What should your network security strategy be for 2022? What’s still recommended? Is anything new? You can no longer sit back and presume that your network won’t be attacked. Anyone is a target these days, from large organizations with deep pockets to small school systems. Anyone and everyone is a potential victim. The attackers are using sophisticated methods that require that you employ equally sophisticated deterrents. The best defense is to enforce foundational practices and add three new technologies that work together to provide comprehensive coverage against network invaders. The foundational practices are needed to prevent the most common causes of network compromise. The new technologies apply more recently developed security practices that adapt your organization to modern IT system architecture and operations.
Foundational Practices
I covered six fundamental security practices in two articles in 2019:
To recap, the six tips were:
- Use multi-factor authentication (MFA). Security practitioners recommend three factors. Something you know, like a password, something you have, like a cell phone with a security authentication app, and something you are, like your fingerprint or facial recognition.
- Configure your IT systems to use role-based access. Each functional role is provided with only the level of access privileges that are sufficient to perform that role.
- Implement white-list application data flow filtering mechanisms. This implementation reduces the opportunities for lateral spread when an intruder can break in. Firewall and application security rules should only allow network connections from pre-determined endpoints. There’s likely no reason for a software development staff person to access financial records, just like the financial worker has no reason to perform any work on a software development server.
- Segment the network into self-contained compartments or islands closely associated with the white-list mechanism above. This limits the extent of a security breach, frequently called the blast radius.
- Patch all vulnerable operating systems and applications within weeks of the release of updates. Most intrusions are due to unpatched systems. In most cases, patches have been available for months before a break-in and could have easily been prevented.
- Create and test system backups and keep them in a repository where they can’t be deleted or encrypted by ransomware. Backups are your ticket back to a functional system if an attack is successful. You’ll need to perform thorough testing to ensure the backups are usable and measure how long a recovery effort might take.
Another 2019 article,
IT Security Refresh: The Cyber Defense Matrix, described using the Cyber Defense Matrix (CDM) to analyze your security system coverage. You can use that framework to inform your security implementation to eliminate duplication and identify deficiencies.
It’s highly likely that your organization is already using many of these practices to some extent. You should periodically review your security systems against the CDM to identify improvements that can help you counter the bad actors.
The above six practices and use of the CDM are still relevant today and into 2022. Many organizations are missing one or more of the above practices, leaving themselves open to exploitation for various reasons, typically due to staff time or budget limitations. Therefore, the first thing you can do to prepare for 2022 is verify that you have fully implemented the foundational practices.
Moving Forward into 2022
There are three new directions for network security to take us into 2022:
- Automation, which can assure consistent and rapid coverage of all IT systems
- A zero-trust architecture implementation
- Secure, reliable wide-area communications through secure-access service edge (SASE).
Automation
Automation is an enabler of technology for network security. You must use automation to thwart attackers who use their own automated tools to find vulnerabilities in your network. Only through automation can you consistently and rapidly adjust to threat changes. When a new operating system patch is available or a configuration update must be propagated to hundreds of devices, the automation system makes it possible to quickly apply the necessary changes.
Zero Trust Architecture
The second new practice is to begin the path to implementing
zero trust architecture (ZTA), also known as zero-trust network access (ZTNA). (See also a Gartner article “
Zero Trust Architecture and Solutions.”) Zero trust is a security model in which no implicit trust is granted to endpoints or users. Authentication and authorization are individual functions to be performed when accessing any enterprise resource. This contrasts with the older mechanism that was more like a castle and moat arrangement—authentication happened at the entrance, but after someone gained entry, everything inside was wide open.
ZTA has been around for years, but it has more recently gained industry interest as more workers are adopting a work-from-anywhere lifestyle. The historic perimeter firewall isn’t applicable in this environment. Instead, ZTA assumes that network threats exist both externally and internally, requiring security to be pervasive throughout the organization’s IT systems. A common identity validation system is implemented across the infrastructure. Endpoints and users authenticate to the central identity repository on initial access. The network resources query the identity repository on subsequent accesses to verify continued authentication and authorization for access to that resource.
Network security vendors have embraced ZTA, and we’re seeing products specifically designed to aid in implementing zero trust. Selecting an authentication and authorization platform and implementing the required interfaces between the platform and your organization's IT systems will take some time. The good news is that you don’t have to do everything at once. You can choose an identity platform and implement the integrations with each IT system as you have the time and resources.
Secure Access Service Edge (SASE)
More endpoints and users are now working and connecting from anywhere into their organization’s IT infrastructure. That infrastructure can be within a corporate data center, cloud system, or software as a service (SaaS) product. Secure access service edge (
SASE) provides the secure connectivity required to allow remote systems and users to access that infrastructure safely. It is complementary to ZTA, so no concerns there.
The SASE concept was first described in a Gartner report,
“The Future of Network Security Is in the Cloud.” It melds security with the flexibility of network connectivity offered by SD-WAN. The idea is to extend network security to the network edge, even with a work-from-anywhere workforce. Workers connect to cloud-based security systems over an internet VPN tunnel. The cloud security systems implement secure web gateway (SWG), next-generation firewall services (NG-FWaaS), cloud access security brokers (CASB), ZTNA with SD-WAN. The result is a comprehensive security implementation that protects against remote access vulnerabilities.
Putting It Together
Securing today’s networks requires full coverage, starting with the six foundation practices. Then apply automation to get complete and rapid coverage, plus zero-trust to secure your network-based resources, plus secure access at the edge are all required to secure today’s networks.
A good solution will depend on the right mixture of people, processes, and tools (technology). The amount of effort and expense depends greatly on your current state of security. You need capable, well-trained staff, using the appropriate tools, following well-developed processes. Your organization’s size will influence how you proceed. Large organizations are typically self-sufficient, while medium and small organizations would benefit from working with a managed security services provider (MSSP) to identify what needs to be done, specify products, and implement the required processes.
SASE products are starting to emerge to provide the required level of edge security, particularly for the work-from-anywhere workforce. These products already include automation and zero-trust, making them easy additions on top of your security foundation.
Yes, it can be a lot of work, but handling a ransomware or data loss attack will be even more work. That’s because you’ll need to recover and implement the above steps. It’s no longer a question of whether you need to secure your network. The risk analysis shows that it is imperative to take proactive steps to avoid becoming a victim.