kras99 - stock.adobe.com
Enterprises have moved quickly in recent years to implement sweeping digital transformation projects designed to improve IT processes in support of optimal business operations. Many organizations have shifted application workloads from traditional data centers to the cloud.
Network modernization -- in which enterprises apply intelligent network automation, programmability, and virtual network and security functions -- is a foundational element in effectively connecting highly distributed resources.
With more application workloads deployed to multiple cloud and hybrid work models, the need to update the network infrastructure becomes imperative. Effective cybersecurity is one of the drivers behind network modernization because through things like network functions virtualization, organizations can facilitate security controls such as firewall capabilities across their entire IT estate, wherever a resource is.
What is modern network security?
The move to hybrid work models during the COVID-19 pandemic accelerated digital transformation projects. With the need to continue collaboration and other operations virtually, projects that would have taken months or longer were put in place in days or weeks. One of the unfortunate byproducts of these rapid deployments is security was too often an afterthought.
Cybercriminals were quick to exploit vulnerabilities. Organizations reported a dramatic increase in malware attacks. The 2020 FBI Internet Crime Report collated data from 791,790 complaints -- a jump of more than 300,000 from the prior year. These victims claimed losses of more than $4.2 billion.
These threats are pushing organizations to revamp their security strategies and redesign their security infrastructures. Increasingly, enterprises are looking to better integrate security into their networks through approaches like secure access service edge (SASE). Though more of a concept than a structured cybersecurity model, SASE commonly includes several elements such as firewall as a service, cloud access security brokers, secure web gateways and zero-trust network access.
Basically, SASE involves cloud-based functions and the entire infrastructure is centrally managed. From a connectivity perspective, SASE drives traffic to the nearest network edge to the end user. This differs from legacy secure connectivity approaches that use a VPN to push data through a central server, often quite far from the endpoint's location. As a result, the end user may experience diminished performance.
Network automation, segmentation and zero trust
Automation is also an important part of a modern network security approach. Organizations can use automation in network segmentation, in which the network is divided into smaller subnetworks, which reduces the attack surface.
Network segmentation can help restrain DoS attacks by limiting access to internal resources. Cybercriminals use DoS attacks to flood servers with malicious traffic with the goal of knocking the machine or network offline. DoS attacks are sometimes used in conjunction with ransomware attacks as a mechanism to extort money from the breached organization or to mask a secondary attack.
With network segmentation in a modern network security architecture, the idea is to simplify and improve an organization's security posture by reducing the attack surface while reducing disruptions and lowering costs.
With zero trust, another core element in modern network security, an entity needs to be authorized, authenticated and continuously validated in order to access any enterprise resource.
How security improves performance
Other adjacent security functions also need to be part of modern network security, starting with effective network security policy development and execution. Key to a successful network security implementation is the right level of control without slowing network traffic.
Ultimately, modern network security can do more than just protect infrastructure assets from theft or exposure. Successful cybersecurity can also facilitate optimal network performance by limiting disruptive incidents.