E-guide

Take aim at network

security
Your expert guide to keeping cyber crooks out of your network
 E-guide

In this e-guide
In this e-guide:
What are the differences between
The ever-expanding attack surface brought about by the
network security vs. cybersecurity? proliferation of internet of things devices has created jitters in
cyber security circles. Today, it has become more difficult to
Network security, SD-WAN suppliers manage the nooks and crannies of enterprise networks that
revamp branch security
span private and public clouds, let alone keep up with
mounting threats that are growing by the day. In this e-guide,
The future of network-connected
device security learn more about securing software-defined wide area
networks, the top three network security challenges facing
Four ways to improve network CISOs, and why network security remains primary in any truly
security for modern networks
comprehensive security strategy.

What are today’s top 3 network

security challenges?

Network security in the digital

transformation era

Page 1 of 34
 E-guide

In this e-guide
What are the differences between network
What are the differences between
network security vs. cybersecurity?
security vs. cybersecurity?
Mike Jude, program manager
Network security, SD-WAN suppliers
revamp branch security Information security, network security, cybersecurity: The industry is flooded
with terms to describe how enterprises secure their network data. While the
The future of network-connected experience of wading through a mishmash of terminology to describe a specific
device security operation or function is not limited to the networking industry, the use of various
terms complicates the process of developing an effective approach to securing
Four ways to improve network data within the enterprise.
security for modern networks
In particular, confusion reigns about the differences between network security
What are today’s top 3 network
vs. cybersecurity. How do they differ? How are they the same? Let's try to clear
security challenges? up some confusion.

What is cybersecurity?
Network security in the digital
transformation era
Technically speaking, cybersecurity considers the security of the entire
cybernetic continuum. In other words, it's concerned with securing data within
the networked computing space of an enterprise. In practice, this includes
securing where data is stored, where it is manipulated and where it is

Page 2 of 34
 E-guide

transported. In a nutshell, cybersecurity is concerned with the protection of data

In this e-guide -- both at rest and in motion.

What are the differences between More prosaically, cybersecurity can be thought of as the security of the entire
network security vs. cybersecurity? computing space -- from information asset to information user -- including all the
components in between. The user does not need to be a human; as a result,
Network security, SD-WAN suppliers cybersecurity also covers communications between data processing systems.
revamp branch security That said, when IT professionals talk in terms of cybersecurity, they are typically
more concerned with the security of data that is stored and not transmitted.
The future of network-connected
What is network security?
device security
In modern enterprise computing infrastructure, data is as likely to be in motion
Four ways to improve network
as it is to be at rest. This is where network security comes in. While technically a
security for modern networks subset of cybersecurity, network security is primarily concerned with the
networking infrastructure of the enterprise. It deals with issues such as securing
What are today’s top 3 network
the edge of the network; the data transport mechanisms, such as switches and
security challenges? routers; and those pieces of technology that provide protection for data as it
moves between computing nodes.
Network security in the digital
Of course, all of this begs the question: If network security is simply a subset of
transformation era
cybersecurity, why even subdivide the domain? One reason is because
cybersecurity tends to take a broad look at security, including evaluating such
technologies as encryption. Encryption is important, but it's not necessarily
germane to the issues enterprises face when securing the network.

Page 3 of 34
 E-guide

Further, it's not always network security vs. cybersecurity, as the two actually
In this e-guide complement each other in the data protection continuum. If one thinks in terms
of protecting data both at rest and in motion, then network security covers data
What are the differences between traveling across the network, while cybersecurity deals with protecting data at
network security vs. cybersecurity?
rest.

Network security, SD-WAN suppliers

The critical network security vs. cybersecurity difference
revamp branch security Where cybersecurity and network security differ is mostly in the application of
security planning. A cybersecurity plan without a plan for network security is
The future of network-connected incomplete; however, a network security plan can typically stand alone.
device security
Taking a look at this in another way, network security is a subset of
Four ways to improve network
cybersecurity, which, in turn, is a subset of information security -- another topic
security for modern networks entirely. However you evaluate your security needs, planning needs to work
down to the lowest level. At each level, procedures and tools should ensure
What are today’s top 3 network
access to sensitive information is controlled and measures in place to detect
security challenges? and mitigate any breach that would lead to disclosure of that information.
Ultimately, the survival of your firm could depend on how successful you are in
Network security in the digital
setting up such a framework.
transformation era
Next Article

Page 4 of 34
 E-guide

In this e-guide
Network security, SD-WAN suppliers
What are the differences between
network security vs. cybersecurity?
revamp branch security
Lee Doyle, principal analyst
Network security, SD-WAN suppliers
revamp branch security A number of branch network security suppliers are touting their abilities to add
software-defined WAN capabilities to their firewall platforms. In the meantime, SD-
The future of network-connected WAN suppliers continue to improve their native network security capabilities.
device security
Organizations must carefully evaluate their security and WAN requirements, as
Four ways to improve network
they select the appropriate architecture for their unique branch network needs.
security for modern networks Many will continue to use SD-WAN and firewalls at their branch locations, making
integration between these platforms essential.
What are today’s top 3 network What is a firewall?
security challenges?
In the context of a branch network, the firewall is responsible for identifying and
blocking suspicious traffic to and from the branch. Current-generation firewalls can
Network security in the digital
transformation era
be deployed either as an appliance or as software. They can detect and block
attacks using traffic analysis by application, protocol or port.

