Subscription Plans

Free limited access

Free
/ forever
  • Article Access
  • Discord Channel Access
  • Guides, Tips & Tricks
  • Newsletter Access
  • Member Discord Channels
  • Exclusive Content

Member full access

$
100
$
10
$
0
/ year
  • Member Discord Channels
  • Exclusive Content
  • Article Access
  • Discord Channel Access
  • Guides, Tips & Tricks
  • Newsletter Access
Yearly pricing
Monthly pricing

The Basics of Network Protection for Today’s Threat Environment

Date:

Share post:

It’s hard to secure your network against all threats. Even when following every best practice, there are still going to be zero-day exploits and undiscovered tactics that you need a plan in place for. However, here is some baseline requirements which can help get started with implementing better security policies:

1. Use strong passwords and never reuse them

2. Educate your employees about phishing scams

3. Keep your software up to date

4. Use a firewall

5. Limit access to sensitive data

6. Backup your data regularly

7. Use encryption for all confidential information

8. Monitor your network for suspicious activity

Note: These tips are still just a starting point. You’ll need to dig deeper for the best protection.

Insights into Observability

Where is the majority of your inbound traffic coming from today? Where is the majority of your outbound traffic going? Have these traffic patterns changed recently? Incoming and outgoing network traffic should be observed and tracked. Understanding what’s normal or odd in terms of shape, tempo, and structure is crucial to recognizing anomalies or normalcy.

Like to use the example of an empty classroom. If all the desks are in their rightful place and there’s no one in the room, that would be considered “normal.” However, if you walk into the room and all the desks have been overturned and papers are strewn everywhere, that would be considered “abnormal.” In this analogy, network traffic would be the desk, while packets would be the papers.

In order to get Observability insights into your network traffic, you need to implement a tool or system that can give you visibility into all aspects of your network. This includes things like firewalls, routers, switches, applications, and even user activity. Once you have this data, you can start to look for patterns and would recommend using a tool like Squillo, which can give you visibility into all aspects of your network traffic.

This is just a starting point, but by understanding your network traffic patterns, you can start to get a better handle on what’s normal and what’s suspicious. From there, you can take steps to implement the appropriate security measures to protect your data and your business.

Ingress (entry) and Egress (exit)

Switches, routers, and firewalls can all handle bidirectional traffic. The management of what you expect inbound as well as outbound is critical. Consider utilizing a proxy or an egress filter to manage the flow. A Proxy server is an intermediary between your internal network and the internet. It can cache content from websites you visit often to speed up loading times, as well as block unwanted content such as ads or malware.

An egress filter is a type of firewall that controls outgoing traffic from your network. It can be used to block certain types of traffic, such as unencrypted data or traffic going to known malicious IP addresses.

Configuring your devices to use a proxy or an egress filter can help protect your network from external threats.

Application Inventory.

Many next-level security controls, such as application whitelisting, require an app inventory. You need to be certain what’s functional on your network. There are a slew of tools to keep track of network applications, and they’ll all be determined by the type of architecture you have in place. InTune or SCCM would be ideal for environments with big Microsoft deployments. If your organization is heavy on Linux, you might want to consider Satellite for Red Hat or Landscape for Ubuntu. These applications will help you figure out what’s going on in your environment and set you up to understand the type of network traffic that’s coming. They’re also a great place to start when it comes to developing a disaster recovery strategy.

User Behavior Analytics (UBA)

In order to detect malicious or suspicious activity, you need to understand what “normal” looks like. This is where User Behavior Analytics (UBA) comes in. UBA uses machine learning and artificial intelligence to build a model of what normal user behavior looks like. Once this model is built, UBA can then flag anything that falls outside of the norm as potentially suspicious.

There are a number of different UBA tools on the market, such as Splunk Enterprise Security and IBM QRadar. Implementing a UBA solution can help you detect threats that might otherwise go unnoticed.

Staying up to date aka Patching

Patching is one of the most difficult issues that IT organizations struggle with. There are an infinite number of patches to apply at every level of the infrastructure stack. Don’t cut corners or neglect other needs in order to speed up the process. Regularly, OS tools are and will continue to be targeted. To avoid having known components of your OS and applications become an issue, keep up with patching.

Geo-blocking refers to restrictions on internet access based on location.

Geo-blocking IP addresses is not a definitive shield against amateur hackers, but it may help you block more casual assaults. A malicious assault is just as likely to come from within your country as it is from without. When combined with other defenses discussed below, geo-blocking can be quite beneficial – especially for blocking traffic that you know isn’t relevant to your company.

IDS/IPS Settings

The IDS/IPS: It’s simple to acquire and turn on, yet it requires a significant amount of effort to configure and maintain. Make sure you have someone on staff (either full-time or a trusted advisor) who understands what they’re seeing from the IDS/IPS system and can interpret its potential impact on your systems and company. Application environments/servers that are not supposed to be running applications such as HTTP, FTP, and other protocols are frequent.

Backups & Recovery Plans

In addition, you should have a well-defined backup and recovery strategy in place, including air-gapped backups, immutable data environments, and 24x7x365 support that is ready, willing, and able to failover or restore production environments if something goes wrong.

It’s crucial to remember that this is not a comprehensive list of procedures or activities. It would be in your advantage to use a framework to guide you. There are several different ones available; however, depending on your sector, there may be one specifically designed for you.

If you’re unsure where to start, please join our community. We’d be delighted to have a talk with you that leads you down the correct road.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

Related articles

Terminology for Cloud Services: A Glossary of Opposing Terms

The many terminologies in use when comparing cloud services is one of the most difficult problems to overcome...

The History of Incident Management: an Overview

Have you ever pondered the history of incident management? If you work in SRE, you might be so preoccupied...

AWS vs Azure vs GCP Cloud Services Comparison

This cloud services comparison was created to show the distinctions and similarities between three of the top cloud...

DataOps vs. DevOps: Which One Is Right for Your Business?

To determine which approach is right for your business, you may want to consider factors such as your...