The Changing Network Security Landscape

0

Network security is a vital capability that enables the business to evolve through digital innovation – an effective strategy with every organization across multiple industries. Building a resilient cyber strategy is important for building trust with customers, partners and the entire supply chain. Industry experts share insight into why CIOs and IT teams should prioritize network security more than ever.

Maher Jadallah, MENA Senior Director, Tenable

In computing, network security is about maintaining the integrity of a computer network and the data it contains. A network is made up of a number and variety of interconnected devices. Network security is important because it protects sensitive data from cyber attacks and ensures that the network is usable and reliable.

Network security management can involve a wide variety of security tools, both hardware and software. Security becomes more important as networks become more complex and businesses depend more on their networks and data to conduct their business.

Ian Engelbrecht, Veeam Systems Engineering Manager – Africa, Veeam Software, said security in general is a key business topic and concern. According to Engelbrecht, in 2021, cyber attacks have increased to every 11 seconds, up from 120 seconds the year before, with an overall cost rising to US $ 20 billion in 2021. “Security has become a crucial topic for the business. ‘introduction of solutions to the market. The cybersecurity market is expected to grow from US $ 16.1 billion in 2020 to US $ 28.7 billion by 2025, ”he said. “Shodan.io keeps track of all devices that are directly accessible from the Internet. It reveals that there are 513,615 devices on display across the UAE vulnerable to cybercrime incidents. “

Engelbrecht said this demonstrates why cybersecurity and resilience are important to all organizations in the Middle East and Africa (MEA), not just businesses. “The overall $ 20 billion cost of ransomware does not only include ransoms of paid data, but also reputational damage and downtime,” he said. “Working from home has also increased demands from customers, who expect 24/7 availability of a platform or service. With a huge increase in e-commerce focused businesses, it only takes a few seconds for a consumer to decide which platform to consume or which to buy on. If Company A (which customers prefer to use) is offline at that time and they want to purchase their favorite football shirt by 10 p.m., the sale will go to Company B.

Haider Pasha, Chief Security Officer, Palo Alto Networks, MEA, said network security is a vital capability that enables the business to evolve through digital innovation – an effective strategy with every organization across multiple industries. . Pasha said that when developing a cyber resilience strategy, it is important to build trust with customers, partners and the entire supply chain. “The integrity of the cyber posture of any organization is a competitive advantage and ensures that the business involved not only protects the business, but strengthens it,” he said.

Emad Fahmy, Head of Systems Engineering, Middle East, NETSCOUT, said network security and integrity have become key topics in the enterprise segment as enterprises would instead protect their networks from potential risks. rather than cleaning up the damage afterwards.

“CIOs and their IT teams need to focus on robust cybersecurity best practices to design a secure network. Best practices include educating users on good cybersecurity hygiene and using network and endpoint cybersecurity protection solutions to detect malware, abnormal activity or indicators of compromise, ”he said. he declares. “These cyber hygiene solutions and practices should not be limited to office spaces alone. The new standard includes hybrid and remote work policies, leaving the network at greater risk. “

According to Fahmy, companies should also prioritize using reliable DDoS mitigation methods. “Because network security is an umbrella term that includes various subsections, CIOs face four common challenges when designing their network security, including the increasing sophistication of cyber threat tools and the lack of knowledge of teams. information about threats and imminent threats. need solutions, ”he said. “This is combined with a second challenge; the complexity of network security technology, as there is an increasing need for tools to combat various threats. Another challenge is the expanding attack surface. The increase in the number of Internet of Things (IoT) devices connecting to dangerous networks and cloud applications has led to a more vulnerable environment to be protected. Finally, ill-conceived network security has been attributed to the current cybersecurity skills shortage as the scope and complexity of the measures required overwhelm the understaffed department.

In order for CIOs to select the best tools on the market, they should keep in mind a few key factors affecting their decision, including the optimization of the security solution, its effectiveness, the level of visibility provided and support to professional services. offered by the service. provider.