The current generation of firewalls generally includes the following functionality:

 packet filtering

Page 5 of 34
 E-guide

 network address translation

In this e-guide  virtual private network
 URL blocking
 intrusion detection and prevention
What are the differences between
network security vs. cybersecurity? Using deep packet inspection, the firewall can peer into plain or encrypted traffic to
understand the context of internet-based traffic and block traffic that looks to exploit
Network security, SD-WAN suppliers security vulnerabilities. Firewall management capabilities include fine-grained
revamp branch security application, user control and centralized reporting consoles.

Branch security a top concern

The future of network-connected
device security The branch network is a key security concern, with the massive increases in internet traffic,
due to the range of devices attached to the network.
Four ways to improve network
security for modern networks The branch network is a key security concern, with the massive increases in
internet traffic, due to the range of devices attached to the network -- PCs, tablets,
IP phones and point-of-sale systems, for example. Many branches also support
What are today’s top 3 network
security challenges?
internal and customer Wi-Fi traffic.

Increased exposure to the internet and to endpoint diversity provides new avenues
Network security in the digital
for malicious actors to penetrate the network to access sensitive data. Lack of
transformation era
trained IT and security personnel at most branch locations means security
appliances must be easy to deploy and allow central management. Security
appliances should route suspicious traffic to centralized or cloud-based security
systems.

Page 6 of 34
 E-guide

Firewall suppliers add SD-WAN functionality

In this e-guide
The firewall market is highly competitive, with each supplier looking to add features
to differentiate their offerings. In addition to continually introducing features to
What are the differences between
counter new security threats, many firewall suppliers have added networking
network security vs. cybersecurity?
functionality -- including routing, unified communications, VoIP and Wi-Fi -- to their
products. Most firewall products already have a measure of application awareness,
Network security, SD-WAN suppliers
so basic SD-WAN functionality is a natural evolution.
revamp branch security

In 2018, a number of firewall suppliers announced their entry into the SD-WAN
The future of network-connected space. They typically have added SD-WAN features to their existing firewall
device security appliance or software, which is available to their installed base with a software
upgrade -- usually for an additional fee.
Four ways to improve network
security for modern networks Firewall suppliers that have announced SD-WAN capabilities include Fortinet,
SonicWall, WatchGuard, Forcepoint and Barracuda Networks. Cisco is working to
What are today’s top 3 network
increase the integration between its firewall and SD-WAN offerings, as a leading
security challenges? supplier of both network security and branch network products.

Another avenue to SD-branch

Network security in the digital
transformation era
Software-defined branch (SD-branch) is defined as having network security,
SD-WAN, routing, WAN optimization, LAN and Wi-Fi functions with integrated,
centralized management for branch locations. SD-branch consolidates multiple
software functions and appliances into an easy-to-deploy platform that can be
centrally managed.

Page 7 of 34
 E-guide

SD-branch platforms are becoming more popular, as network security and SD-
In this e-guide WAN vendors deliver more mature options. SD-branch suppliers include Cisco,
Cradlepoint, Fortinet, Riverbed, Versa Networks and WatchGuard.
What are the differences between
network security vs. cybersecurity? SD-WAN security
SD-WAN products provide basic security for internet traffic, and most have the
Network security, SD-WAN suppliers ability to identify suspicious traffic flows. A key competitive feature for SD-WAN
revamp branch security suppliers is their ability to improve their native network security features. Every SD-
WAN provider has its proprietary methods for network security functionality, like
The future of network-connected whitelisting and traffic inspection, for example. Most offer basic firewall and VPN
device security capabilities as standard features. Additional security options can include application
identification, policy enforcement, content filtering and endpoint security.
Four ways to improve network
security for modern networks
Network security and SD-WAN partners
Network security and SD-WAN suppliers have natural incentives to work
What are today’s top 3 network together to deliver more integrated products to their customers. Various levels
security challenges? of integration are possible between security and SD-WAN suppliers, including
basic management integration. They can also integrate their sales and
Network security in the digital marketing efforts. The best partnerships will deliver high performance at low
transformation era latency and provide highly integrated management consoles that quickly screen
and identify potential security risks.

Below are a few examples of SD-WAN suppliers and their security ecosystems:

Page 8 of 34
 E-guide

 Cisco (Viptela): Cisco Security, Symantec's Blue Coat Systems, Palo

In this e-guide Alto Networks and Zscaler.
 CloudGenix: Palo Alto, Symantec and Zscaler.
 Cradlepoint: Cisco, Trend Micro, Webroot and Zscaler.
What are the differences between
 VMware (VeloCloud): Check Point, Palo Alto, Symantec and Zscaler.
network security vs. cybersecurity?

Doyle Research expects the ecosystems between network security and SD-
Network security, SD-WAN suppliers WAN suppliers to continue to expand during 2019, with deeper and more
revamp branch security beneficial integration.

