Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Monitoring your internal network with intelligent firewalls

Francis Teo, Regional Director of South-East Asia, Hillstone Networks | Jan. 26, 2016
Francis Teo, Regional Director of South-East Asia, Hillstone Networks, discusses how security can keep up with network threats in 2016, and some upcoming technologies vendors can consider moving forward.

Micro-segmentation is critical in ensuring security in the cloud. It addresses the gaps in visibility and control of traffic at the virtual machine level.

2. Network Behavioural Analysis

The next generation of security needs to "identify attacks as they are happening". This is where behavioural analysis can step in and be used as a real-time security defence tool. Today, companies are effective at identifying attack patterns but they are not sophisticated enough to convert their threat correlation analytics into actionable events, such as creating dynamic policies to quarantine a suspicious internal host, or creating a firewall policy to block access to a destination IP and a specific application.

Network Behavioural Analysis enables the continuous monitoring of traffic so that network risk can be tracked in real time. Using an established benchmark for normal traffic, it flags and deals with any abnormalities in user and application behaviour within the network, spotting zero day attacks and malware.

3. Statistical Clustering

Instead of searching for explicit signatures, it analyses the behaviour of malware and looks for recurring combinations of actions that are strongly related to known malware. When a close match is detected the system will send an alert and provide a complete description of the malware, including packet captures. It also provides a confidence level and a severity level so that the administrator can take remedial action.

At the end of the day, however sophisticated the technology, organisations should always be looking at a holistic product and internal network products should complement existing technology to create an agile, active and complete security strategy that not only protects a network, but also proactively seeks out and eliminates threats. This ensures every single layer and virtual machine within a network is covered and security breaches get identified as quickly as possible.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.