Network Protection (VPN, FW, GW, SD-WAN)

Thanks to the rise of mobility, cloud computing and cloud applications, it is important that network-based prevention technologies use mutual exchange of information about the detected security situation and are able to share this information with systems on end devices (EPP, EDR) and with the so-called global "Threat Intelligence".

Isolated LANs that are connected to the Internet at a single point are now the exception. Properly chosen network segmentation and the introduction of separate administration is now a necessary measure in the fight against so-called "Advanced Persistent Threats". These threats use the very content of legitimate applications to spread, so it is necessary to control not only access to network resources to eliminate their spread, but to use in-depth communication inspection and advanced traffic analysis to detect them.

It is also important that the control and visibility of communication is not only handled at the so-called network perimeter, i.e. the boundary between the internal network and other external networks, such as the public Internet (NGFW, GW), or also networks of connected branches (VPN, SD-WAN). Visibility, detection and prevention of intrusion between internal network segments (NIPS, NDR) is also necessary.

An advanced level of protection, based on modern behavioural analysis technologies, artificial intelligence and machine learning, is the joint use of Sandbox.
 

NDR (Network Detection and Response) monitors what is happening inside the network, aggregating data from many locations and sources, recording unusual activity or anomalies in normal network traffic, from which it is possible to detect dangerous behaviour and respond quickly and effectively.

An NDR solution can be used to complement the protection provided by a network firewall, intrusion detection system (IPS), antivirus software or malware detection software. It is also part of the XDR concept.

The network firewall has always been one of the cornerstones of network infrastructure security. By defining filters, this technology enables you to enable or disable traffic that is desirable or undesirable. This can be done from/to the Internet or even within the internal network itself. If the regulation of communication is not controlled at the level of IP addresses and protocol ports, but at the level of users, applications and specific content, we speak about so-called "Next Generation" firewalls (NGFW). They are characterized by a perception shift from "Connection" control towards "Content - Base" control.

NGFWs commonly include NIPS, Mail and WEB GW functionalities, and provide comprehensive perimeter protection using "Unified Threat Management" (UTM) features. These control a wide range of traffic aspects using technologies such as DLP, Anti-X protection, URL filtering, Sandboxing and other.

NIPS (Network Intrusion Prevention System) work directly at the physical layer of the network and combine a variety of technologies to detect a network or malware attack. IPS systems use static signatures to detect, monitor anomalies and behaviour in network traffic, but also include DDoS sensors, botnet behaviour detection, virus scanning and much more.

The goal of IPS systems is to detect or block unwanted or threatening traffic directly at the company's perimeter or critical segments of the internal network. They continuously monitor the network, monitor data flows, identify and log potential incidents, block attacks and report them to the security administrators.

E-mail is still the most prevalent communication tool for most organisations. That's why cyber criminals mostly use e-mail communication to infiltrate a company's network, steal or damage data, or even damage a company's reputation. E-mail attack methods are becoming more targeted, more sophisticated and more dangerous. Today, all industries are facing an increasing number of phishing attacks, malicious attachments and ransomware intrusions.

A secure e-mail gateway is essential to protect a company from malicious code contained in emails by preventing them from reaching the intended recipient. An email gateway is capable of detecting various types of attacks that can spread through email such as viruses and malware, spam and phishing. But it additionally offers a number of other features such as content analysis, blocking unwanted attachments or dangerous URL links.

Web communication is one of the most widespread ways how today's companies seek information, present themselves and publish their services. A web gateway prevents unsecured traffic from entering an organization's internal network via web protocol. It is used to protect employees/users from accessing unsafe websites or being attacked by malicious web traffic.

Web gateways use several methods to detect unwanted or unsafe traffic. Whether it is virus and malware detection, URL filtering with website categorization, monitoring for dangerous or inappropriate content, blocking web applications or their components, content inspection of outgoing company sensitive data (DLP) and basic sandboxing.

These are usually physical devices located at the perimeter of the network, but it is also possible to use cloud services or a combination of both.

A software-defined network (SD-WAN) is a solution that is used to connect WAN networks over broadband Internet, 4G, LTE or MPLS. It connects enterprise networks across branch offices and data centres over large geographic distances.

SD-WAN simplifies the management of WAN connections, whether at the branch office or in the cloud. Delivers optimal cloud application performance to users wherever they are located. In the event of a link failure or link degradation, it can reroute communications over other available links.

VPN stands for Virtual Private Network. VPNs are most commonly used by employees or partners to securely connect to the company's computer network when they are remote from the company (e.g., connecting from home, from a business location, etc.). With a VPN, it is possible to access all information resources and services, information databases and applications that are only accessible from the company's internal network.