Previous
Learn about PurpleSec’s approach to managed security services.
Author: Michael Swanagan, CISSP, CISA, CISM / Last Updated: 11/19/22
Reviewed By: Rich Selvidge, CISSP, Josh Allen & Jason Firch, MBA
View Our: Editorial Process
Table Of Contents
There are 8 steps to managing your network’s security including: Be Organized, Develop And Enforce A Strong Password Policy, Build A Vulnerability Management Program, Install Endpoint And Antivirus Protection, Ensure Firewalls Are Properly Configured, Set User Access Permissions, Develop Data Backup Solutions, and Don’t Forget Spam And Email Security.
What You’ll Learn
Managing and securing your network from threat actors begins with a well-designed strategic plan.
The purpose of the security strategy is common across any organization today, that is, to continuously secure the network from threats that could potentially disrupt the profitability or reputation of your business.
Due to the globalization of the internet and the shift to a mobile workforce, threats targeting organizations who utilize the internet for email, web application, or information sharing are prime targets for phishing, ransomware, and other nefarious cyber activity to name a few.
For these and many other reasons, Network Security Management is critical and undoubtedly a must have for your organization. What is the best approach to manage network security?
How at risk is my organization for a data breach? How and where should we start?
The answers to these and many other questions are the goals of this article.
In this article, you will gain an understanding of the definition of Network security management, why it is important to implement, and we’ll analyze the components of what comprises an effective Network Security Management strategy for your organization.
Network security management is the act of managing access to network resources and controlling the access to these resources by both internal and external parties. Policies and procedures are created to support your network security management plan and to ensure it is aligned with the mission of your organization’s objectives.
An integral component of network security management is the effective identification of all network assets.
It will be very difficult to achieve true security management if you do not have a software or an asset tracking system that can help you readily identify, log, and monitor who, what, when, and where an asset is connecting to your network.
The adage ‘you can’t protect what you don’t know’ is true, therefore, asset management is a requirement for an effective network security management program.
Each asset within the business should be categorized according to its type and value to the business.
A file server that contains classified information will have a higher value than a desktop that contains non-sensitive data on its hard drive.
An asset management system will provide an inventory of corporate issued devices, identify ownership of the asset, identify software installed, and track the lifecycle of the asset within the organization.
Below is an example of assets or resources that should be broken out by categories for asset identification purposes.
Physical devices connected to the business network. These can be on-site or at a colocation center (Colo) that is operated in another physical location:
Virtual assets are business systems that do not require hardware owned by the business directly, but are hosted on the cloud or through a managed services provider:
Technology that utilizes computer components and devices to store data in a digital format to be retrieved later time:
The set of instructions used to perform computer instructions and execute specific tasks:
Asset identification/management is a core component of an effective network security management plan.
The asset identification system provides IT teams with visibility on where sensitive data resides and how to protect it from unauthorized use.
The prime objective of network security management is to protect your organization’s data.
Compared to a decade ago, the attack surface for the threat actors has greatly increased.
The days of script kiddies breaking into systems for the sheer challenge and notoriety amongst peer groups have disappeared.
Nowadays, threat actors are bringing down major corporations with crafty attacks not seen before.
They are using the internet as a vehicle to launch malware attacks with the intent of holding the business hostage until they pay a huge ransom.
Why the recent surge in cybercrime, and how should the business protect itself from being the next victim of an attack?
One way to prevent the issue is to understand the current threats impacting organizations like yours and identify the assets that could potentially be exploited.
When we say assets, we usually associate it with something tangible, such as, a personal computer, or smartphone connected to the internet.
There is also the human element that is usually overlooked and is the main target of the cyber-attack.
How so?
Many organizations today have the infrastructure in place that allows its employees to work remotely and remain productive without being physically present in an office setting.
This is primarily due to the COVID-19 pandemic, which has created opportunities for companies to transition to a remote workforce and remain profitable, however, this has presented and introduced more challenges to security the network.
Note a case study from a 2021 Mobile Workforce report from the Software Anti-virus vendor Avast.
This report reveals the concerns facing the reality of the mobile workforce.
Corporate issued devices can connect to the Internet from a coffee shop around the corner or from anywhere in the world.
If an organization’s email is cloud-based, an employee can read and send emails from their device without logging into their company’s network.
If the company does not force the employee to connect to the network, this may increase the risk of their device from receiving security updates in a timely manner.
The bad news is that threat actors are aware of this technology shift and are continuously looking to exploit any weakness in your organization’s framework, especially employers who are working remotely.