The final rundown

The future of network-connected
device security SD-WAN product sales continue to grow, as distributed organizations deploy the
technology to improve application performance and control WAN costs. While
Four ways to improve network network security intelligence is migrating to the cloud, most organizations will
security for modern networks continue to rely on firewall security at the edge of their network.

Organizations should carefully evaluate their WAN and network requirements.

What are today’s top 3 network
security challenges?
Regulated industries with high security and compliance requirements and relatively
low bandwidth needs may find that some firewalls can deliver adequate SD-WAN
functionality. Other enterprises will discover that SD-WAN platforms deliver suitable
Network security in the digital
transformation era
network security at the branch, especially when combined with cloud-based
network security intelligence.

Finally, many IT teams that continue to deploy both SD-WAN and firewall
appliances at the branch will benefit from the improved integration between these
platforms.

Page 9 of 34
 E-guide

In this e-guide
The future of network-connected device
What are the differences between
network security vs. cybersecurity?
security
Peter Allison, journalist
Network security, SD-WAN suppliers
revamp branch security Wireless functionality has improved workplace efficiency and organisations are
no longer restricted by cabling access. Unfortunately, many of these devices are
The future of network-connected poorly secured and rarely have their firmware updated.
device security
The vulnerabilities in internet of things (IoT) devices have led to smart devices
Four ways to improve network
being part of botnets and incidents such as cardiac devices being vulnerable to
security for modern networks hackers.

“The proliferation of IoT devices with poor security posture has increased the
What are today’s top 3 network
attack surface for threat actors dramatically,” says John Sheehy, vice-president
security challenges?
of ioActive. “Compromised devices can be used by threat actors for anything
from listening in on conversations and harvesting sensitive data, to cryptomining
Network security in the digital
and jumping to traditional IT systems.”
transformation era

Incidents where hackers have been able to exploit poor device security to obtain
sensitive data have resulted in significant reputational damage, as happened to
vTech in 2016. Such incidents could now – under the Data Protection Act 2018
– see companies fined.

Page 10 of 34
 E-guide

As such attacks have become more frequent, the UK government has decided
In this e-guide to step in. Earlier this year, the Department for Digital, Culture, Media and Sport
(DCMS) published the Secure by Design report and later the Code of Practice
What are the differences between for Consumer IoT Security – a guidance document advising on the best
network security vs. cybersecurity?
practices for securing IoT devices.

Network security, SD-WAN suppliers These guidelines are currently voluntary and are broken down into thirteen
revamp branch security steps, as follows:

1. No default passwords – all IoT device passwords should be unique and

The future of network-connected
not resettable to any universal factory default value.
device security
2. Implement a vulnerability disclosure policy – all companies that provide
internet-connected devices should provide a public point of contact as
Four ways to improve network
part of a vulnerability disclosure policy in order that security researchers
security for modern networks
and others are able to report issues. Disclosed vulnerabilities should be
acted on in a timely manner.
3. Keep software updated – software components should be securely
What are today’s top 3 network updateable. Updates should be timely and not impact on the functioning
security challenges? of the device. An end-of-life policy shall be published for end-point
devices, which explicitly states the minimum length of time that a device
will receive software updates.
Network security in the digital 4. Securely store credentials and security-sensitive data – any credentials
transformation era shall be stored securely in services and on devices. Hard-coded
credentials in device software are not acceptable.
5. Communicate securely – security-sensitive data, including any remote
management and control, should be encrypted in transit, appropriate to
the properties of the technology and usage. All keys should be managed
securely.

Page 11 of 34
 E-guide

6. Minimise exposed attack surfaces – all devices and services should

In this e-guide operate on the ‘principle of least privilege’; unused ports should be
closed, hardware should not unnecessarily expose access, services
should not be available if they are not used and code should be
What are the differences between
minimised to the functionality necessary for the service to operate.
network security vs. cybersecurity? Software should run with appropriate privileges, taking account of both
security and functionality.
Network security, SD-WAN suppliers
7. Ensure software integrity – software on IoT devices should be verified
using secure boot mechanisms. If an unauthorised change is detected,
revamp branch security
the device should alert the consumer/administrator to an issue and
should not connect to wider networks than those necessary to perform
The future of network-connected the alerting function.
device security 8. Ensure that personal data is protected – where devices and/or services
process personal data, they shall do so in accordance with applicable
data protection law. Device manufacturers and IoT service providers
Four ways to improve network shall provide consumers with clear and transparent information about
security for modern networks how their data is being used, by whom, and for what purposes. This also
applies to any third parties that may be involved. Where personal data is
processed on the basis of consumers’ consent, this shall be validly and
What are today’s top 3 network
lawfully obtained, with those consumers being given the opportunity to
security challenges?
withdraw it at any time.
9. Make systems resilient to outages – resilience should be built into IoT
Network security in the digital
devices and services where required by their usage or by other relying
transformation era
systems, taking into account the possibility of outages of data networks
and power. As far as reasonably possible, IoT services should remain
operating and locally functional in the case of a loss of network, and
should recover cleanly in the case of restoration of a loss of power.
Devices should be able to return to a network in a sensible state, rather
than in a massive reconnect.

