Network security

Network security is the protection of the underlying networking infrastructure from unauthorized access, misuse, or theft. Network security involves creating a secure infrastructure for devices, applications, and users to work in a secure manner and combines multiple layers of defense within networks and on contact points.

Each network security layer implements policies and controls, with authorized users gaining access to network resources. Unauthorized users and malicious actors are blocked from carrying out exploits and threats.

A virtual private network encrypts the connection from an endpoint to a network, often over the internet. Typically, remote-access VPNs uses IPsec or Secure Sockets Layer to authenticate the communication between device and network and offer network protection.

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Firewalls monitor and filter the network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public internet, with the primary purpose of allowing non-threatening traffic in and keeping dangerous traffic out.

Firewalls were one of the first network security measures created and adopted, with their creation in the late 1980s focused on protecting stand-alone computers. Widespread use in the 1990s worked to protect the majority of organizations' network-based business assets.

An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats. Intrusion prevention systems continuously monitor a network, looking for possible malicious incidents and capturing information about them. The IPS reports these events to system administrators and takes preventative action, such as closing access points and configuring firewalls to prevent future attacks. IPS solutions can also be used to identify issues with corporate security policies, deterring employees and network guests from violating the rules these policies contain.

Secure IPS appliances do this by correlating huge amounts of global threat intelligence to not only block malicious activity but also to track the progression of suspect files and malware across the network to prevent the spread of outbreaks and reinfection.

Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier. Ideally, the classifications are based on endpoint identity, not mere IP addresses. Access rights can be assigned based on role, location, and more so the right level of access is given to the right people and suspicious devices are contained and remediated.

Cloud security is a broad set of technologies, policies, and applications applied to defend online IP, services, applications, and other imperative data. It helps to better manage security by shielding users against threats anywhere they access the internet and by securing data and applications in the cloud.

Cloud security involves the procedures and technology that secure cloud computing environments against both external and insider cybersecurity threats. Cloud computing, which is the delivery of information technology services over the internet, has become increasingly used by businesses and governments seeking to accelerate innovation and collaboration. As a result, cloud security and security management has focused on practices that prevent unauthorized access, in order to keep data and applications in the cloud secure from current and emerging cybersecurity threats.

Virtual Private Networks (VPN) describe network technology that establishes a protected network connection when using public networks in real time. VPNs encrypt internet traffic and disguise online identities, making it more difficult for third parties to track online activities and steal data.

A VPN encrypts the connection from an endpoint to a network, often over the internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to authenticate the communication between device and network.

Not every user should have access to a network. In order to keep out potential attackers, each user and device needs to be registered, allowing security service moderators to enforce security policies and blocking noncompliant endpoint devices from gaining access. This process is referred to as network access control (NAC).

Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations.

DLP term refers to defending organizations against both data loss and data leakage prevention. Data loss refers to an event in which important data is lost to the enterprise, and data loss prevention focuses on preventing illicit transfer of data outside organizational boundaries.

Organizations use DLP to protect Personally Identifiable Information (PII), comply with regulations, protect critical intellectual property, enable data visibility, secure mobile workforces and enforce device security, and secure data on remote cloud systems.

SIEM products pull together the information that security staff needs to identify and respond to threats. These products come in various forms, including physical and virtual appliances and server software.

Wireless networks are not as secure as wired ones. Without stringent security measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking lot. To prevent an exploit from taking hold, products need to be specifically designed to protect a wireless network.

Anti-virus and anti-malware software prevent "malware," short for "malicious software," which includes viruses, worms, Trojans, ransomware, and spyware. Sometimes malware will infect a network but lie dormant for days or even weeks, meaning effective anti-malware programs both scan for malware upon entry and also continuously track files afterward to find anomalies, remove malware, and fix damage.

Any software used to run a business needs to be protected, whether the IT staff builds it or whether it is purchased. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate a network. Application security encompasses the hardware, software, and processes used to close those holes.

Behavioral analytics tools automatically discern activities that deviate from the norm, so security teams can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.

Email gateways are the number one threat vector for a security breach. Attackers use personal information and social engineering tactics to build sophisticated phishing campaigns to deceive recipients and send them to sites serving up malware. An email security application blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data.

Mobile security focuses on protecting network security in regards to connections with mobile devices and the information stored on them.

Cybercriminals are increasingly targeting mobile devices and apps, with research showing that within the next three years, 90 percent of IT organizations will support corporate applications on personal mobile devices. This raises the need for businesses, organizations, and their network security professionals to control which devices can access networks. This rise in mobile device usage also requires security services to configure connections to keep network traffic private.

A web security solution will control a staff's web use, block web-based threats, and deny access to malicious websites. It will protect the web gateway on site or in the cloud. "Web security" also refers to the steps taken to protect a company's own website.