How To Manage Your Network Security In 8 Steps

Learn about PurpleSec’s approach to managed security services.

Author: Michael Swanagan, CISSP, CISA, CISM / Last Updated: 11/19/22

Reviewed By: Rich Selvidge, CISSP, Josh Allen & Jason Firch, MBA

View Our: Editorial Process

There are 8 steps to managing your network’s security including: Be Organized, Develop And Enforce A Strong Password Policy, Build A Vulnerability Management Program,  Install Endpoint And Antivirus Protection, Ensure Firewalls Are Properly Configured,  Set User Access Permissions, Develop Data Backup Solutions, and Don’t Forget Spam And Email Security.

Managing and securing your network from threat actors begins with a well-designed strategic plan.

The purpose of the security strategy is common across any organization today, that is, to continuously secure the network from threats that could potentially disrupt the profitability or reputation of your business.

Due to the globalization of the internet and the shift to a mobile workforce, threats targeting organizations who utilize the internet for email, web application, or information sharing are prime targets for phishing, ransomware, and other nefarious cyber activity to name a few.

For these and many other reasons, Network Security Management is critical and undoubtedly a must have for your organization. What is the best approach to manage network security?

How at risk is my organization for a data breach? How and where should we start?

The answers to these and many other questions are the goals of this article.

In this article, you will gain an understanding of the definition of Network security management, why it is important to implement, and we’ll analyze the components of what comprises an effective Network Security Management strategy for your organization.

What Is Network Security Management?

Network security management is the act of managing access to network resources and controlling the access to these resources by both internal and external parties. Policies and procedures are created to support your network security management plan and to ensure it is aligned with the mission of your organization’s objectives.

An integral component of network security management is the effective identification of all network assets.

It will be very difficult to achieve true security management if you do not have a software or an asset tracking system that can help you readily identify, log, and monitor who, what, when, and where an asset is connecting to your network.

The adage ‘you can’t protect what you don’t know’ is true, therefore, asset management is a requirement for an effective network security management program.

Each asset within the business should be categorized according to its type and value to the business.

A file server that contains classified information will have a higher value than a desktop that contains non-sensitive data on its hard drive.

An asset management system will provide an inventory of corporate issued devices, identify ownership of the asset, identify software installed, and track the lifecycle of the asset within the organization.

Below is an example of assets or resources that should be broken out by categories for asset identification purposes.

Physical Assets

Physical devices connected to the business network. These can be on-site or at a colocation center (Colo) that is operated in another physical location:

• Servers
• Printers
• Mobile Devices
• Workstations
• Hypervisor hosts

Virtual Assets

Virtual assets are business systems that do not require hardware owned by the business directly, but are hosted on the cloud or through a managed services provider:

• Cloud-based assets (AWS, Azure, Google Cloud)
• Virtual desktop services
• Security and software agents
• MSP provided systems

Storage

Technology that utilizes computer components and devices to store data in a digital format to be retrieved later time:

• Physical and Virtual Backups
• Removable Storage Media.
• Network Attached Server (NAS)
• Storage Area Network (SAN)
• Cloud Storage

Software

The set of instructions used to perform computer instructions and execute specific tasks:

• Open source – programs or code available for public distribution, can be modified and shared.
• Closed source – proprietary code, not available for public modification.
• Freeware – Software that can be downloaded and installed free of charge.
• Software licenses – Contractual use of software, perpetual or subscription-based
• Shared software licenses – Allows multiple users to share an application at the same time on the same computer.

Asset identification/management is a core component of an effective network security management plan.

The asset identification system provides IT teams with visibility on where sensitive data resides and how to protect it from unauthorized use.

Protecting Your Business With
Network Security Management

The prime objective of network security management is to protect your organization’s data.

Compared to a decade ago, the attack surface for the threat actors has greatly increased.

The days of script kiddies breaking into systems for the sheer challenge and notoriety amongst peer groups have disappeared.

