Network Protection: Adding Intelligence to Security

Network protection devices should have the ability to deliver additional control analytics and provide insight into the content and applications users are accessing.

Adding intelligence to a network mitigates risks through real-time situational awareness of network activity, and adds critical transparency to allay fears of potential customers. You can use intelligent network protection to harden network security to restrict data leakage or data theft. You can also audit trails of all network transactions related to a customer’s account, assuring compliance with regulation and standards.

Network protection: business intelligence for data networks

Nowadays the typical business infrastructure depends on network connectivity. Even brief outages or slowdowns can cause significant economic loss. To stay on top of events, hosting companies and Internet service providers need to know what’s going on in their servers. To achieve this goal, monitoring is critical.

By monitoring network traffic, one can…

  1. Resolve issues before clients or users notice a problem.
  2. Discover which applications are using up too much bandwidth.
  3. Reduce costs by buying bandwidth and hardware according to actual load.
  4. Be proactive and deliver a higher quality service to your users.
  5. Quickly troubleshoot network problems.

An efficient approach to 24×7 monitoring for large enterprises, service providers, and SMEs involves automated workflows, intelligent alerting engines, configurable discovery rules, and extendable templates. Effective application of these tools can allow fully capable network protection monitoring systems within hours of installation

Network protection tools:

Business models usual require online connectivity to be both available and secure. As more data and business processes move online, organizations sometimes struggle to protect websites and infrastructure without sacrificing performance for security.
With modern threats bypassing conventional protection systems almost routinely, a new approach to security is imperative.

Network protection is required in order to secure websites and data centers to reduce the risk of downtime and data theft. Below are some common tools used for network protection:

1. Firewalls:

A firewall applies an array of rules that to each packet moving between trusted and untrusted networks. The rules determine whether a packet can pass or not. When it’s a large network that needs protection, the firewall software often runs on its own dedicated hardware. Firewalls can also be helpful for monitoring network traffic.
In general, there are two types of firewalls network protection:

  1. Software-based firewalls are often run as additional programs on computers that are primarily used for other purposes.
  2. Hardware-based firewalls run on a dedicated computer (or appliance). While they often provide better performance than software firewalls, they are also more expensive.

2. IPS: an active network protection security solution:

Intrusion Prevention Systems (IPS), can definitely deliver next-level security technology to provide security at all system levels from the operating system kernel to network data packets. An IPS will support various policies and rules for tracking network traffic and for alerting system or network administrators to suspicious traffic.

Besides triggering alerts in the face of potential attacks, an IPS will also employ active defenses to stop it. An IPS has the ability to prevent known intrusion signatures and can also prevent some unknown attacks due to its database of generic attack behavior. In combination with an IDS and an application layer firewall, a well-designed IPS is generally considered “state of the art” in network protection.

Network-based vs. Host-based IPS

Host-based intrusion prevention systems are used to protect servers and workstations through software which runs between a system’s applications and OS kernel. Network-based intrusion prevention systems intercept all network traffic and monitor it for suspicious activity and events. But while they can both be effective, each has its own limitations:

  • Host-based systems are generally more secure than network-based.
  • Both are costly.
  • Both require regular updates.
  • NIPS implementation is more complicated.

3. IDS: a passive network protection security solution

An Intrusion Detection System (IDS – see this post on Server Security) will look for any suspicious activity and events that might be the result of a virus, worm or hacker. This is done by looking for known intrusion signatures or attack signatures that characterize different worms or viruses and by tracking general variances which differ from regular system activity. The IDS is able to provide notification of only known attacks.

Passive vs. Reactive Systems

In a passive system, the IDS will detect a potential security breach, log the information and signal an alert. In a reactive system, the IDS will respond to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.

Network-based vs. Host-based IDS

Intrusion Detection Systems are network or host-based solutions. Network-based IDS systems (NIDS) are often standalone hardware appliances that include network intrusion detection capabilities. It will usually consist of hardware sensors located at various points along the network or software that is installed on system computers connected to your network. The IDS will analyze data packets entering and leaving the network.

Host-based IDS systems (HIDS) do not offer true real-time detection, but if configured correctly they can reach close to true real-time. Host-based IDS systems consist of software agents installed on individual computers within the system. HIDS analyze the traffic to and from the systems on which they’re installed. HIDS systems often provide features you can’t get with network-based IDS.

4. HIPS (Host IPS) (similar to Antivirus on a consumer PC):

HIPS are installed software packages that analyze events occurring within a host, to monitor for suspicious practices. By monitoring code behavior, HIPS can stop malware from running without requiring that a specific threat already has been added through a detection update.

HIPS are closely related to firewalls: HIPS systems block attempts by a hacker or malware, and encourage the user to react.
Advantages of the HIPS network protection:

  • Monitors other programs.
  • Changes important registry keys for certain events.
  • Stops active malware.
  • Relatively simple: it has a basic set of rules to be followed.
  • Starts before other programs, immediately after device or driver installation.
  • Injects malicious code into a trusted program as it pre-processes the memory access.
  • Very useful for adapting or creating new rules.

Note: It is important that the admin understands the consequences of using HIPS, as it could disable certain system tasks.

