Visibility & Control: The keys to the kingdom of information security and network function integrity
Ask any security practitioner how to start designing network infrastructure for security and they will tell you that the guiding principle to ensuring information security is based on the concept of the CIA Triad.
What are the three elements of the CIA Triad?
These elements of the triad are considered the three most crucial components of security. Let us explore how network-based visibility and control can complement an organization’s security setup and reduce its information security attack surfaces.
Measures taken to ensure information confidentiality should be designed to prevent sensitive information from reaching the wrong people while making sure that the right people will be on the receiving end. Access must be restricted to those authorized to view the data in question.
In the context of network security, it is not enough to simply introduce policies that deny users access to specific information deemed worthy of protection. There also needs to be a suitable process to verify that the information is indeed off-limits to those who do not have access rights. In other words, can you prove on the network plane that unauthorized users do not have access to servers, services, and data repositories that are off-limits to them?
This is exactly where user, network, and business analytics come into play.
Installed transparently in-line, these systems keep track of all network communication transmissions, recognizing thousands of commonly used applications. This results in highly granular and concise data being collected that detail exactly who is using what application to access which target computing device, and at what time.
This provides an invaluable source of information for the security operations center to verify that organizational security policies are indeed being executed properly. The information collected, for example, by the Allot DART engine can be exported to SIEM systems to enrich and complement security operations and monitoring.
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over their entire life cycle. Data must not be changed in transit and steps must be taken to ensure that data cannot be altered by unauthorized people (i.e., in a breach of confidentiality). These measures include file permissions and user access controls.
In this case, the ability to CONTROL the traffic flows from specific IP addresses, users, and user groups.
The applications and protocols they may use also create an additional layer of access control. This effectively manages access at the network layer for users who are not granted permission to access specific servers, applications, or data repositories. It is important to recognize that the functionality provided here is in addition to what is typically provided by traditional firewalls.
The Allot in-line solution covers a primary gap, which is present in most firewalls – as most firewalls are designed around the prevention of external infiltration but exhibit a lack of user/group awareness.
The availability of business-critical services, applications, and data repositories is the third aspect of ensuring information security from the network perspective. In fact, this is probably the most visibly important aspect and it is often mistakenly classified as purely a security operation. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are networking functions that are critically important to ensure availability. The ability to provide service delivery assurances and guarantees is critical to ensuring the availability of information services. This becomes even more critical in the face of potential security breaches and similar events.
An obvious example is DDoS mitigation. With the growth in BYOD and unsanctioned IoT devices in corporate networks, the capability to inspect external traffic as well as internally sourced traffic for anomalous behavior is key. This leads to the second aspect of availability. In addition to identifying traffic anomalies created by denial of service attacks, DPI-based anomaly detection is also applied per host. This can identify a compromised server or vending machine that is, for example, flooding the network with DNS packets. Additionally, servers compromised for the purpose of crypto-mining not only decrease availability, but can be just one symptom of a considerably larger security breach.
The need for visibility & control in network security
In summary, visibility and control are not just about network optimization. They are key factors in recognizing and blocking apps and protocols that increase the attack surface and use deception to bypass security controls. Network analytics provide visibility and value that enhance an organization’s security posture and ensure adherence and enforceability of security policies. Most importantly, network control ensures the availability of business-critical resources to legitimate users, truly delivering the keys to the kingdom of information security and network function integrity.