Nowadays, threat actors are bringing down major corporations with crafty attacks not seen before.

They are using the internet as a vehicle to launch malware attacks with the intent of holding the business hostage until they pay a huge ransom.

Why the recent surge in cybercrime, and how should the business protect itself from being the next victim of an attack?

One way to prevent the issue is to understand the current threats impacting organizations like yours and identify the assets that could potentially be exploited.

When we say assets, we usually associate it with something tangible, such as, a personal computer, or smartphone connected to the internet.

There is also the human element that is usually overlooked and is the main target of the cyber-attack.

How so?

Many organizations today have the infrastructure in place that allows its employees to work remotely and remain productive without being physically present in an office setting.

This is primarily due to the COVID-19 pandemic, which has created opportunities for companies to transition to a remote workforce and remain profitable, however, this has presented and introduced more challenges to security the network.

Note a case study from a 2021 Mobile Workforce report from the Software Anti-virus vendor Avast.

This report reveals the concerns facing the reality of the mobile workforce.

Corporate issued devices can connect to the Internet from a coffee shop around the corner or from anywhere in the world.

If an organization’s email is cloud-based, an employee can read and send emails from their device without logging into their company’s network.

If the company does not force the employee to connect to the network, this may increase the risk of their device from receiving security updates in a timely manner.

The bad news is that threat actors are aware of this technology shift and are continuously looking to exploit any weakness in your organization’s framework, especially employers who are working remotely.

What can be done to protect your business’ resources and thwart the activity of threat actors?

An effective Network Security Management program.

Trained and experienced personnel can help an organization quickly adapt and protect the business.

Security teams within your organization should be knowledgeable of the various mobile device endpoints connecting to the network remotely, along with the software installed on the assets.

This reiterates the purpose of the asset management component mentioned in the previous section.

Any devices connecting to your network that are not identified within your asset system should be immediately disconnected and approved if required to access your corporate data.

All assets should have a base configuration that should be patched and updated with the same versions across the enterprise.

The security teams should also be partners with other IT and non-IT departments within the organization to achieve synergy in support of the Network Security Management program.

Below are relevant areas that network security management covers:

• Manage Network Infrastructure – Network firewalls, HIDS, IPS/IDS
• Automate System Update Policies for Client Computers/Systems – Patch Software
• Restrict Access to Secure Resources – Multifactor authentication, access permissions
• Manage Device Updates – Devices should have the latest version of software
• Roll-out new software – End of life software versions should be prohibited
• Control & Monitor Access to Internet – Web filtering technology, Secure Gateways
• Detect security threats – An EDR (Endpoint Detection Response) solution should be installed and managed from a centralized management console for alert detection
• Manage Endpoint Security – Implement a comprehensive/centralized solution that manages all endpoints, similar to EDR solution but includes lifecycle of endpoint.
• Generate Reports – Log events to a SIEM (Security Incident Event Management) solution for real time and historical reporting.

With the right security personnel in place (analysts, engineers, operations), an organization can continuously address the aforementioned areas of network security.

Let’s now consider another key component of network security management as it relates to compliance.

Network Security Management And Compliance

Network security helps administrators roll out companywide security policies across the network and devices to establish compliance.

How so?

Let’s define the purpose of the security policy.

The security policy outlines the principles, procedures, and guidelines to enforce, manage, monitor, and maintain security on a network.

For example, if your organization is a healthcare provider, protecting customer data is required by law. This requirement falls under the parameters of HIPAA compliance.

If your company maintains client data within its database, file shares, or computers, you must provide proof that the data is always secured and encrypted to the NIST standards.

The key points within the policy will state the necessary requirements for HIPAA.

Security management will take steps to ensure that the policy statements are enforced implementing the appropriate tools to support the policy.

Security management will measure the operation of the tools by continuously monitoring the state and performance of these applications.

This information will be shared with the compliance team upon request or reviewed with senior leadership on a recurring basis.