Page 12 of 34
 E-guide

10. Monitor system telemetry data – if telemetry data is collected from IoT
In this e-guide devices and services, such as usage and measurement data, it should
be monitored for security anomalies.
11. Make it easy for consumers to delete personal data – devices and
What are the differences between
services should be configured such that personal data can easily be
network security vs. cybersecurity? removed from them when there is a transfer of ownership, when the
consumer wishes to delete it and/or when the consumer wishes to
Network security, SD-WAN suppliers
dispose of the device. Consumers should be given clear instructions on
how to delete their personal data.
revamp branch security
12. Make installation and maintenance of devices easy – installation and
maintenance of IoT devices should employ minimal steps and should
The future of network-connected follow security best practice on usability. Consumers should also be
device security provided with guidance on how to securely set up their device.
13. Validate input data – data input via user interfaces and transferred via
application programming interfaces (APIs) or between networks in
Four ways to improve network services and devices shall be validated.
security for modern networks

The definition of a “timely manner” is incident-specific. However, 90 days is the

What are today’s top 3 network standard for completion.
security challenges? Industry reactions have been broadly positive, with HP and Centrica agreeing to
abide by these recommendations. However, some recommendations are easier
Network security in the digital to implement than others.
transformation era
“At the high level, the specific requirements outlined in the code of practice are
exactly what needs to happen,” says Sheehy. “The challenge I see is that the
devil is in the detail.”

Page 13 of 34
 E-guide

No default passwords and a vulnerability disclosure policy are fairly easy for
In this e-guide organisations to implement, but ensuring software integrity and monitoring
system telemetry data are more challenging. “One of the huge challenges of
What are the differences between doing software integrity is building the right cryptographic system to be able to
network security vs. cybersecurity?
ensure that integrity,” says Sheehy.

Network security, SD-WAN suppliers Keeping software updated is also not as easy as it sounds. Most IoT devices
revamp branch security can be updated over the internet. However, there are devices that are
unsuitable for updating in this way. For example, the software in cars would
The future of network-connected probably need to be updated at a garage, which would come with a significant
device security cost, and not all car owners would go to the effort of asking for the software to
be updated.
Four ways to improve network
To fully implement these guidelines, companies need to follow “secure by
security for modern networks
design” principles in the manufacturing process. This technique embeds
security considerations within device development phase, rather than as an
What are today’s top 3 network
afterthought.
security challenges?

Guideline benefits
Network security in the digital
For all of the challenges that come with this, organisations can nonetheless
transformation era
benefit from following such guidelines. In a survey by Bain and Co, it was
discovered that executives would be prepared to spend 22% more on IoT
devices that were proven to be secure.

Page 14 of 34
 E-guide

“If a product has followed these guidelines, and has been independently
In this e-guide checked, then people would pay more,” says Colin Tankard, managing director
of Digital Pathways.
What are the differences between
network security vs. cybersecurity? This increase in income could be used by manufacturers to offset the costs
associated with following these best practice guidelines. Furthermore,
Network security, SD-WAN suppliers reputation of the company would be protected by having secured their devices
revamp branch security appropriately.

“Most businesses buy quality hardware, such as Cisco,” says Tankard. “They
The future of network-connected
device security
could go cheaper, but they go for brand reputation.”

However, the challenge is how manufacturers can show potential customers

Four ways to improve network that guidelines have been followed, and how customers can be confident that
security for modern networks
these claims are accurate. Independent certification could be one answer, but
there have been no indications that any certification method has been
What are today’s top 3 network proposed.
security challenges?

Currently, the closest form to a standard for cyber security is ISO/IEC 27001,
Network security in the digital but this only specifies the requirements for information security management
transformation era systems within organisations, rather than device security.

“How do the companies wanting to buy all of this stuff know it has been done,
when there is no kite mark or ISO standards that say it is compliant?” asks
Tankard. “We are a long way away from having something we can trust.”

Page 15 of 34
 E-guide

The UK government is currently debating whether these guidelines should

In this e-guide become a legislative requirement. A spokesperson for the DCMS said: “Our
ambition is for appropriate aspects of the Code of Practice to be legally
What are the differences between enforceable, and we have already commenced work to consider which aspects
network security vs. cybersecurity?
of regulatory change are necessary with further details to be shared in due
course.”
Network security, SD-WAN suppliers
revamp branch security The challenge of adapting these best practice guidelines into legislation is
ensuring that they remain valid. Technology is evolving at such a rate that
The future of network-connected government regulation is often lagging behind by several years.
device security
“One of my concerns with legislation of this kind is that it needs to evolve very
quickly and it needs to not be overly prescriptive,” says Sheehy. “If there is too
Four ways to improve network
much detail in the legislation it can quickly become outdated.”
security for modern networks

Device security needs to improve to meet the increasing use of such devices.
What are today’s top 3 network The sooner that organisations begin adopting the recommendations, the better
security challenges?
they will be prepared for when these potentially become law.

Network security in the digital Organisations should view these guidelines as an opportunity, by demonstrating
transformation era their commitment to customer security, while engaging with the government to
ensure the recommendations are both effective and technically feasible.

