Advanced Network Security TechnologiesMay 20, 2020
Since the release of Gartner’s Market Guide for Zero Trust Network Access (ZTNA) last April, ZTNA has been one of the biggest buzzwords in network security, and for good reason. A policy of zero trust helps enterprises limit exposure to the myriad of threats facing the modern network. However, ZTNA alone isn’t enough to maintain a strong security posture. Enterprises also need intelligent, flexible, and robust security technologies capable of enforcing the granular security policies ZTNA demands and proactively detecting and preventing threats to the network.
This means enterprises need to do away with the “castle and moat” approach to security and adopt modern security solutions. But what does that look like in practice? Let’s find out.
Castle and moat alone doesn’t cut it anymore
In the early 2000s, most mission critical data within a WAN flowed between corporate data centers and offices. Mobile users and cloud computing weren’t the norm like they are today. This made the “castle and moat” approach to security viable. The idea behind the castle and moat approach is straightforward: if you fortify the network perimeter well enough, using security policies, firewalls, proxies and the like, your internal network will remain safe. As a result, security practices within a network didn’t necessarily have to be as strict.
However, not only have modern threats poked holes in this approach, cloud and mobile have shifted the paradigm. Network perimeters are no longer clearly defined and static. They also extend beyond the walls of corporate offices and datacenters out to cloud datacenters and anywhere an employee has a smart device with Internet access. This change not only drove a shift away from MPLS (Multiprotocol Label Switching), it changed how security is implemented within enterprise networks.
To account for the new dynamic nature of modern networks, enterprises are adopting Zero Trust Network Access (ZTNA) approaches to security sometimes referred to as Software Defined Perimeter (SDP). The idea behind ZTNA is simple: by default, trust no one (internal or external) and grant only the minimum required access for business functions. Cato Cloud’s approach to ZTNA makes it easy to implement at a global scale because policies are implemented using the cloud-native technologies baked into the underlying network.
Network security technologies for the modern digital business
Of course, there is more to securing a network than just ZTNA. Modern security technologies are required to detect, prevent, and mitigate threats and breaches across a network. Specific network security technologies that help meet these requirements include:
Next-generation Firewall (NGFW)
NGFWs are application-aware firewalls that enable in-depth packet inspection of inbound and outbound network traffic to ensure enforcement of security policies. NGFWs can drill down beyond IP addresses, TCP/UDP ports, and network protocols to enforce policies based on packet content.
Secure Web Gateway (SWG)
Web-borne malware is one of the biggest threats facing enterprise networks today. SWGs focus on inbound and outbound Layer 7 packet inspection to protect against phishing attacks and malware from the Internet.
Anti-malware engines use both signature and heuristic-based techniques to identify and block malware within a network. Intelligent anti-malware engines are an important safeguard against zero-day threats or modifications of malware designed to avoid detection based on signature alone.
Intrusion Prevention System (IPS)
IPS protection engines help to detect and prevent threats to the network perimeter. The Cato Cloud IPS Protection Engine is a fully-managed, context-aware, and machine learning enabled solution.
The cloud-native advantage
While each of these network security technologies alone can enhance a network’s security posture, integrating them to the underlying network fabric, as is the case with Cato Cloud, goes a step further. When security technology is a part of the network fabric, you can avoid blind spots and endpoints that go unprotected. For example, while providing enterprise-grade security and SWG functionality for mobile users can be difficult or impossible with other solutions, every user (including mobile) connected to the WAN is protected with Cato Cloud.
Additionally, you can eliminate many of the headaches of appliance-sprawl. Scaling, upgrades, and maintenance are simple because the cloud model abstracts away the complexities and simply provides enterprises with the solutions.
The benefits of managed threat detection and response
Of course, even with modern network security technologies in place, detecting, containing, and remediating breaches (which can still happen despite your best efforts), requires a certain amount of skill and expertise. This is where managed threat detection and response (MDR) can make a real difference for enterprises. For example, by using Cato’s MDR enterprises can benefit from:
Automated threat hunting
Intelligent algorithms search for network anomalies based on billions of datapoints in Cato’s data warehouse.
Reduced false positives
Potential threats are reviewed by security researchers that only alert based on actual security threats.
Faster containment of threats
Once a live threat is verified, automatic containment actions such as disconnecting affected endpoints and blocking malicious domains or IP addresses.
Rapid guided remediation
If a breach is identified, Cato’s Security Operations Center (SOC) provides advice detailing risk level recommended ways to remediate the situation. Further, the SOC will continue to follow up until the threat has been completely removed from the network.
All this comes together to provide enterprises with a solution that can reduce dwell time and strain on IT resources.
Just how effective is Cato MDR? Consider the Andrew Thompson’s, Director of IT Systems and Services at the fast-growing BioIVT, experience with Cato MDR: “Cato MDR has already discovered several pieces of malware missed by our antivirus system,” says Thomson, “We removed them more quickly because of Cato. Now I need to know why the antivirus system missed them.”
Modern networks require modern network security technologies
There’s no magic bullet when it comes to network security. Hackers will continue to come up with new ways to breach networks, and enterprises must remain diligent to avoid falling victim to an attack. By adopting security technologies that are converged and purpose-built for the modern digital business, you can help strengthen your enterprise’s security posture and lower your risk.