can stop malware from running without requiring that a specific threat already has been added through a detection update.

HIPS are closely related to firewalls: HIPS systems block attempts by a hacker or malware, and encourage the user to react.
Advantages of the HIPS network protection:

  • Monitors other programs.
  • Changes important registry keys for certain events.
  • Stops active malware.
  • Relatively simple: it has a basic set of rules to be followed.
  • Starts before other programs, immediately after device or driver installation.
  • Injects malicious code into a trusted program as it pre-processes the memory access.
  • Very useful for adapting or creating new rules.

Note: It is important that the admin understands the consequences of using HIPS, as it could disable certain system tasks.

Conclusion

Your network still needs to be protected – and never more so than in the cloud. Network protection devices need the ability to provide extra control with analytics and insight into which users are accessing what content and applications.

Avatar

Written by

Sudhi Seshachala

Sudhi is part of Cloud Technology Partners & is a trusted advisor and strategic consultant to many C level executives and IT Directors. He brings 18+ years diverse experience covering software, IT operations, cloud technologies, and management. Have led several global teams in HP, Sun/Oracle, SeeBeyond and few startups to deliver scalable and highly available business/technology products and solutions. He has expertise in systems management, monitoring and integrated SaaS and on-premise applications addressing a wide range of business problems.

Related Posts

Avatar
Adam Hawkins
— April 16, 2019

The Convergence of DevOps

IT has changed over the past 10 years with the adoption of cloud computing, continuous delivery, and significantly better telemetry tools. These technologies have spawned an entirely new container ecosystem, demonstrated the importance of strong security practices, and have been a catal...

Read more
  • DevOps
  • Security
Avatar
Adam Hawkins
— March 21, 2019

How DevOps Increases System Security

The perception of DevOps and its role in the IT industry has changed over the last five years due to research, adoption, and experimentation. Accelerate: The Science of Lean Software and DevOps by Gene Kim, Jez Humble, and Nicole Forsgren makes data-backed predictions about how DevOps p...

Read more
  • DevOps
  • Security
Avatar
Stuart Scott
— November 29, 2018

New Security & Compliance Service: AWS Security Hub

This morning’s Andy Jassy keynote was followed by the announcement of over 20 new services across a spectrum of AWS categories, including those in Security and Compliance, Database, Machine Learning, and Storage.  One service that jumped out to me was the AWS Security Hub, currently...

Read more
  • AWS
  • re:Invent 2018
  • Security
Alex Brower
Alex Brower
— October 17, 2018

Interview: Q&A with John Visneski

Security is a top priority for organizations of all types, with research firm IDC projecting 10% spending growth to $91 billion dollars in 2018. For leadership, security is important considering the cost, regulation, and reputation at stake when breaches occur. According to a joint ...

Read more
  • Security
John Visneski
John Visneski
— October 2, 2018

Building Security Teams in a Competitive Talent Market: These Are The Droids You’re Looking for

John Visneski is the Head of Security and DPO at The Pokemon Company International. If you missed the webinar we organized in collaboration with John Visneski you can still watch it on demand, simply click here. The reasoning behind the popularity of this perspective is clear, if no...

Read more
  • Security
Albert Qian
Albert Qian
— September 25, 2018

Microsoft Ignites Cloud Industry With Nadella Keynote

On Monday, Microsoft kicked off its Ignite conference, an annual gathering of developers and IT professionals. Over the next week, attendees will learn about upcoming Microsoft innovations in IoT, artificial intelligence, machine learning, and cloud (all while getting some good networki...

Read more
  • Events
  • IoT
  • Machine Learning
  • Security
Avatar
Cloud Academy Team
— August 29, 2018

4 Reasons You Need to Include Business Stakeholders in Cloud Training

Digital transformation is changing how organizations in every industry approach their business strategy, serving as the foundation of their technology initiatives. Chief among this includes cloud adoption, which is not just a path to IT savings, but also increasingly where companies are...

Read more
  • Cloud Adoption
  • Security
Aaron McKeown
Aaron McKeown
— August 1, 2018

Build a Security Culture Within Your Organization

At this year’s AWS Summit Sydney, I was invited to speak about security culture and share a few practical examples of how organizations can build a positive security culture through increased visibility and enablement at all levels. But, what is a positive security culture?At Xero, we...

Read more
  • Security
Albert Qian
Albert Qian
— June 19, 2018

Preparing for the Microsoft Azure 70-535 Exam

(Update) The Azure 70-535 exam was retired on December 31, 2018, and it was replaced by the AZ-300 and AZ-301 exams. To prepare for these exams, we recommend the Cloud Academy's AZ-300 Exam Preparation: Technologies for Microsoft Azure Architects and the AZ-301 Exam Preparation: Designi...

Read more
  • Azure
  • Compute
  • Database
  • Security
Avatar
Stuart Scott
— May 17, 2018

4 Best Practices to Get Your Cloud Deployments GDPR Ready

With GDPR coming into force later this month, security and compliance will be the top-most priority for any cloud deployment that contains personal data of EU citizens.While leading providers have moved to make their platforms and services compliant, ensuring compliance requires more ...

Read more
  • GDPR
  • Security
Avatar
Cloud Academy Team
— May 7, 2018

AWS Summit London 2018: Our Top Picks

Cloud Academy is proud to be a sponsor of AWS Summit London coming up May 9-10 at the ICC, ExCeL, London.Join us in booth S24, Level 1 where our AWS experts will be on hand to answer your questions and walk you through our latest content and newest platform features.Ask us about y...

Read more
  • AWS Summits
  • GDPR
  • Security
Avatar
George Gerchow
— March 26, 2018

GDPR Compliance: Low Cost, Zero-Friction Action Items

George Gerchow is Chief Security Officer at Sumo Logic and Adjunct Honorary Lecturer at Cloud Academy. View the on-demand recording of our recent webinar, Establishing a Privacy Program: GDPR Compliance & Beyond with Mr. Gerchow and Jen Brown, Data Protection Officer at Sumo Logic....

Read more
  • GDPR
  • Security