Conclusion

Your network still needs to be protected – and never more so than in the cloud. Network protection devices need the ability to provide extra control with analytics and insight into which users are accessing what content and applications.

Avatar

Written by

Sudhi Seshachala

Sudhi is part of Cloud Technology Partners & is a trusted advisor and strategic consultant to many C level executives and IT Directors. He brings 18+ years diverse experience covering software, IT operations, cloud technologies, and management. Have led several global teams in HP, Sun/Oracle, SeeBeyond and few startups to deliver scalable and highly available business/technology products and solutions. He has expertise in systems management, monitoring and integrated SaaS and on-premise applications addressing a wide range of business problems.


Related Posts

Chester Avey
Chester Avey
— November 7, 2019

Cloud Computing Solutions: 7 Trends for the Future

The world of cloud computing is in a state of flux. Not long ago, the cloud was considered an emerging technology, known only to IT specialists. Today it is a part of everyday life – 96% of businesses use the cloud in one form or another, and this number only looks set to grow. Whether ...

Read more
  • Cloud Computing
  • internet of everything
  • multi-cloud
  • Security
  • SEO
Avatar
Stuart Scott
— September 27, 2019

AWS Security Groups: Instance Level Security

Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...

Read more
  • AWS
  • instance security
  • Security
  • security groups
Chester Avey
Chester Avey
— September 10, 2019

7 Key Cybersecurity Threats to Cloud Computing

When businesses consider cloud computing, one of the major advantages often cited is the fact that it can make your business more secure. In fact, in recent years many businesses have chosen to migrate to the cloud specifically for its security benefits. So, it might surprise you to lea...

Read more
  • Cybersecurity
  • Security
Avatar
Adam Hawkins
— August 9, 2019

DevSecOps: How to Secure DevOps Environments

Security has been a friction point when discussing DevOps. This stems from the assumption that DevOps teams move too fast to handle security concerns. This makes sense if Information Security (InfoSec) is separate from the DevOps value stream, or if development velocity exceeds the band...

Read more
  • AWS
  • cloud security
  • DevOps
  • DevSecOps
  • Security
Avatar
Paola Di Pietro
— July 19, 2019

Top 10 Things Cybersecurity Professionals Need to Know

There has been an increase in data breaches over the recent years. With almost 143 million Americans who have had their data compromised in data breaches. These breaches include all sorts of sensitive data, including financial information, election controversies, social security, just t...

Read more
  • Azure
  • cyber security
  • Security
Avatar
Stuart Scott
— July 18, 2019

AWS Fundamentals: Understanding Compute, Storage, Database, Networking & Security

If you are just starting out on your journey toward mastering AWS cloud computing, then your first stop should be to understand the AWS fundamentals. This will enable you to get a solid foundation to then expand your knowledge across the entire AWS service catalog.   It can be both d...

Read more
  • AWS
  • Compute
  • Database
  • fundamentals
  • networking
  • Security
  • Storage
Avatar
Adam Hawkins
— April 16, 2019

The Convergence of DevOps

IT has changed over the past 10 years with the adoption of cloud computing, continuous delivery, and significantly better telemetry tools. These technologies have spawned an entirely new container ecosystem, demonstrated the importance of strong security practices, and have been a catal...

Read more
  • DevOps
  • Security
Avatar
Adam Hawkins
— March 21, 2019

How DevOps Increases System Security

The perception of DevOps and its role in the IT industry has changed over the last five years due to research, adoption, and experimentation. Accelerate: The Science of Lean Software and DevOps by Gene Kim, Jez Humble, and Nicole Forsgren makes data-backed predictions about how DevOps p...

Read more
  • DevOps
  • Security
Avatar
Stuart Scott
— November 29, 2018

New Security & Compliance Service: AWS Security Hub

This morning’s Andy Jassy keynote was followed by the announcement of over 20 new services across a spectrum of AWS categories, including those in Security and Compliance, Database, Machine Learning, and Storage.   One service that jumped out to me was the AWS Security Hub, currently...

Read more
  • AWS
  • re:Invent 2018
  • Security
Alex Brower
Alex Brower
— October 17, 2018

Interview: Q&A with John Visneski

Security is a top priority for organizations of all types, with research firm IDC projecting 10% spending growth to $91 billion dollars in 2018. For leadership, security is important considering the cost, regulation, and reputation at stake when breaches occur. According to a joint ...

Read more
  • Security
John Visneski
John Visneski
— October 2, 2018

Building Security Teams in a Competitive Talent Market: These Are The Droids You’re Looking for

John Visneski is the Head of Security and DPO at The Pokemon Company International. If you missed the webinar we organized in collaboration with John Visneski you can still watch it on demand, simply click here.  The reasoning behind the popularity of this perspective is clear, if no...

Read more
  • Security
Albert Qian
Albert Qian
— September 25, 2018

Microsoft Ignites Cloud Industry With Nadella Keynote

On Monday, Microsoft kicked off its Ignite conference, an annual gathering of developers and IT professionals. Over the next week, attendees will learn about upcoming Microsoft innovations in IoT, artificial intelligence, machine learning, and cloud (all while getting some good networki...

Read more
  • Events
  • IoT
  • Machine Learning
  • Security