What can be done to protect your business’ resources and thwart the activity of threat actors?
An effective Network Security Management program.
Trained and experienced personnel can help an organization quickly adapt and protect the business.
Security teams within your organization should be knowledgeable of the various mobile device endpoints connecting to the network remotely, along with the software installed on the assets.
This reiterates the purpose of the asset management component mentioned in the previous section.
Any devices connecting to your network that are not identified within your asset system should be immediately disconnected and approved if required to access your corporate data.
All assets should have a base configuration that should be patched and updated with the same versions across the enterprise.
The security teams should also be partners with other IT and non-IT departments within the organization to achieve synergy in support of the Network Security Management program.
Below are relevant areas that network security management covers:
With the right security personnel in place (analysts, engineers, operations), an organization can continuously address the aforementioned areas of network security.
Let’s now consider another key component of network security management as it relates to compliance.
Network security helps administrators roll out companywide security policies across the network and devices to establish compliance.
How so?
Let’s define the purpose of the security policy.
The security policy outlines the principles, procedures, and guidelines to enforce, manage, monitor, and maintain security on a network.
For example, if your organization is a healthcare provider, protecting customer data is required by law. This requirement falls under the parameters of HIPAA compliance.
If your company maintains client data within its database, file shares, or computers, you must provide proof that the data is always secured and encrypted to the NIST standards.
The key points within the policy will state the necessary requirements for HIPAA.
Security management will take steps to ensure that the policy statements are enforced implementing the appropriate tools to support the policy.
Security management will measure the operation of the tools by continuously monitoring the state and performance of these applications.
This information will be shared with the compliance team upon request or reviewed with senior leadership on a recurring basis.
The principle of network security applies to any organization’s vertical that falls under a regulatory requirement, such as, a credit card payment processor, military defense, financial entity, or one that conducts business internationally.
The benefits of establishing network security management as it relates to compliance:
Network security management helps an organization adhere to compliance regulations, which in turn allows them to continuously perform a service for its customers or business partners.
Managing large networks and IT resources without adequately trained personnel is a recipe for disaster.
Having a lot of staff is not the answer if the support resources are not adequately trained or qualified to support the strategic goals of your network security management initiative.
For example, if your organization is a credit card payment processor, you must abide by the standards of the Payment Card Industry (PCI).
But what if you have a very lean IT department and your senior leadership partners with a managed service provider to support its security instead of hiring an individual with experience with PCI.
This was done without involvement from the network security management team.
The agreement is signed due to a very low price.
One small issue, none of the employees of the service provider have knowledge of data encryption as it pertains to PCI requirements on workstations, databases, or data loss preventions.
A year later when the audit results are reported to executive leadership – they receive a failure on the report of compliance.
Hopefully, this is an extreme scenario, but the point is clear.
Network Security Management would have identified the gaps in knowledge and would have brought this information to the forefront before a decision.
Members of the security management team usually participate in the hiring process to determine which individual is the right person for the job, or if members of a managed provider are suited to support your program.
An effective Network Security Management program continuously monitors the network for opportunities to streamline repetitive processes without sacrificing security.
Network Security Management in most cases has input on the selection of security tools to manage the network and can decide to train personnel in place or hire someone with a specific skill set to support and cross train other team members.
With Network Security Management engaged in the process, the complexity of the network can be managed efficiently by the right personnel.
Note a few positive aspects of how Network Security can manage a complex environment:
A key component of Network Security Management is the policy. What exactly makes up a security policy. Let’s learn about this in the next section.
A network security policy is a set of standardized practices and procedures that outlines network access, the architecture of the network, and security environments, as well as determines how policies are enforced.
During the onboarding process, new employees are directed to review and acknowledge the company’s corporate and security policy.
The hiring organization is informing the new employee of what is acceptable behavior – and what is not, how to select a network password, how to use email, what websites are acceptable, and so forth.
Depending on the size of the organization, a single policy may suffice. However, this may not be the case for a larger business.
A single overarching policy for corporate security is normal, with smaller sub policies to address the standardized practices and procedures mentioned in the opening definition. See the policy examples below along with descriptions:
The network security policy is one of the basic components an organization must have if it is to have a successful network management program.
By having the right personnel strategically aligned for support, policy enforcement will be smoother and tolerable.
Policy enforcement ties in with the next section. Let’s note the continuous tasks performed by Network Security Management.
Securing and managing the network covers the entire infrastructure – starting at the endpoints, web application servers, directory services, email, network gateways, and the cloud.