Page 16 of 34
 E-guide

“This is a very technical document and it is meant for consumption by technical

In this e-guide people,” says Sheehy. “I think that the right place for the government to make
this legislation is at the governance level.”
What are the differences between
network security vs. cybersecurity? Next Article

Network security, SD-WAN suppliers

revamp branch security

The future of network-connected

device security

Four ways to improve network

security for modern networks

What are today’s top 3 network

security challenges?

Network security in the digital

transformation era

Page 17 of 34
 E-guide

In this e-guide
Four ways to improve network security for
What are the differences between
network security vs. cybersecurity?
modern networks
Russ White, Author, network engineer
Network security, SD-WAN suppliers
revamp branch security Users -- particularly those who do not understand technology well -- have long
been taught to look for the green lock in their web browser to be certain it is
The future of network-connected communicating with a trusted site.
device security
The problem is, of course, the green lock doesn't mean the site itself is trusted.
Four ways to improve network
It just means the connection between your computer and the site is encrypted. It
security for modern networks doesn't mean the contents of the site are trusted, or that the site itself doesn't
contain some sort of malicious code.
What are today’s top 3 network
For example, freely available Secure Sockets Layer encryption certificates are
security challenges?
being combined with the /.well-known/ directory to embed phishing in websites.
This recent Netcraft article describes the technique.
Network security in the digital
transformation era This hole can, and probably will, be closed eventually. But what network
engineers and everyone working in IT should remember is that a network may
look like a castle, but it has thousands of entry points, with every Ethernet port
and every Wi-Fi signal, and tens of thousands of windows -- every application
running on every compute host with access to network resources.

Page 18 of 34
 E-guide

If you work to improve network security, there will always be another hole in the
In this e-guide wall to exploit, someone to exploit it and a user somewhere who is in a hurry or
doesn't understand what the green lock really means. There will always be
What are the differences between vendors more interested in making users feel safe to complete the transaction --
network security vs. cybersecurity?
whether in information or money -- than in actually providing a secure
environment.
Network security, SD-WAN suppliers
revamp branch security
Reduce complexity to improve network security
First, while you can't fix all your users, you can at least try to educate them. You
The future of network-connected are countering an entire industry fixated on making things happen and not
device security getting in the way of the transaction. But spending a little time explaining that
the green lock does not, in fact, mean a website is safe and that a little
Four ways to improve network encryption will not cure all privacy and security ills is a good start.
security for modern networks
Second, you can treat simplicity as a first-order problem to be solved when
What are today’s top 3 network
designing systems. Engineers and designers begin with a goal and pile system
security challenges? upon system until they reach that goal. What we often fail to recognize is every
layer of complexity, every interaction surface between systems, is another hole
Network security in the digital
in the network security system -- something else that needs to be understood,
transformation era monitored and protected.

Reducing complexity is not only a good design discipline; it is also a good

security discipline. Simpler systems have fewer holes to protect, much like a
castle that encompasses a smaller space and has a shorter wall is just easier to
defend.

Page 19 of 34
 E-guide

Improve network security using multiple vantage points

In this e-guide
Third, although castle walls are the most common paradigm for security,
engineers and designers need to stop thinking in terms of outside and inside
What are the differences between
their networks. The modern security landscape is more like a modern army than
network security vs. cybersecurity?
a castle. Rather than erecting castle walls, protecting areas and people through
mobility, superior planning and better methods are the right models for modern
Network security, SD-WAN suppliers
network protection. Part of this change is to stop seeing security as an
revamp branch security
appliance or certificate you can put in place and call it done.

The future of network-connected Fourth, you can think about security from Day One, making it an integral part of
device security the application design, as well as part of the network design.

Four ways to improve network

The green lock is a still a useful symbol for understanding security in a modern,
security for modern networks networked world. But to make it effective, separate what it means from what it
doesn't mean. Understand the limitations, simplify your surfaces and stop
What are today’s top 3 network
counting on the appliance or encryption to be your security life buoy.
security challenges?
Next Article

Network security in the digital

transformation era

Page 20 of 34
 E-guide

In this e-guide
What are today's top 3 network security
What are the differences between
network security vs. cybersecurity?
challenges?
Amy DeCarlo, principal analyst, security and data center services
Network security, SD-WAN suppliers
revamp branch security Even in the best-case scenario, with effective network security infrastructure in
place and an expert staff at the ready, network security can be a thorny task.
The future of network-connected Then, consider most organizations contend with serious resource limitations,
device security and the picture becomes darker.

Four ways to improve network

As network security threats continue to evolve, here are some of the top
security for modern networks network security challenges organizations should consider:

1. Lack of cybersecurity staff. According to a survey of 1,500 IT professionals

What are today’s top 3 network
commissioned by nonprofit cybersecurity membership organization (ISC)2, 63%
security challenges?
of respondents said their organizations lack sufficient cybersecurity staff. Fewer
than 60% warned that, because of this talent shortage, their companies are at
Network security in the digital
moderate to extreme risk of a breach.
transformation era

This resource gap quickly translates into one of the most significant network
security challenges today, with as many as 3 million unfilled cybersecurity
positions globally. And, unfortunately, future projections show this number may
continue to rise.

