Network Protection: Adding Intelligence to Security

Network protection devices should have the ability to deliver additional control analytics and provide insight into the content and applications users are accessing.

Adding intelligence to a network mitigates risks through real-time situational awareness of network activity, and adds critical transparency to allay fears of potential customers. You can use intelligent network protection to harden network security to restrict data leakage or data theft. You can also audit trails of all network transactions related to a customer’s account, assuring compliance with regulation and standards.

Network protection: business intelligence for data networks

Nowadays the typical business infrastructure depends on network connectivity. Even brief outages or slowdowns can cause significant economic loss. To stay on top of events, hosting companies and Internet service providers need to know what’s going on in their servers. To achieve this goal, monitoring is critical.

By monitoring network traffic, one can…

  1. Resolve issues before clients or users notice a problem.
  2. Discover which applications are using up too much bandwidth.
  3. Reduce costs by buying bandwidth and hardware according to actual load.
  4. Be proactive and deliver a higher quality service to your users.
  5. Quickly troubleshoot network problems.

An efficient approach to 24×7 monitoring for large enterprises, service providers, and SMEs involves automated workflows, intelligent alerting engines, configurable discovery rules, and extendable templates. Effective application of these tools can allow fully capable network protection monitoring systems within hours of installation

Network protection tools:

Business models usual require online connectivity to be both available and secure. As more data and business processes move online, organizations sometimes struggle to protect websites and infrastructure without sacrificing performance for security.
With modern threats bypassing conventional protection systems almost routinely, a new approach to security is imperative.

Network protection is required in order to secure websites and data centers to reduce the risk of downtime and data theft. Below are some common tools used for network protection:

1. Firewalls:

A firewall applies an array of rules that to each packet moving between trusted and untrusted networks. The rules determine whether a packet can pass or not. When it’s a large network that needs protection, the firewall software often runs on its own dedicated hardware. Firewalls can also be helpful for monitoring network traffic.
In general, there are two types of firewalls network protection:

  1. Software-based firewalls are often run as additional programs on computers that are primarily used for other purposes.
  2. Hardware-based firewalls run on a dedicated computer (or appliance). While they often provide better performance than software firewalls, they are also more expensive.

2. IPS: an active network protection security solution:

Intrusion Prevention Systems (IPS), can definitely deliver next-level security technology to provide security at all system levels from the operating system kernel to network data packets. An IPS will support various policies and rules for tracking network traffic and for alerting system or network administrators to suspicious traffic.

Besides triggering alerts in the face of potential attacks, an IPS will also employ active defenses to stop it. An IPS has the ability to prevent known intrusion signatures and can also prevent some unknown attacks due to its database of generic attack behavior. In combination with an IDS and an application layer firewall, a well-designed IPS is generally considered “state of the art” in network protection.

Network-based vs. Host-based IPS

Host-based intrusion prevention systems are used to protect servers and workstations through software which runs between a system’s applications and OS kernel. Network-based intrusion prevention systems intercept all network traffic and monitor it for suspicious activity and events. But while they can both be effective, each has its own limitations:

  • Host-based systems are generally more secure than network-based.
  • Both are costly.
  • Both require regular updates.
  • NIPS implementation is more complicated.

3. IDS: a passive network protection security solution

An Intrusion Detection System (IDS – see this post on Server Security) will look for any suspicious activity and events that might be the result of a virus, worm or hacker. This is done by looking for known intrusion signatures or attack signatures that characterize different worms or viruses and by tracking general variances which differ from regular system activity. The IDS is able to provide notification of only known attacks.

Passive vs. Reactive Systems

In a passive system, the IDS will detect a potential security breach, log the information and signal an alert. In a reactive system, the IDS will respond to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.

Network-based vs. Host-based IDS

Intrusion Detection Systems are network or host-based solutions. Network-based IDS systems (NIDS) are often standalone hardware appliances that include network intrusion detection capabilities. It will usually consist of hardware sensors located at various points along the network or software that is installed on system computers connected to your network. The IDS will analyze data packets entering and leaving the network.

Host-based IDS systems (HIDS) do not offer true real-time detection, but if configured correctly they can reach close to true real-time. Host-based IDS systems consist of software agents installed on individual computers within the system. HIDS analyze the traffic to and from the systems on which they’re installed. HIDS systems often provide features you can’t get with network-based IDS.

4. HIPS (Host IPS) (similar to Antivirus on a consumer PC):

HIPS are installed software packages that analyze events occurring within a host, to monitor for suspicious practices. By monitoring code behavior, HIPS can stop malware from running without requiring that a specific threat already has been added through a detection update.

HIPS are closely related to firewalls: HIPS systems block attempts by a hacker or malware, and encourage the user to react.
Advantages of the HIPS network protection:

  • Monitors other programs.
  • Changes important registry keys for certain events.
  • Stops active malware.
  • Relatively simple: it has a basic set of rules to be followed.
  • Starts before other programs, immediately after device or driver installation.
  • Injects malicious code into a trusted program as it pre-processes the memory access.
  • Very useful for adapting or creating new rules.

Note: It is important that the admin understands the consequences of using HIPS, as it could disable certain system tasks.

Conclusion

Your network still needs to be protected – and never more so than in the cloud. Network protection devices need the ability to provide extra control with analytics and insight into which users are accessing what content and applications.

