The threats to your network are constantly evolving, so trying to defend your company is like trying to hit a moving target. Not only are new threats coming from external players, but having to protect yourself from malicious insiders is also part of keeping the business secure. Here are the “Top 5” technologies, in my opinion, that should be implemented within an organization from a networking perspective to limit risk. This doesn’t mean you’re secure, but applying these systems to your defense along with the proper monitoring and policy is a step in the right direction.
There are many forms of vulnerability management, but knowing where your vulnerable is a good place to start your security program. Having an understanding of where you’re vulnerable in your systems, applications and networks before some with malicious intent does is highly valuable.
Data Loss Prevention (DLP)
Protecting your company from data leakage or loss is important. Many of these systems are designed to protect malicious intent from coming into the network, but what happens if someone’s on the inside? Using DLP to monitor and block protected information from leaving the network or being touched by those who shouldn’t have access is another way to defend against risk.
If you’re not logging your systems you’ll be flying blind when an attack happens. Notice I didn’t say “if” an attack happens. During incident response you’ll wish you had the history or time machine of logs to rely on and assist you with incident management. No one ever said, “I wish I didn’t have all these logs” during an incident. Logging everything you have is essential.
Security Incident and Event Management (SIEM)
Now that we spoke about logging let’s take it up a notch. Now that you have the logs what are you going to do with them? Establishing a way to correlate these logs to capture security attempts against your network in real time is the next logical step. Creating rules and alerts based off the data you’re collecting from your systems is essential for defense.
Next Generation Firewall/IPS
I’m lumping these two in the same category because this market is starting to merge. Either way having one or both of these systems in line with your network will assist with blocking/alerting on malicious and suspicious traffic that’s passing through them, normally on the perimeter or between networks. Now that these systems are able to look into the packet data and analyze through the stack their importance in your network is vital.