Where is Network Security headed in 2020?
Forbes’ recent cybersecurity predictions for 2020 cited an old quote from Cato Network’s co-founder Shlomo Kramer. Back in 2005, Kramer compared cybersecurity to Alice in Wonderland: you run as fast as you can just to stay in place. Almost 15 years later, the comparison applies perfectly to the state of network security. Despite the diligent effort of infosec professionals, new threats are emerging every day and news of breaches has become commonplace.
So, after all the running we’ve done in the 2010s, where is network security headed in 2020? What WAN security solutions do enterprises need to protect their networks as we kick off the decade? Here, we’ll answer those questions, explain how Zero Trust Network Access (ZTNA) helps enterprises strengthen their security posture for more than just mobile users, and explore the benefits of managed threat detection and response (MDR).
The Zero-Trust Approach
Network security refers to the technology, policies, procedures, and strategies used to protect the data and assets within a network. In the late 1990s and early 2000s, the ”castle-and-moat” approach to cybersecurity was common. The premise is intuitive enough: if you secure the perimeter strongly enough, the entire network is secure.
However, the dynamic nature of cloud computing, the security challenges posed by mobile users, and IoT (Internet of Things) have blurred the lines that define network perimeters and created new attack surfaces. Today, enterprises must be prepared to address a wide variety of attacks including social engineering attacks, Internet-borne malware, and ransomware across all the different attack vectors that exist within modern networks.
As a result, many infosec experts now advocate for a zero-trust approach to network security. The idea behind zero trust is simple: don’t trust anything by default and only allow the minimum required access to network resources. Of course, implementing the zero-trust requires full network visibility and the ability to enforce granular policies across the WAN. Doing so effectively requires a network security system with the right tools and an agile Software Defined Perimeter (SDP).
Network and Security Solutions to Address Modern Threats
The tools required to secure a WAN can be implemented as hardware or software appliances or using a cloud-based security as a service model. With security as a service, enterprises can minimize the complexity of managing multiple appliances at scale as well as reduce capex. Further, with the cloud-native WAN infrastructure that supports the Cato Cloud, enterprises get security solutions baked-in to the underlying network.
Network security tools that are part of Cato’s network infrastructure include:
NGFW allows granular rules to be implemented that can control access based on network entities, traffic type, and time. Additionally, a Deep Packet Inspection (DPI) engine enables contextualization of traffic. NGFW also supports the creation of custom application definitions to enable identification of specific apps based on TCP/UDP port, IP address, or domain.
Secure Web Gateway
SWG helps mitigate social engineering attacks like phishing and protects against Internet-borne malware. SWG focuses on layer 7 traffic exclusively and inspects inbound and outbound flows. URL filtering prevents users from accessing restricted sites while connected to the WAN, which adds an additional layer of protection in the event a user is tricked into clicking a malicious link.
The Cato Cloud uses signature and heuristic-based inspection engines to detect malware and protect against known threats. Further, Cato’s partnership with endpoint protection solutions provider SentinelOne brought industry-leading AI-based anti-malware technology to the Cato Cloud. What is unique about the SentinelOne solution is its ability to identify threats without a signature, making it highly effective against zero-day malware.
Intrusion Prevention System
IPS is a fully-managed cloud based solution supported by Cato’s Security Operations Center (SOC). The IPS protection engine is contextually aware and fine-tuned to avoid false positives and deliver protection without sacrificing performance. Cato’s IPS uses metadata from network traffic flows and third-party data feeds in conjunction with machine learning algorithms to detect suspicious network activity. As a result, it can block malicious IP addresses based on reputation, validate packet protocol conformance, protect against known vulnerabilities, adapt to new vulnerabilities, prevent outbound traffic to command and control servers, and detect bot activity.
The importance of ZTNA
In order to effectively implement zero-trust policies, enterprises need to be able to restrict network access at a granular level. ZTNA allows enterprises to do just that. However, there are multiple approaches to Zero Trust Network Access. ZTNA point solutions often require specialized cloud gateways or additional software and services. Additionally, they generally require mobile users to connect to resources across the public Internet, which can significantly impact performance. Cato’s ZTNA addresses these issues because it’s integrated into the underlying network. No additional software or hardware is required, and mobile traffic is optimized across Cato’s global private backbone.
How MDR Compliments a Network Security System
Even with a robust network security system in place, some enterprises prefer to offload the skill-dependent and resource-intensive process of detecting compromised nodes to a trusted provider. With Cato’s Managed Detection and Response services, enterprises benefit from the expertise of the Cato SOC when detecting and responding to breaches. With Cato MDR, enterprises gain expert threat verification, remediation assistance, and quarterly reporting and tracking in addition to automated threat hunting and containment features. This allows enterprises to free up resources to focus on core business activities instead of complex infosec tasks.
Network security for digital businesses requires a holistic approach
There is no silver bullet when it comes to network security. To build and maintain a strong security posture, enterprises need to take a converged approach to networking and security. This means being proactive, implementing zero-trust across the network, and leveraging modern security solutions like NGFW, IPS, and SWG.