The principle of network security applies to any organization’s vertical that falls under a regulatory requirement, such as, a credit card payment processor, military defense, financial entity, or one that conducts business internationally.

The benefits of establishing network security management as it relates to compliance:

• Provides reporting for compliance review.
• It allows administrators to detect compliance issues.
• Minimizes the cost of non-compliance.
• Minimizes the time and man hours to do things manually.

Network security management helps an organization adhere to compliance regulations, which in turn allows them to continuously perform a service for its customers or business partners.

Network Security Management Helps
Manage Complex Environments

Managing large networks and IT resources without adequately trained personnel is a recipe for disaster.

Having a lot of staff is not the answer if the support resources are not adequately trained or qualified to support the strategic goals of your network security management initiative.

For example, if your organization is a credit card payment processor, you must abide by the standards of the Payment Card Industry (PCI).

But what if you have a very lean IT department and your senior leadership partners with a managed service provider to support its security instead of hiring an individual with experience with PCI.

This was done without involvement from the network security management team.

The agreement is signed due to a very low price.

One small issue, none of the employees of the service provider have knowledge of data encryption as it pertains to PCI requirements on workstations, databases, or data loss preventions.

A year later when the audit results are reported to executive leadership – they receive a failure on the report of compliance.

Hopefully, this is an extreme scenario, but the point is clear.

Network Security Management would have identified the gaps in knowledge and would have brought this information to the forefront before a decision.

Members of the security management team usually participate in the hiring process to determine which individual is the right person for the job, or if members of a managed provider are suited to support your program.

An effective Network Security Management program continuously monitors the network for opportunities to streamline repetitive processes without sacrificing security.

Network Security Management in most cases has input on the selection of security tools to manage the network and can decide to train personnel in place or hire someone with a specific skill set to support and cross train other team members.

With Network Security Management engaged in the process, the complexity of the network can be managed efficiently by the right personnel.

Note a few positive aspects of how Network Security can manage a complex environment:

• Helps IT teams avoid misconfiguration that can cause vulnerabilities in their networks.
• Can ease troubleshooting and vulnerability remediation.
• Minimizing labor and time-consuming tasks.
• Basically, allows for the management of complex resources and tasks to be effectively managed with the least amount of administrators and staff.

A key component of Network Security Management is the policy. What exactly makes up a security policy. Let’s learn about this in the next section.

Develop A Network Security Policy

A network security policy is a set of standardized practices and procedures that outlines network access, the architecture of the network, and security environments, as well as determines how policies are enforced.

During the onboarding process, new employees are directed to review and acknowledge the company’s corporate and security policy.

The hiring organization is informing the new employee of what is acceptable behavior – and what is not, how to select a network password, how to use email, what websites are acceptable, and so forth.

Depending on the size of the organization, a single policy may suffice. However, this may not be the case for a larger business.

A single overarching policy for corporate security is normal, with smaller sub policies to address the standardized practices and procedures mentioned in the opening definition. See the policy examples below along with descriptions:

• Clean Desk Policy – reduces risk of passwords on sticky notes
• Email Policy – describes acceptable use for corporate email
• Password Policy – addresses requirements for complex passwords
• Incident Response Policy – describes who is responsible for incident management and what to do in case of an incident
• VPN Policy – how to connect to the corporate network from a remote location
• Patch Management Policy – addresses how and when vulnerabilities should be remediated
• Software Patching Policy – Outlines how patches are deployed, when, and how

The network security policy is one of the basic components an organization must have if it is to have a successful network management program.

By having the right personnel strategically aligned for support, policy enforcement will be smoother and tolerable.

Policy enforcement ties in with the next section. Let’s note the continuous tasks performed by Network Security Management.

Examples Of Network Security Management Tasks

Securing and managing the network covers the entire infrastructure – starting at the endpoints, web application servers, directory services, email, network gateways, and the cloud.

These systems can be complex depending on the number of applications, users, and endpoints.

