Cybersecurity is a constant exercise in vigilance for organizations of any size, in any sector, and using any cloud. Enterprises are under constant threat of damage caused by unauthorized access to their networks and infrastructure. Today’s sophisticated attacks continue to evolve and can run within complex, multi-cloud infrastructures and maximize their attack surfaces.
In the past, north-south traffic secured with traditional firewalls was considered adequately protected. But, in recent years, modern applications architecture demands more diligent protection of east-west traffic in addition to perimeter protection. Protecting lateral movement by threat actors is imperative to secure networks if an attacker breaches the perimeter defense.
How to improve your network security
The following 10 tips will help you improve network security for modern demands such as applications with multiple workloads and workloads running in virtual machines, servers, or containers across multiple clouds:
1. Evaluate and pick the right network security software-based solution.
Legacy physical appliance insertion is complex. It increases CAPEX and OPEX, and managing network security changes is challenging. Network security software-based solution vendors should efficiently secure the network and servers, protect critical data, enforce confidentiality, enforce integrity, scale for availability, and mitigate breach risk.
2. Protect your data center securely using a software-based solution with hybrid infrastructure support.
Protecting and securing your business across multiple clouds is crucial. Your solution must work within data centers, public and private clouds, and at the edge. It should also enable automated changes where applicable to simplify life cycle management and governance.
3. Incorporate software-based distributed internal firewalls to protect applications and workloads.
Develop an internal firewall strategy to protect east-west traffic and prevent attacker lateral movement. Your strategy should consider network complexity, scalability, data throughput, visibility, performance, and security policies management. Typical legacy firewalls used for north-south traffic protection—while helpful—don’t provide the flexibility and features of software-defined internal firewalls.
4. Implement network segmentation and micro-segmentation to create security zones within your organization.
Start implementing isolation and provide segmentation to traffic and workloads to reduce lateral spread and movement of advanced attacks in the data center. Consider secure applications traffic within specific infrastructure between applications and external networks and define rules to secure traffic within applications. Inspect every packet to stop lateral movement of attacks.
5. Add software-based intrusion detection and prevention (IDS/IPS).
Leverage threat detection tools with IDS/IPS to inspect all traffic flows between segments for anomalies and to scan traffic using predefined signatures to identify threats. Your solution should include the automatic activation and deactivation of security policies across critical workloads to allow security teams to replace expensive hardware legacy firewalls.
6. Automate policy discovery, traffic flow visualization, and network monitoring.
The right solution must be able to provide detailed visualization of firewall rules, security policies, and east-west visibility to enable complete traffic monitoring. It should also allow for the automation of security policies and best practices. Customize your network topology view and dashboards to monitor security policies and permitted or denied traffic to help your Security Operations Center (SOC) team manage rules and notice security anomalies within the network quickly.
7. Include software-based advanced threat prevention (ATP) with specific capabilities.
ATP should include:
- Advanced threat analysis for deep visibility to identify and detect malware in your network and advanced malware analysis of artifacts traversing your data center.
- Network traffic analysis / Network detection and response (NTA/NDR) to identify unwanted network behaviors and anomalies and monitor east-west traffic and traffic flow records.
- Sandboxing to emulate operating systems (OS) to probe for suspicious files and verify whether objects are benign or harmful without affecting the rest of an organization’s infrastructure.
- Threat intelligence feed to maintain the efficiency of ATP that is always updated with the latest signature packages, detailed malware and associated objects information, and dangerous websites. Your cloud service vendor can provide IP and network domains of threat intelligence feed servers.
- Correlation that is automated for threats and anomalies from different sources and provides security analysis and a high-level blueprint of network intrusions.
- Align any analysis to the MITRE Attack framework to greatly reduce the time required for a SOC team to perform those same correlation and validation tasks.
8. Align network and security team business goals.
IT initiatives and project alignment allow organizations to develop solid network security. Collaboration on network and security architecture design, deployment, and integration with other company tools will result in a more cohesive security approach and reduced costs for CAPEX and OPEX.
9. Improve the Security Operations Center (SOC).
To utilize the full power of your software-defined networking and security solution, consider optimizing your SOC roles, workflows, technologies, and operating model. This will lead to faster and better business decision-making, reduced problem-solving time, and more efficient processes. An optimized SOC team should include staff experienced in architecture, engineering, and operations.
10. Engage professional services for more support.
Engage professional services support at the onset of your implementation, migration, or deployment project to review and evaluate your networking security solution and help you gain the most value from your investment. This type of collaborative partnership will help you assess your network, security environment, workloads, and applications to be able to optimize your solution by addressing your biggest cybersecurity challenges to reach your desired future state and outcomes.
Learn more about networking and security
Read “10 Critical Considerations to Successfully Deploy Load Balancers” for more networking security support, visit Professional Services for Networking, or contact us if you’d like help to evolve and optimize your network. For more about VMware solutions, visit VMware NSX Distributed Firewall, VMware NSX Distributed IDS/IPS, and VMware NSX Advanced Threat Prevention.