Page 21 of 34
 E-guide

Organizations try to fill in some security gaps with more automated technology
In this e-guide and improved process efficiency. Using technology to automate critical, but
fairly straightforward, processes such as patch management is one way
What are the differences between resource-constrained IT professionals navigate network security challenges.
network security vs. cybersecurity?
Missing patches are like leaving the front door unlocked, inviting a cyber
attacker to gain access on the web using an unauthenticated prompt or other
Network security, SD-WAN suppliers method.
revamp branch security

2. Poorly configured firewall. Another of the more substantial network security

The future of network-connected challenges is a poorly configured firewall that allows either direct or indirect
device security access to the network from unauthorized users or devices. Sometimes, the
hacker gains entrance through another network connected to the wireline
Four ways to improve network infrastructure, such as a Wi-Fi network that's not in use any longer, but still has
security for modern networks active access points.

3. Unmanaged end-user mobile devices. IT professionals also face a number

What are today’s top 3 network
of network security challenges related to the changing enterprise operations
security challenges?
environment itself. The move toward more distributed and virtualized operating
environments populated by unmanaged, user-owned mobile and other endpoint
Network security in the digital
devices makes protecting IT assets complex at best.
transformation era

While certain tools safeguard the network from devices running recognized
malicious code, protecting the unmanaged end-user phone or other device from
a breach that could expose corporate passwords or other sensitive data is a
tougher task.

Page 22 of 34
 E-guide

Perhaps the best way to overcome BYOD-related network security challenges is

In this e-guide through effective policy. Requiring multifactor authentication and data
encryption for any communications across the corporate network can go a long
What are the differences between way toward better network security. Frequent and transparent communication of
network security vs. cybersecurity?
policies regarding the use of personally owned devices on the corporate
network is also essential to establish best practices among the end-user
Network security, SD-WAN suppliers community.
revamp branch security

Next Article
The future of network-connected
device security

Four ways to improve network

security for modern networks

What are today’s top 3 network

security challenges?

Network security in the digital

transformation era

Page 23 of 34
 E-guide

In this e-guide
Network security in the digital
What are the differences between
network security vs. cybersecurity?
transformation era
Nicholas Fearn
Network security, SD-WAN suppliers
revamp branch security Network security has, for decades, remained one of the more focal aspects of IT
management strategies. It consists of the policies and practices that businesses
The future of network-connected implement to protect their computer networks from cyber attacks. Such
device security strategies are responsible for stopping people from accessing and modifying
networks without the permission of system administrators.
Four ways to improve network
security for modern networks Most cyber security professionals agree that every business needs some form
of network protection system in place, or they risk falling victim to cyber attacks.
What are today’s top 3 network
It is also widely believed that these are the most effective protections against
security challenges?
malware. Often, IT managers use network security procedures to control who
can see and use company data. Usually, employees will need an ID and
Network security in the digital
password combination to be able to get into company networks.
transformation era

Traditionally, there have been two types of network security: public and private.
Normally, private networks are reserved for use by employees within the
company walls.

Page 24 of 34
 E-guide

Meanwhile, others are designed for public use. Whatever the case, public and
In this e-guide private security systems serve the same purpose – and that is to secure
business networks. However, much of this technology has remained the same
What are the differences between for years.
network security vs. cybersecurity?

Cyber security threats are constantly growing in complexity and volume, and
Network security, SD-WAN suppliers business networks continue to be lucrative targets for hackers. So companies
revamp branch security need to have the most effective network security strategies in place to counter
sophisticated attacks.
The future of network-connected
device security
With the emergence of powerful detection and response capabilities, companies
should be rethinking their network safeguards to change with the times and
counter the ever-evolving attacks used by cyber criminals.
Four ways to improve network
security for modern networks
In the light of this changing threat landscape and businesses pursuit of digital
transformation, we explore what CIOs are doing to protect their network.
What are today’s top 3 network
security challenges? The rise of cloud
Businesses are increasingly investing in cloud computing technologies, with
Network security in the digital network security strategies are evolving greatly as a result. Neil Thacker,
transformation era European chief information security officer of US security software firm
Netskope, believes that organisations cannot simply focus on protections for
physical networks.

Page 25 of 34
 E-guide

“As infrastructure and applications move to the cloud, the focus on network
In this e-guide security moves to the cloud too. As a CISO, my role is to mitigate the risk, which
results in ultimately following the data – how we connect, interact and
What are the differences between collaborate with data relies less today on physical networks and more on client
network security vs. cybersecurity?
to cloud services,” he says.

Network security, SD-WAN suppliers Thacker is developing a more tailored cyber security strategy that is specific to
revamp branch security today’s threats. Instead of trying to cover all areas, he is focusing on the layers
that affect his company’s cloud infrastructure.
The future of network-connected
device security
“The traditional seven-layer OSI model has therefore been replaced with three
layers: identity, application and data. In summary, organisations must have
better visibility into these three layers without necessarily prohibiting the use of
Four ways to improve network
services that businesses rely on,” he says.
security for modern networks

“Cloud is not just the future, it’s how businesses work in the present day.
What are today’s top 3 network Therefore, the security of these services and the data that resides in them must
security challenges?
form part of a CISO’s principal strategy,” he adds.

