Compared to just a few years ago, the profile of today's network security threat is much more complicated and challenging for the network manager. This arises because of the sheer multiplicity of threats, the ever growing number of threat points, and the price of failure.

Current causes for concern include security around virtualisation, convergence, data loss, the consumerisation of equipment such as smartphones and laptops, and the ever increasing amount of remote access. The mushrooming growth of mobile devices (smartphones, tablets and laptops) has put many companies, which were previously secure, at risk. To complicate matters, creeping consumerisation, commonly called BYOD (Bring your own device) means that many employees use their own smartphones for company business. The problem for the network manager is to track, monitor, manage and secure all of these devices.

The answer here is a mobile device management, security and compliance solution. Such solutions can provide features including over-the-air enrolment of devices and remote data-wipe so that corporate data can be removed if devices are lost or stolen, along with detailed visibility into all devices for security policy management. Other features can include mobile app management, and end-to-end security and compliance management.

It is broadly accepted that employees can't be prevented from using their own PCs or laptops for work-related activity and therefore connecting to the network. This is difficult to manage. One effective solution is for remote workers to always use a secure hardware encrypted flash drive, with embedded security software, which creates a protected virtualised environment, keeping the network safe.
Server virtualisation is a strong trend which can cut costs and centralise data. In some cases, this has made companies feel more secure because the data is centralised. However, the downside is that if the virtualised servers are breached, then access might be gained to the entire corporate network. Virtual firewalls are needed to protect virtual servers. Similar security issues apply with virtual desktops.

Another major trend over the last couple of years has been the convergence of voice and data networks, with applications such as VoIP becoming increasingly popular. Many companies are still not aware that convergence introduces new security problems and that many existing firewalls and UTMs are not designed to deal with these. Companies should be looking at security solutions which specifically provide protection for a converged environment.

Authentication and encryption have always been important factors in network defence, and this continues in our present situation. However, the majority of employees are still using simple passwords which aren't changed regularly, and can easily be breached with social engineering or brute force attacks. A range of soft or hard authentication options are available, including smartphone authentication.

A large percentage of employees are still being allowed to remove data from the network and its devices in an uncontrolled manner, or if they are controlled, encryption isn't necessarily enforced. Encryption is fundamental to protecting data, especially data on the move, and it is relatively simple to deploy, with solutions such as encrypted flash drives, encrypted external hard drives, and encrypted optical discs available.

Finally, the increasing number of threats and static staff numbers mean it is ever more difficult for managers to keep track of what is going on throughout the network. A Security Information and Event Management (SIEM) solution is essential to establishing an overall view across the complete IT infrastructure. Such solutions log all activity and will collect, store, report and alert on any potential threats or variances that may presage one. SIEM correlates information from all monitoring points, minimising the need to monitor multiple security and perimeter devices. It can also identify related attacks across a range of monitoring points, something that often goes unnoticed. NC