Network Security

Next-Gen Firewalls

While firewalls have been around since the 80’s they have advanced immensely. What started out as a packet filter is now a next generation solution that is vital to a security strategy.

NGFW (Next Generation Firewalls) combine traditional firewall technology with additional functionality, such as encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. Most notably, it includes deep packet inspection (DPI). While basic firewalls only look at packet headers, deep packet inspection examines the data within the packet itself, enabling users to more effectively identify, categorise, or stop packets with malicious data

Micro-Segmentation

Newly emerging technologies in Micro-segmentation take the emphasis away from traditional network segmentation using firewalls and VLANs, these technologies utilise application or service aware tags that can be used to allow/block communications based on the specific requirements or roles within an organisation. This security strategy that involves dividing a network into smaller, isolated segments, or “microsegments,” in order to increase security and vastly improve visibility.

DDoS

While DDoS protection may not be a requirement for all organisations however, for companies publicly hosting services or web applications DDoS attacks can mean a real loss in revenue, reputation damage and unsatisfied customers. They are one of the most common types of attack and services can be purchased on the dark web for ~£20p/h.

A DDoS attack works by utilising a host of internet connected devises that have been infected with malware and can now be controlled remotely by an attacker. These machine are then used to drive mass traffic to a specific URL with the aim to overload it and successfully take it down. A prime of example of this would be a global online retailer having no website available to customers. Millions could be lost in minutes.

IPS

IPS and IDS work by continuously monitoring and analysing network traffic and activity in order to identify potential security threats and issues. When a potential threat or issue is detected, the IPS or IDS system will take appropriate action to block or mitigate the threat. Traditionally this is performed using packet inspection and a set of signatures of known suspicious or malicious traffic, which can then either be blocked or monitored and alerted to the security teams.

Network Sandbox

A network sandbox is a security feature that is designed to isolate and test potentially malicious software or content in a controlled environment, to determine whether it poses a threat to an organisation’s network and data. Network sandboxes can be used to analyse malware, suspicious files, or other potentially malicious content to understand how it behaves and determine the risks it poses. Network sandboxes can be deployed in various ways, such as on a dedicated device, in a virtual machine, or in the cloud.

Network Access Control

Network access control (NAC) typically works by implementing a set of policies that define which devices and users are allowed to access the network and under what conditions. These policies can be based on factors such as the device type, the user’s role within the organisation, and the device’s compliance with relevant security standards. These solutions can also manage port control restricting physical network connections based on whether the device is known and managed and is a crucial technology for business with publicly accessible areas.