Network security in the digital Corey Nachreiner, CTO of cyber security firm WatchGuard Technologies,
transformation era agrees with Thacker that strategies are changing as a result of cloud,
virtualisation and mobile computing technologies. However, he believes that
network protections will constantly be crucial for businesses.

Page 26 of 34
 E-guide

“Independent of its evolution, network security is and will always be relevant and
In this e-guide necessary. While our network designs and perimeters are changing due to the
cloud, virtualisation and mobility, the network is still there and its protection will
What are the differences between always be critical,” he says.
network security vs. cybersecurity?

Nachreiner believes that, as an area, network security is always evolving to

Network security, SD-WAN suppliers keep pace with new technologies and threats. He says it helps to “reinforce
revamp branch security detection and response” considerations.

Independent of its evolution, network security is and will always be relevant and
The future of network-connected
necessary
device security

Corey Nachreiner, WatchGuard Technologies

Four ways to improve network
security for modern networks “Historically, IT organisations have focused more on preventing threats and less
on discovering ones that got through their defences. With huge breaches
What are today’s top 3 network
proving that no defence is infallible, we are seeing more organisations shift
security challenges? some budgetary focus to detection and response,” he says.

“The problem is neither the endpoint nor the network can always catch all the
Network security in the digital
stages of an attack. For instance, fileless malware often evades traditional
transformation era
endpoint protection. Meanwhile, some network attacks use techniques to
bypass certain network protection measures.

Page 27 of 34
 E-guide

“The best detection and response solutions actually correlate suspicious

In this e-guide network events with suspicious endpoint events to find malware or threats in
your network that you couldn’t find otherwise.”
What are the differences between
network security vs. cybersecurity? Scott Crawford, an analyst at 451 Research, says network security “remains
primary” in any truly comprehensive security strategy: “Network security
Network security, SD-WAN suppliers provides the visibility into network traffic and content organisations need to be
revamp branch security aware of threats or activity that could cause security problems.

“It can be examined at a high level for security-relevant trends or – when

The future of network-connected
device security
warranted – inspected in detail for specific indicators of suspicious activity or
potential risk.”

Four ways to improve network However, Crawford admits that the field is evolving. “That is not to say there
security for modern networks
haven’t been changes in the nature of network security. With the shift of
datacentre activity toward cloud concepts, third-party providers have taken on
What are today’s top 3 network more of the functions traditionally handled in the enterprise datacentre, which
security challenges?
has shifted some investment, including that historically allocated to on-premises
networking and network security,” he says.
Network security in the digital
transformation era
Layered approaches
While the definition of networks has changed dramatically over the past few
decades, the importance of securing them has remained the same.

Page 28 of 34
 E-guide

Alex Ayers, head of application security at information services firm Wolters

In this e-guide Kluwer, says the objectives of network security have endured time. But he
admits that it is particularly crucial for companies that develop network
What are the differences between infrastructure as a service (IaaS).
network security vs. cybersecurity?

Ayers believes that the most modern and effective strategies “balance
Network security, SD-WAN suppliers performance, reliability, scalability, supportability and security”. At Wolters
revamp branch security Kluwer, he has implemented a layered approach to stop cyber criminals from
infiltrating the company’s systems.
The future of network-connected
device security
“Perimeter controls restrict the traffic reaching our applications and network
segmentation is used to isolate service infrastructure components. Supporting
the architectural and technical controls is a security monitoring layer which,
Four ways to improve network
while often seen as an insurance policy, provides data that can be used to
security for modern networks
augment service health and performance indicators,” he says.

What are today’s top 3 network Through these different layers, Ayers says his company is able to “deploy, tune
security challenges?
and replace discrete specialised technologies in response to changes in threats
or business requirements”.
Network security in the digital
transformation era “Corporate network boundaries are a thing of the past. Today, we balance a
corporate network, a production network, and a host of SaaS [software-as-a-
service] offerings to run our businesses and maintain a competitive advantage,”
he adds.

The importance of balance

Page 29 of 34
 E-guide

Collaboration software firm Slack, like many other businesses, relies on a range
In this e-guide of traditional network security mechanisms to tackle cyber crime.

What are the differences between Geoff Belknap, chief security officer at the company, says these continue to be
network security vs. cybersecurity? effective for the firm, but the company has also had to invest in more modern
detection and response technologies in recent years to keep ahead of
Network security, SD-WAN suppliers increasing threats.
revamp branch security
“Slack uses a combination of common technologies such as firewalls and
network based intrusion detection, as well as modern network and endpoint-
The future of network-connected
device security
based malware detection methods. We monitor all network traffic at the kernel
level to gain insight into how our services communicate and to detect potentially
malicious traffic,” he says.
Four ways to improve network
security for modern networks
Belknap also questions the trustworthiness of every network. This way the
company is able to probe for potential security risks. “We are also big believers
What are today’s top 3 network in the beyondcorp/zero trust school of thought. We don’t assign any trust based
security challenges?
on the source network that a given device’s request originates from.

