The perimeter network has evolved beyond the physical limits of the corporate campus. Not too long ago, firewalls did a decent job of protecting enterprises from outside threats, and intrusion prevention tools helped to defend against rogue insiders. But over time, the bad actors have gotten better: spear phishing has made it easier to infiltrate malware, and poor password controls have made it simpler to exfiltrate data. This means that the insider threats are getting tougher to detect, and IT assets are getting more distributed and harder to defend.
What defines the new network edge in the age of cloud applications and bring your own devices? The network edge or protection layer is moving inwards, reports David Strom, who is a veteran technology journalist in the networking and security space. Today's protection strategies are trying to take the perimeter network and collapse it inwards by focusing on a particular machine or application that may be misbehaving and introducing vulnerabilities into the company's infrastructure.
In this video, Strom looks at four strategies that IT and security managers are using to defend the new network edge: protecting the applications layer, using encryption certificates, integrating single sign-on technologies, and building Web front ends to legacy apps. He also reports on some of the security products that underlie these strategies.
Companies need to do a better job of hiding their network traffic as it travels across the Internet and strengthening their access controls to prevent man in the middle attacks. Online banking offers a good overview of the evolution of multifactor authentication and digital certificates, according to Strom, but most of these technologies still fall short when it comes to mobile. IT and security managers are pursuing “transparent strong authentication” strategies to ensure mobile users can access network assets without re-keying a lot of information. For instances, at some companies, mobile users are required to have a strong PIN and then network dashboard controls provide additional information such as geolocation to strengthen the one-time password.
Network access control (NAC) is also evolving rapidly. One of the problems with traditional NAC products is that they required agents on all of the endpoints. Newer technologies scan the network and use the intelligence to protect endpoints and enterprise assets. Strom reports on the techniques and perimeter network security technologies that companies, such as the American Red Cross, Post Foods and others are using when it comes to advanced passwords, digital certificates and network access controls.
David Strom is a freelance writer and professional speaker based in St. Louis. He is former editor in chief of TomsHardware.com, Network Computing magazine and DigitalLanding.com. Read more from Strom at Strominator.com.