Can you defend against zero day threats? Most organizations cannot. But with the right technology, organizations can not only detect more zero days, but also stave them off–without having to compromise on business agility or speed. Here is Part Three of our four part series, “Stopping Zero Days at the Speed of Business.”
Network Cyber Security Configuration – A Piece of [email protected]
But configuring the many layers of network protection is anything but easy. Especially as IT administrators with limited security knowledge are often entrusted with this task. Just consider the layers of security involved. These include defining the policies for one or more firewalls, VPN, IPS, application access controls, URL filtering, anti-spam settings, CDR. They also include maintaining other solutions such anti-bot detection and antivirus software. Plus, you may have sandboxing and malware analysis tools to boot.
With dozens and even hundreds of parameters to define, manual configuration also becomes prone to error.
At the end of the day, well-meaning IT specialists may have no idea if their organization is in fact protected. To help organize this daunting duty, here are four best practices to configuring your network security.
#1 Define and conquer – Classify segments for consistent policy application
Rather than a single network, the fabric of today’s networks is comprised of multiple integrated segments, each which require different protections. For example, the guest network may only require protections for browsing the open internet. Meanwhile, the internal network requires setting up policies for your IPS and email gateway.
By first defining what type of network you are protecting, you can define policies once for each segment type and apply the same policies consistently where relevant. Common types of network segments include the perimeter network, data center network, internal network and guest network.
#2 Use only what you need – Enable only relevant functionality for better performance
Hundreds of policies can be applied to a network segment, depending on the Oss and protocols it uses and the applications it needs to protect.
By automatically enabling only pertinent functionalities for each network segment, organizations can accelerate the performance of their security gateways. They also save on gateway resources such as bandwidth and CPU consumption. They may even realize they can operate with a more cost-effective network cyber security appliance.
Moreover, by automatically only enabling relevant functionality, the need to have expertise in many different security functions is eliminated.
As an example, MTAs or mail-transport agents are relevant for email management, but not relevant for the guest network. Therefore MTA functionalities on the guest network can be automatically disabled. Similarly, VPN access from your guest network to your enterprise network should be disabled, as well.
#3 Block what you don’t need – Apply prevent-mode to rarely used resources
In the same vein, security can be enhanced by tailoring IPS protections to your network according to the OSs, apps and protocols used in a given segment. These may include signatures, software updates and virtual patching against known vulnerabilities.
To demonstrate how such optimization would work, consider an internal enterprise network made up of laptops. That network requires protections for browsing and email. But, since it does not contain industrial control systems or Unix servers, a long tail of unused resources can be activated in prevent mode. For example, industrial control protocols such as Modbus, can be blocked to prevent their abuse .
#4 Adapt and optimize – Fine tune per ongoing activity and latest threats
Machine learning can be used to adapt protections, such as those applied by an Intrusion Prevention System (IPS). By only using protections relevant to the actual OSs, protocols and applications used in a given segment, organizations benefit from better performance and cost efficiency.
And when it comes to the latest defenses against the newest threats, it is imperative to keep apprised of the latest published CVEs, and ideally apply virtual patching as a pre-emptive security measure.
Simple, Automated Network Cyber Security
To make it easy to maintain the best threat prevention possible on your network, Check Point’s R80 management portal now offers single-click setup of best practice policies. Thanks to the new Infinity Threat Prevention Management console supported by R80.40 and later, you can select the appropriate network profile, apply it once, and enjoy set-and-forget management. All the policies and protections are continually optimized and updated in the background.
This way, IT and security practitioners always know they are running with the latest protections against the newest vulnerabilities. Plus, with fully automated policy updates, there is no need to push policies manually. To learn more, including Early Availability details, go to Check Point Checkmates.