From ancient ruins to modern strongholds: Why network security must move beyond the firewall

In today’s world of dynamic corporate networks and ever-developing security threats, traditional network security can be imagined as an ancient castle. In this modern connected world, those ancient structures are crumbling.

Businesses used to be able to protect themselves against threats by having one, strong firewall around the perimeter of their network, i.e. the outer wall, which stopped the majority of attacks and kept critical data safely contained within.

But, when Bring Your Own Device (BYOD) – allowing employees to use the same devices for personal and professional use – started to be introduced, things quickly began to change. It opened businesses up to a raft of new threats and made the task of securing corporate networks increasingly complex.

This impact of BYOD, combined with the growth in the number of cyber threats, has meant that the requirements for network security have had to adapt. As such, businesses today need much more than ancient castle walls to hold attackers at bay. They need a modern stronghold.

Breaking through the outer wall

In the years since it first started to become mainstream and accepted as a means of making employees both happier and more productive, BYOD has had a significant impact on network security.

With the world continuing to go mobile, employees are now connecting directly to corporate networks through a wide range of devices – primarily laptops, smartphones and tablets – after using them on potentially insecure public networks. Not only that, the ‘hot desk’ trend means many employees are constantly moving around within their organisations and using these devices on different networks every day.

The issue is that insecure devices leave security gaps that can be exploited by attackers. By targeting these devices as entry points into businesses, increasingly sophisticated cybercriminals can bypass the firewall (i.e. the castle’s outer defences) entirely and land wherever they want within the corporate network, often without the organisation even knowing about it. Employees have basically become ‘insider threats’ that traditional and largely static firewalls are simply not geared towards defending against. This makes the issue very hard to mitigate, especially for enterprises and large businesses with hundreds or thousands of employees.

The crux of the matter is that relying on firewalls is no longer sufficient. Businesses today need to change their approach to network security and modernise their defences, which is where Software-Defined Security Networks (SDSN) come into play.

The barricades of the future: Intelligent, automated, secure

Clearly, it’s time for businesses to start thinking about network security in a new way if they want to remain secure. Whereas cyber defences used to be about building the thickest and strongest wall possible, the emphasis should now be on intelligence and being able to quickly respond to new threats as they appear.

Rather than having one big wall around the perimeter, businesses need to introduce a series of dynamic inner walls to split up the network and ensure that cybercriminals don’t have free reign to move around as they please.

This is exactly what the Juniper Networks SDSN does. Any device that can go wireless – no matter whether it is a PC, laptop, smartphone or tablet – will go through a firewall at some point when it connects to the network. As soon as this happens, SDSN recognises the device’s specific identification and scans it for anything malicious through the Juniper Sky Advanced Threat Prevention (SkyATP) cloud platform.

If the device is found to be infected, it is immediately either blocked or quarantined depending on the company policy. This ensures that any potential attacks are stopped within seconds, with much less effort for security teams.

By relying on the device’s identification rather than just seeing an IP address, the infected device can also be tracked wherever it goes and blocked from accessing other parts of the network until it has been cleaned, without disrupting any other employees.

Furthermore, Juniper Networks SDSN customers don’t have to just rely on their own threat data. The information collected from every device, download and attachment scan is fed into SkyATP and distributed out across the entire user base. This means subscribers get to benefit from the analysis carried out on all other subscriber networks, so emerging threats can be blocked everywhere as soon as they have been detected once.

Not only does this offer greater visibility into network activity, it also drastically improves threat detection speeds and removes the need for hiring large security teams, all of which can help businesses to move beyond the firewall and defend against the BYOD threat.

Standing strong

Along with the numerous benefits it offers to businesses, BYOD has lowered the drawbridge to corporate threats.

But, businesses now have an answer to addressing these security concerns. By building dynamic and automated security directly into the network with SDSN, they can keep themselves protected from attacks without causing disruption or restricting their employees.

Ultimately, SDSN allows companies to be more confident about their BYOD security policy. They can be sure that any device that connects to the network will be protected, without having to spend a fortune on new equipment or personnel.

That way, outdated castle ruins can be fortified and from these foundations a modern, intelligent stronghold can be built to keep attackers at bay and protect companies’ crown jewels.

 

Read our other blogs on SDSN:
https://axiansbloguk.com/2017/08/22/juniper-networks-software-defined-secure-networks-sdsn-platform-extends-to-multi-vendor-environments-and-casb-threat-intelligence/

https://axiansbloguk.com/2016/12/05/software-defined-secure-networks-an-interview-with-ken-okelly-consulting-engineer-juniper-networks/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.