These systems can be complex depending on the number of applications, users, and endpoints.
To manage effectively, each area can be broken down into its requirements and maintained by various teams simultaneously to perform the associated task.
The objective of creating sub-components of each task is that it provides the opportunity for efficiency and continuous management.
Listed below are several tasks that are vital to the success of the Network Security Management program.
How PurpleSec Helps To Secure Your Network
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to your organization.
Up to this point in the article, we’ve discussed what network security management is, why it’s a mission-critical task within any organization – especially those with complex environments or compliance requirements.
Now, we dive into the actionable steps to developing and improving your network security.
You should begin with an up-to-date inventory of your network resources including current network and architectural diagrams.
Then create a repository of documentation including up to date procedures, protocols, technical responsibilities.
Always ensure IT staff have clear directions on their day-to-day network management tasks. Make the daily checking of network security a routine activity.
Finally, delegate assignments and tasks, encourage cross training within the team.
Develop a password security policy that ensures your passwords are complex enough to avoid being breached.
Complex passwords consist of at least twelve characters, including three of the following four character types:
Be sure to train employees to avoid writing down passwords on sticky notes or storing them in a file on the desktop. Avoid any passwords that could be guessed like names, address, cell phone.
The policy can also recommend utilizing a password management system to store passwords for security tools.
Develop and document a process for vulnerability management of the network.
Ensure the Operating System and any running software is current and patched to the most recent level per vendor recommendations on a regular basis.
This will help reduce opportunities for threat actors taking advantage of vulnerabilities.
A good vulnerability management system should also include a process for deploying network OS upgrades when zero days are released.
You must patch all the software on the network, including operating systems across devices and servers, applications, and firmware in the devices/hardware.
It is critical not to overlook that network, storage, and other enterprise devices also run operating systems and firmware and must be patched regularly.
Antivirus protection is another layer of defense for network clients.
All endpoint systems should have endpoint protection enabled and configured to receive updates automatically.
Centralized endpoint protection systems, such as McAfee ePO or the Department of Defense’s Host Based Security System (HBSS), make the management of larger enterprises much easier for network administrators.
Endpoint protection also includes Data Loss Prevention and software execution prevention.
Network firewalls should be strategically placed in your organization to control outbound and inbound internet access, as well as cross-domain and lateral access between environments.
Enterprise assets that host web applications are best protected by a Web Application Firewall.
Next-Gen Firewalls provide application-based services as well as network-based security signatures.
Maintaining firewalls can quickly become complicated; consider finding a firewall partner for more complex enterprises.
Set clear user access policies based on Zero Trust or least privilege.
Maintaining a strict access control of enterprise identities makes system administration easier by creating clear maps of access.
In Active Directory environments, administrators should place a priority on group objects and policies.
Access controls based on department and job create a clear delineation of privileges and access that is required for users in each group.
This makes limiting access to sensitive data much easier.
Auditing and logging must also be enabled for all of these groups to monitor access requested, granted, and denied across the enterprise.
SIEM systems and threat hunting can use this data to identify potential attacks or insider threats; as well as make life easier during audits.
An important step that should never be forgotten is disabling inactive accounts and archiving the data of terminated users.
Backup solutions and tools—while it is practical to back up data manually, the majority of organizations rely on a technology solution to ensure systems are backed up routinely and consistently.
Initially, ensure that your team receives professional training.
Regardless of the threat, depending solely on tools will not always secure your organization’s assets. Your security system will have holes in it.
Your team should be required to participate in security awareness training.
You should prioritize training programs to educate your team about email threats and how to respond to them.
Regular simulations and training sessions guarantee that your internet-facing users are aware of the ever-changing cyber threats targeting your company’s data.
Additionally, it ensures that they are applying what they are learning and monitoring their inbox for phishing emails.
In this article, we defined Network Security Management, its purpose, and provided recommendations on how your organization can implement based on the strategic plan of your business.
We also discussed the challenges of managing network security in complex environments along with examples of tasks your teams can perform to ensure your business data is protected and continuously monitored for internal and external threats.
Finally, we reviewed 8 steps your organization can reference as a guide to improve the overall security of your business.
By following the recommendations provided in this article, your company will stay one step ahead of threat actors and protect the most valuable assets of your organization.
Michael is an IT security expert with 15 years of proven experience. He has experience leading and supporting security projects and initiatives in the healthcare, finance, and advertising industry.
Resources
Policy Templates
Most Popular