Not so long ago, the work of system and network administrators was clearly defined, and the interaction of the network components was easier to understand. However, recent years have seen an explosion in the demands on enterprise networks.
Complexity is growing: Operations are increasingly being digitalized and, on top of this, reliable solutions for wireless and wide-area networking have to be sourced and delivered. A steadily growing number of users and network ele ments require central monitoring and secure management. As a result, networks in all areas are becoming business-critical: If they go down, consequences can be disastrous and can even mean that telephony fails.
Here’s the sticking point: On the one hand we have floods of data to be processed and, on the other hand, a small number of people with the task of orchestrating these complex processes. Which all sounds like a truly Herculean task.
IT security – more important than ever
But that’s not all. At the same time, the complexity of networks mean that IT security is an increasingly heavy responsibility. After all, no one wants to read their company’s name in connection with a cyber attack. The downside is that never before have cyber attacks presented such a threat to businesses, public works and institutions. When the goal of hackers is to spy on confidential data, or criminal misuse, then a rudimentary security strategy is not going to be enough. You have to do more than mere “administration”.
Advanced persistent threats (APT) are targeted attacks on enterprise networks, and effectively defending against them—or a least limiting the damage they cause—requires the behavior of the virus or intruder to be detected and analyzed at the earliest possible stage. As is so often the case, it’s better safe than sorry.
A network trend with potential
So how can I as a network manager reconcile security and management demands for increasingly complex network infrastructures? Until recently, network technology and security were two different things. Since 2018, however, these two disciplines have been rapidly converging. Current developments in the IT industry show a trend with the potential to make lasting changes to the industry.
The market is changing
What we observe is large network manufacturers buying up specialized security providers and integrating their solutions into enhanced portfolios. The opposite is also true: Formerly pure security providers are adding network solutions to their product range. Mirroring this, the growth forecasts for the security market in 2019 are highly positive [Gartner Forecast 2019].
This is no surprise considering the way that extreme cyber criminals have been arming-up in recent years. LANCOM Systems, too, is relying on closely integrated network and security technologies. The result: LANCOM is cooperating closely with the security experts Rohde & Schwarz Cybersecurity and has adopted the Rohde & Schwarz® Unified Firewall portfolio.
The reason why network providers are taking this direction is clear: Secure networking is the cornerstone for successful digital transformation in companies, institutions and industry. These new demands require integrated solutions for the reliable and secure configuration, management and protection of complex network architectures equipped with WAN, LAN and WLAN.
Security from Routers & Co.
In principle, a wide range of security functions are in the DNA of Wi-Fi access points, switches, and the like. Professional routers provide not only high availability. They also ensure that data traffic between locations is securely protected from unauthorized third parties, for example by using IKEv2-IPSec VPN.
Business switches also offer security features such as network isolation by means of a virtual local area networks (VLAN). Subnetworks that are logically separated from one another allow external service providers to be integrated into the company network without them being able to access sensitive internal information.
Wireless LANs should, as a minimum, be operated with encryption such as with WPA3 or, better still, with individual Wi-Fi passwords for each client by means of LEPS-U and LEPS-MAC. Secure user authentication according to IEEE 802.1X should also be an option.
The decision for or against security can already be made when selecting and configuring the basic network components.
A constant eye on security and compliance with the cloud
The best way to avoid losing sight of the complex network structures is to operate software-defined cloud solutions that offer a central platform for the automated control, monitoring and protection of entire networks. The LANCOM Management Cloud is comprehensive in covering the topics of SD-WAN, SD-LAN, SD-WLAN and SD-SECURITY.
Until now, the challenge presented by conventional networks was; the larger and more complex they become, the harder it is to maintain and monitor their compliance. A simple and practical solution, available with the LMC, is an integrated Security & Compliance Dashboard that shows you—at a glance—whether the devices on the network are configured according to corporate security policies. The dashboard documents all external access attempts: This puts a quick stop to any unauthorized attempts.
UTM firewall: The right choice, come what may
For networks that are already well-secured and centrally managed, the ideal addition is a next-generation firewall featuring integrated and comprehensive protection against cyberattacks. A UTM firewall, such as the LANCOM R&S®Unified Firewalls, provides a one-stop security solution for the three areas of network security, web security, and mail security. A modern UTM firewall has a lot to offer, such as: SSL inspection, a technology that allows the firewall to analyze SSL encrypted traffic; or deep packet inspection that precisely classifies the network traffic of the protocols and applications used.
In addition to integrating conventional web and malware filters, new functions are based on AI technologies such as machine learning. The system automatically “trains” itself with each new file arriving in a controlled environment (“sandbox”) to detect previously unknown threats as quickly as possible (“zero-day protection”), which makes the protection increasingly comprehensive and precise.
Integrated solutions for higher security
So the picture is becoming clear: it’s time to focus on integrated network solutions! Complex scenarios require protection from “outside” attacks as well as from security risks due to incorrect or missing configurations. Network and security form synergies that complement each other to perfection. The approach is exemplified by LANCOM Unified Security: Bringing together what belongs together.