Skip to main content

Your Network: An Asset or Liability?

September 18, 2014

The recent breaches at major retailers show that a network and Internet connectivity is not only an asset for an organization, but can also be a liability. To be more specific, a network that provides services to unauthorized parties is a liability to an organization. Continuing from my post from earlier this week, using a next generation firewall as a gateway between segments increases the visibility of network traffic patterns. The visibility will likely highlight traffic patterns that, at the minimum, are questionable, and at worst indicate malicious traffic trying to enter or leave the network.

The solution to the problem of unauthorized traffic on the network has recently been labeled the Zero Trust Model by industry analyst firm Forrester Research. The Zero Trust Model changes the old security mantra “Trust, but verify,” to “Verify, but never trust.” In practical terms, the Zero Trust Model means that all traffic is verified for content, access, authorization and accounting for that traffic. Or more simply stated, only pre-approved traffic based on business need is allowed to traverse the network. A relevant example of this is point-of-sale (POS) systems; do POS systems need access to the Internet? Perhaps they do, but it is highly unlikely that the POS systems need access to Russia. Expanding on that, if your organization does not do business in Russia, nothing internally needs access to Russia.

The Zero Trust Model and a next generation firewall are a perfect fit with features like application identification, user identification and threat prevention, which allows for the inspection and validation of all traffic traversing the network. Combing the Zero Trust Model and a next generation firewall allows organizations to move to a positive enforcement model where all traffic has been pre-validated based on the needs of the business. In addition, the traffic is inspected for malicious activity. 

So, what can be done to prevent these breaches and stop the next leak of credit cards? A part of the solution is to change the mindset of network design and architect professionals. A network cannot just provide unrestricted access in today’s environment. The network must be secure to truly be an asset to the organization, and a network that has security bolted on as an afterthought is a liability to the organization. It’s not a question of if, but when it will be highlighted in the next headline. 

Migrating from a flat network, to a VLAN segmented network, to a network that is divided by a next generation firewall and a positive enforcement and Zero Trust Model is not an easy effort. It’s best to start with smaller segments, creating quick wins for the new model and way of thinking. Once a proven methodology and track record of successful migration to the new model has been established, the critical assets are next. This is crucial to limiting the exposure and turning the network into a true business asset. 

Organizations spend millions of dollars on their networks in order to support business functions, and these investments hit the balance sheet as assets. However, unless security is the center of the network design, the network is a liability to the organization, and the true asset of the network along with the information residing on the network, will be compromised. Proper segmentation and network design will be one of the key components in fighting the criminals, instead of working for the criminals. 

Expanding upon the segmentation, my next blog entry will address the topic of orchestration and micro segmentation.

Related Blogs

January 25, 2017

Escape and Evasion Egressing Restricted Networks

A command kill chain consists of payload delivery, code execution on a target system, and establishing a command and control (C2) channel outside of a...

See Details

November 06, 2017

Using Micro-Segmentation to Protect Your Data – Part 1

As software-defined networking (SDN) technologies have become more prevalent and organizational perimeters have become blurred, micro-segmentation is ...

See Details

February 13, 2018

Using Micro-Segmentation to Protect Your Data – Part 2

While micro-segmentation, software-defined networking (SDN) and software-defined data center (SDDC) technology providers VMWare, Cisco and Amazon Web ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

December 05, 2014

Know Your Firewall

Firewalls have been around for decades, and many organizations have had the same firewall technology in place for just as long. Even with the evolutio...

See Details

December 01, 2011

Securing Network Architecture - Part 1 | Optiv

Today, securing a network cannot be fully accomplished with just a product or a solution. Rather, an in-depth holistic approach is required to protect...

See Details

December 01, 2011

Securing Network Architecture - Part 2 | Optiv

The methodology of securing any network architecture should include, but not be limited to, the network topology, security assets, device features and...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.