Avatar

Written by

Sudhi Seshachala

Sudhi is part of Cloud Technology Partners & is a trusted advisor and strategic consultant to many C level executives and IT Directors. He brings 18+ years diverse experience covering software, IT operations, cloud technologies, and management. Have led several global teams in HP, Sun/Oracle, SeeBeyond and few startups to deliver scalable and highly available business/technology products and solutions. He has expertise in systems management, monitoring and integrated SaaS and on-premise applications addressing a wide range of business problems.


Related Posts

Simran Arora
Simran Arora
— August 21, 2020

Docker Image Security: Get it in Your Sights

For organizations and individuals alike, the adoption of Docker is increasing exponentially with no signs of slowing down. Why is this? Because Docker provides a whole host of features that make it easy to create, deploy, and manage your applications. This useful technology is especiall...

Read more
  • DevOps
  • Docker
  • Security
Wendy Dessler
Wendy Dessler
— July 17, 2020

VPN Encryption: How to Find the Best Solution

Each day there are 2.5 quintillion bytes of data created. People in all corners of the earth use the internet all day, every day. When we browse social media, conduct transactions, and search the web, we're leaving behind a digital footprint.  Encryption helps you protect the data yo...

Read more
  • Encryption
  • IPsec
  • Security
  • VPN
Alisha Reyes
Alisha Reyes
— July 16, 2020

Blog Digest: Which Certifications Should I Get?, The 12 Microsoft Azure Certifications, 6 Ways to Prevent a Data Breach, and More

This month, we were excited to announce that Cloud Academy was recognized in the G2 Summer 2020 reports! These reports highlight the top-rated solutions in the industry, as chosen by the source that matters most: customers. We're grateful to have been nominated as a High Performer in se...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • OWASP
  • OWASP Top 10
  • Security
  • VPCs
Bea Potter
Bea Potter
— June 10, 2020

6 Ways to Prevent a Data Breach 

The cloud is a new territory for the digital world. But with all of its benefits, there also come risks and dangers. If your business depends on the cloud to store data, you’re probably facing a number of problems about how to best secure your data. According to studies, as many as 95 p...

Read more
  • data breach
  • Security
Alisha Reyes
Alisha Reyes
— June 2, 2020

Blog Digest: 5 Reasons to Get AWS Certified, OWASP Top 10, Getting Started with VPCs, Top 10 Soft Skills, and More

Thank you for being a valued member of our community! We recently sent out a short survey to understand what type of content you would like us to add to Cloud Academy, and we want to thank everyone who gave us their input. If you would like to complete the survey, it's not too late. It ...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • OWASP
  • OWASP Top 10
  • Security
  • VPCs
Vijayakumar Athithan
Vijayakumar Athithan
— May 8, 2020

OWASP Top 10 Vulnerabilities

Over the last few years, more than 10,000 Open Web Application Security Project (OWASP) vulnerabilities have been reported into the Common Vulnerabilities and Exposures (CVE®) database each year. This is a list of common identifiers for publicly known cybersecurity vulnerabilities. Curr...

Read more
  • Machine Learning
  • OWASP
  • OWASP Top 10
  • Security
Alisha Reyes
Alisha Reyes
— April 30, 2020

Blog Digest: AWS Breaking News, Azure DevOps, AWS Study Guide, 8 Ways to Prevent a Ransomware Attack, and More

  New articles by topic AWS Azure Data Science Google Cloud  Cloud Adoption Platform Updates & New Content Security Women in Tech AWS Breaking News: All AWS Certification Exams Now Available Online As an Advanced AWS Technology Partner, C...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • programming
  • Security
Daniel William
Daniel William
— April 15, 2020

8 Ways to Protect Your Data From a Ransomware Attack

Ransomware attacks have continued to grow both in scope and audacity over the past several years. This type of malware has become one of the biggest cybersecurity threats for enterprises, and experts predict the situation is only going to get worse. The WannaCry ransomware incident o...

Read more
  • attacks
  • data
  • ransomware
  • Security
Alisha Reyes
Alisha Reyes
— March 17, 2020

Cloud Academy’s Blog Digest: How Do AWS Certifications Increase Your Employability, How to Become a Microsoft Certified Azure Data Engineer, and more

With everything going on right now, it's likely that the only thing you've been reading lately is related to the coronavirus pandemic. It's important to stay informed during these times, but it's also good to jump into something that can take your mind off of the current situation for j...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • programming
  • Security
Orion Withrow
Orion Withrow
— December 17, 2019

Azure Security: Best Practices You Need to Know

When it comes to Azure Security best practices, where do you begin? In a lot of ways, Azure is very similar to any other data center. But with that said, Azure can also be very different. Securing Azure can pose many unique challenges. The security of resources hosted in Azure is of the...

Read more
  • Azure
  • azure best practices
  • azure security center
  • Security
Chester Avey
Chester Avey
— November 7, 2019

Cloud Computing Solutions: 7 Trends for the Future

The world of cloud computing is in a state of flux. Not long ago, the cloud was considered an emerging technology, known only to IT specialists. Today it is a part of everyday life – 96% of businesses use the cloud in one form or another, and this number only looks set to grow. Whether ...

Read more
  • Cloud Computing
  • internet of everything
  • multi-cloud
  • Security
  • SEO
Avatar
Stuart Scott
— September 27, 2019

AWS Security Groups: Instance Level Security

Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...

Read more
  • AWS
  • instance security
  • Security
  • security groups