Network security in the digital “We treat all our networks as untrusted. Instead we make device identifiers a
transformation era key component of our security, which allows us to make more accurate
decisions about access control and make more informed decisions about
suspicious activity,” he adds.

Page 30 of 34
 E-guide

Julie Cullivan, chief information security of network security company

In this e-guide ForeScout, says companies need to develop a deeper understanding of existing
and emerging security risks. “An important first step in securing an enterprise
What are the differences between network is understanding the cyber threat landscape and the challenges IT
network security vs. cybersecurity?
teams are facing,” she says.

Network security, SD-WAN suppliers “At a time where devices making up the internet of things become increasingly
revamp branch security prevalent in industrial settings, enterprise security teams often struggle to see
how many devices are connected to their network.”
The future of network-connected
device security
Like Belknap, Cullivan believes that companies should take comprehensive
network security approaches, adding: “Implementing a model that includes
understanding any time new devices and new types of devices join a network is
Four ways to improve network
essential for managing your security risk posture.
security for modern networks

“Factory passwords should always be changed, endpoint access to networks

What are today’s top 3 network should be managed and in some cases restricted, and devices should always
security challenges?
run the latest software and security updates. While some of these might sound
trivial, cyber criminals will always try to identify and exploit the weakest link in a
Network security in the digital network,” she says.
transformation era
Fending off attacks
Hervé Dhelin, senior vice-president of strategy at networking firm EfficientIP
describes network security as a “make or break scenario” for companies. He

Page 31 of 34
 E-guide

says it can help them identify and respond to new threats, even if the source is
In this e-guide untraceable.

What are the differences between “Having the right tools to launch the appropriate countermeasure is crucial. The
network security vs. cybersecurity? recent example of the cyber attack of the Winter Olympics shows how important
it is to have network security in place to be prepared to mitigate a large volume
Network security, SD-WAN suppliers of possible attacks,” he says.
revamp branch security
Specialising in domain name system (DNS) and cloud protection, EfficientiP
works with companies such as Netflix, eBay, Orange, the London Stock
The future of network-connected
device security
Exchange and Vodafone. But it has also been helping large universities,
hospitals and sporting events to ensure that their networks are unbreakable.

Four ways to improve network Roland Garros (the French Open) is another high-profile client of the company.
security for modern networks
It is using network security products from the firm to protect tens of thousands of
sports fans from falling victim to breaches.
What are today’s top 3 network
security challenges? “Roland Garros needed to protect its network to ensure continuity of service for
the 15,000 seats that may need to access the network,” says Dhelin.
Network security in the digital
transformation era
“The French Federation of Tennis understood the importance of having the right
tools to mitigate threats that might damage their business, and consequently
installed DDoS [distributed denial of service] mitigation to absorb any large
volumetric attacks, which could easily be executed thanks to the sheer number
of unsecured user devices on stadium premises.

Page 32 of 34
 E-guide

“Even if the FFT is not able to locate the direct source of the attack, they will
In this e-guide always be able to ensure their customers – in this case, spectators, journalists,
VIPs, and even players – uninterrupted service.”
What are the differences between
network security vs. cybersecurity? Franck Labat, IT technical director of the French Tennis Federation, says
network security defences are an integral part of the organisation’s cyber
Network security, SD-WAN suppliers security blueprint. With them, the federation can keep its stakeholders safe.
revamp branch security
“During a tournament, billions of DNS requests must be solved: more than
3,000 journalists, photographs, VIPs, players and trainers use our network
The future of network-connected
device security
services. We are now capable of avoiding any interruption of service to ensure a
high level of availability. The quality of these services is vital to the tournament’s
reputation,” he says.
Four ways to improve network
security for modern networks
Considering how long network security has been around, it is quite common for
people to view it as an archaic part of cyber security strategies. But the fact is
What are today’s top 3 network that networks play an important role in any private or public organisation, so it is
security challenges?
crucial to have appropriate defences in place to ensure that hackers cannot
bring them down.
Network security in the digital
transformation era That said, there is a clear sense among companies and IT professionals that
network security must continue to change with the times. Cyber threats are
becoming harder to trace and tackle – meaning that network security
technologies and strategies need to be just as sophisticated.

Page 33 of 34
 E-guide

In this e-guide Getting more CW+ exclusive content

As a CW+ member, you have access to TechTarget’s entire portfolio of 140+
What are the differences between
websites. CW+ access directs you to previously unavailable “platinum members-
network security vs. cybersecurity?
only resources” that are guaranteed to save you the time and effort of having to
track such premium content down on your own, ultimately helping you to solve
Network security, SD-WAN suppliers
your toughest IT challenges more effectively—and faster—than ever before.
revamp branch security

The future of network-connected Take full advantage of your membership by visiting

device security
www.computerweekly.com/eproducts
Four ways to improve network Images; stock.adobe.com

security for modern networks

© 2019 TechTarget. No part of this publication may be transmitted or reproduced in any form or by any means without
written permission from the publisher.

What are today’s top 3 network

security challenges?

Network security in the digital

transformation era

Page 34 of 34