How to Avoid Common Threats to Enterprise Network Security

Enterprise network security is the corporate equivalent of passport control or customs at a port of entry, for instance an airport. In other words, it’s designed to ensure that risks are screened in real time, preventative measures taken as needed, and safe passage provided for all compliant and trustworthy entries.

Common Components of Network Security

Moving beyond this metaphor, enterprise network security, in essence, provides crucial protection against debilitating cyberattacks, as well as against the exfiltration (theft) of sensitive information. To those ends, a network security solution may incorporate a variety of particular protective measures, including:

•       Intrusion prevention systems (IPS).
•       Traditional and next-generation firewalls (NGFWs).
•       Anti-virus (AV) software and antimalware tools.
•       Distributed denial of service (DDoS) mitigation.
•       24/7/365 professional network monitoring.
•       Cloud security and management services.
•       Email protection (e.g., spam blocking).
•       Integrated threat intelligence and analytics.
•       Proactive vulnerability scanning.

Moreover, enterprise network security - no matter which of the above technologies it includes - must work in tandem with other defenses, such as endpoint security, to deliver comprehensive protection. Endpoint security refers to safeguarding devices such as laptops and phones, which, if not properly protected, can expose the bridged corporate network to threats like phishing attacks or malware infections.

Think of cybersecurity, as a whole, like a puzzle, with enterprise network security as one of its key pieces, interlocking with others, including not only endpoint security, but also physical security. Let’s back up for a minute and look at why enterprise network security is so important in the first place.

The high stakes for getting enterprise network security right

Networks are routine targets for a wide range of cyberattacks, from malware strains and viruses to DDoS campaigns and worms. Between them, these various threats can cause deep financial harm. 

The costs of a data breach

According to IBM and the Ponemon Institute, the average cost of a data breach as of 2019 was over $3 million, although the amount varied considerably by industry. For example, health care organizations suffered typical losses of $6.45 million per incident. It’s important to note, though, that these amounts do not represent a one-time sum that a company pays to remediate and move on from the breach, but rather cumulative losses spread out over years, many of which come from lost business due to diminished customer trust. Data breaches may also result in regulatory penalties for letting sensitive data be exposed.

The effects of a DDoS attack

Along similar lines, a DDoS attack can ultimately cost a large enterprise millions in damages, and a  small or medium-size business could lose at least six figures, per a Kaspersky report. A successful DDoS operation can leave crucial sites, applications, and services down for hours or days at a time, as many people learned in October 2016 when DNS provider Dyn was targeted. Major sites including Reddit, Vox Media, and The New York Times were all unavailable. Notably, the attack was fueled by a massive botnet consisting of compromised routers, printers, baby monitors, and other internet-connected devices, showing how weak endpoint security can spell troubles for network security.

The need for multilayered network security

The lesson: Even one lapse in network security can interrupt business continuity and eventually force an organization to close its doors. And it’s not easy to fend off these potentially devastating cyberattacks, at least not without a robust, multilayered network security solution. It’s not enough to simply run anti-virus software by itself or bank on a traditional firewall to keep all threats at bay.

To see why, consider the results of Verizon’s 2019 Data Breach Investigations Report. This in-depth study looked at breaches and incident response across multiple industries. More specifically, it charted what it called “attack chains,” showing the different ways in which attackers targeted networks. Many attacks exploited multiple vectors, including:

•       Hacking.
•       User error.
•       Social engineering.
•       Physical theft or break-in.
•       Malware.

Defending against all of them will necessitate an IPS, firewall, DDoS mitigation, antivirus solution, and more, all working in tandem. Securing wireless networks (like Wi-Fi in a company office) exemplifies this need for multifaceted protection.

Zeroing in on wireless network security

Wi-Fi security made headlines a few years ago when an exploit known as KRACK demonstrated how hackers could circumvent the defenses of WPA2, the security protocol that has been used to secure most Wi-Fi networks since the early 2000s. This deep-seated security flaw prompted the creation of the safer WPA3 standard. However, it’s only one of many concerns when trying to operate a safe Wi-Fi network, with some of the others including:

•       Having traffic intercepted by unauthorized people monitoring the network.
•       Weak passwords, including ones displayed in plain sight, like on a whiteboard.
•       Lack of VPNs and guest networks to encrypt and segment traffic, respectively.
•       Improper configuration of network equipment, e.g. UPnP access not disabled.
•       Insufficient physical security for routers, switches, and other IT infrastructure.

The U.S. Cybersecurity and Infrastructure Agency has outlined these problems and others in its guidance on Wi-Fi security. Its recommendations, found here, are a good framework for approaching enterprise network security more broadly.

How to shore up enterprise network security vulnerabilities 

Effective network security requires technical solutions as well as user education and training. For each common threat to an enterprise network, there is at least one solution or practice that can help address it, and in some cases more than one.

Threat: DDoS attacks

Solution: DDoS mitigation

How it works: Some service providers offer anti-DDoS measures built into their networks. At Telesystem, we do this at no extra cost. DDoS mitigation guards against the common DDoS attack types by screening and blocking certain traffic.

Threat: Malware

Solutions: Anti-virus/anti-malware, IPS 

How they work: Both anti-virus and IPS screen for particular threats, although they may do so using different models. Signature-based models in AV rely on a compendium of known patterns and block anything fighting them. Statistical anomaly models in IPS, on the other hand, may evaluate abnormal network traffic and respond accordingly.

Threat: Hijacked applications

Solutions: Firewalls/NGFWs, IPS

How they work: Firewalls (including NGFWs) and IPS solutions are often used together for similar purposes - keeping cyberattacks at bay by ensuring that hackers cannot hijack or otherwise compromise important applications. For example, NGFWs and IPSes can block network traffic from particular IP addresses, then drop packets, and reset the connection as needed.

Threat: Cloud security vulnerabilities

Solutions: Managed services, NGFWs, networking monitoring

How they work: Cloud-based services are vulnerable to attack, but there are numerous protections in place, many of them coming directly from the cloud service provider (CSP). For instance, the CSP will often manage the underlying IT infrastructure (like data centers), apply patches, and monitor the networks and applications in question.

Telesystem offers a broad portfolio of solutions for strengthening enterprise network security, including DDoS mitigation at no extra cost, as well as enterprise managed Wi-Fi, cloud and managed services, and much more. Learn more on our security page, or get in touch with our team directly today.