Maher Jadallah, senior director Middle East and North Africa (MENA), Tenable, said the pandemic has opened the door to multiple forms of attack as organizations’ attack surfaces stretched far beyond from office walls, home office networks, personal devices, the cloud and third parties. -partners of the party. The result, according to Jadallah, is that shared corporate networks are more vulnerable than ever and can be easily accessed with a single compromised connected device.

“Now companies need to make fundamental investments to provide long-term protection against bad actors. Shortcuts and individual problem solving won’t stand a chance against growing and scalable cyber threats, but businesses can stay ahead of the cyber attack curve by investing and sustaining cyber solutions, ”he said. declared.

He explained that organizations need to be able to determine what vulnerabilities exist across their entire infrastructure – both IT and OT, affecting which assets. “In addition, they need to be able to prioritize vulnerabilities that pose real risk versus notional risk – so those that are actively exploited. This intelligence allows them to focus their efforts on the vulnerabilities that matter and fix them first. When we think of traditional network security, the principle is to fortify the perimeter. The goal is to prevent threats outside the network from entering. The downside is that once the users or bad actors have crossed the perimeter, they are free to roam the network, taking whatever they find with them when they leave, ”he said. . added.

Traditional perimeter security is simply not enough to protect multiple environments from today’s cybercriminals. Instead, IT and security teams must embrace a model in which nothing (no device, person, or action) is inherently reliable.

Pasha said CIOs and their IT teams need to think in a Zero Trust strategic mindset and focus on understanding where the Crown Jewels are and what is critical to the business. He said that with this understanding, they can craft a cyber response strategy if these crown gems come under attack and ensure they have full visibility and capacity to respond to every malicious incident they see. .

Haider Pasha, Security Manager, Palo Alto Networks, MEA

“As an organization’s data crosses traditional organizational boundaries, CIOs and IT teams must first identify where the resources (data, applications, assets and services) reside. Network security today has no borders. Organizations need to focus on the cloud, endpoints, and the traditional on-premises network as the domains to be secured, and tools like next-generation firewalls, cloud security, endpoints, and more. must be automated, simple to deploy and use and, above all, easy to integrate, ”he added. “They should be used as a single platform versus vendors or one-off tools creating more complexity and fragmentation in the network, which will eventually lead to complexity. As a rule of thumb, selecting the best tool often means you need to figure out how easily it can fit into your overall platform. A tool can be very powerful, but if it doesn’t report, orchestrate defense, or share threat intelligence with your other network security tools, it becomes its own silo and therefore needs to be managed separately. which consumes more resources.

Pasha said some common mistakes that CIOs and their teams typically make include selecting one-off products and not focusing on the entire security platform, or not having a clear understanding of where it is. the crown jewels of the organization and how they share data and depend on the rest of the business. network. “CIOs, when designing their network security, sometimes do not follow best practice standards for securing the environment, such as NIST, CIS, ISO among many others. Additionally, having a clear roadmap for transformation is critical – often CIOs develop an IT strategy without considering cybersecurity from the start. It is recommended to use zero trust and an automated security operations center to support the cybersecurity program, ”he said.

Pasha stressed that organizations should focus on a cyber resilient framework that examines the organizational culture, policy, process, strategy and technology essential to its construction. “It is advisable to have consistent penetration testing to understand the shortcomings, both internally and externally. My recommendation is to rotate the penetration testing partners every year to get different points of view, ”he said. “Additionally, organizations utilizing an attack surface management capability that gives a real-time perspective to attackers are important, along with building a highly autonomous security operations center to detect behavior. malicious in real time. “

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT

According to Tenable’s Jadallah, in the future, the focus must also be on securing accounts – employees, service providers, temporary workers, system accounts and others – as well as their access and permissions on systems. “The old adage that the best defense is an offense holds true in cyber. The more you can prepare and strengthen the systems, it will help reduce the business risks associated with cyber threats, ”he said.

Click below to share this article





Share.

Comments are closed.