To manage effectively, each area can be broken down into its requirements and maintained by various teams simultaneously to perform the associated task.

The objective of creating sub-components of each task is that it provides the opportunity for efficiency and continuous management.

Listed below are several tasks that are vital to the success of the Network Security Management program.

• Secure local network resources – Ensure anti-virus is current and functioning on all endpoints. Adding EDR to endpoints is necessary due to malware evasion techniques by threat actors today.
• Enforce least privilege or need to know model – Secure data by limiting access to only authorized personal within the organization.
• Secure access to corporate devices – Ensure laptops/desktops are within directory services and accessible via username and password.
• Secure mobile device infrastructure – Mobile devices should be managed by a mobile device management (MDM) solution.
• Ensure computer images are current – New devices created from a ‘gold image’ should have latest operating system and approved software. Once connected to network, updates should be pulled down to ensure devices have the latest patches.
• Ensure new policies are applied immediately – Any changes to policies that are new, or zero day should be pushed out across the organization by some form of push management software.
• Incident response – Ensure policy for lost computers is communicated to support administrators to deal with data loss or detect attempts to break into systems.
• Enforce Email protection/Spam detection – Ensure your corporate email solution has antivirus protection enabled for outbound and inbound email. Enable spam filtering and include a method for employees to self-report an attempted phish email.

8 Steps To Improving Your Network Security

Up to this point in the article, we’ve discussed what network security management is, why it’s a mission-critical task within any organization – especially those with complex environments or compliance requirements.

Now, we dive into the actionable steps to developing and improving your network security.

• Step 1: Be Organized
• Step 2: Develop And Enforce A Strong Password Policy
• Step 3: Build A Vulnerability Management Program
• Step 4: Install Endpoint And Antivirus Protection
• Step 5: Ensure Firewalls Are Properly Configured
• Step 6: Set User Access Permissions
• Step 7: Develop Data Backup Solutions
• Step 8: Don’t Forget Spam And Email Security

Step 1: Be Organized

You should begin with an up-to-date inventory of your network resources including current network and architectural diagrams.

Then create a repository of documentation including up to date procedures, protocols, technical responsibilities.

Always ensure IT staff have clear directions on their day-to-day network management tasks. Make the daily checking of network security a routine activity.

Finally, delegate assignments and tasks, encourage cross training within the team.

Step 2: Develop And Enforce A Strong Password Policy

Develop a password security policy that ensures your passwords are complex enough to avoid being breached.

Complex passwords consist of at least twelve characters, including three of the following four character types:

• uppercase letters
• lowercase letters
• numeric digits,
• non-alphanumeric characters such as & $ * and !.

Be sure to train employees to avoid writing down passwords on sticky notes or storing them in a file on the desktop. Avoid any passwords that could be guessed like names, address, cell phone.

The policy can also recommend utilizing a password management system to store passwords for security tools.

Step 3: Build A Vulnerability Management Program

Develop and document a process for vulnerability management of the network.

Ensure the Operating System and any running software is current and patched to the most recent level per vendor recommendations on a regular basis.

This will help reduce opportunities for threat actors taking advantage of vulnerabilities.

A good vulnerability management system should also include a process for deploying network OS upgrades when zero days are released.

You must patch all the software on the network, including operating systems across devices and servers, applications, and firmware in the devices/hardware.

It is critical not to overlook that network, storage, and other enterprise devices also run operating systems and firmware and must be patched regularly.

Step 4: Install Endpoint And Antivirus Protection 

Antivirus protection is another layer of defense for network clients.

All endpoint systems should have endpoint protection enabled and configured to receive updates automatically.

Centralized endpoint protection systems, such as McAfee ePO or the Department of Defense’s Host Based Security System (HBSS), make the management of larger enterprises much easier for network administrators.

Endpoint protection also includes Data Loss Prevention and software execution prevention.

Step 5: Ensure Firewalls Are Properly Configured  

Network firewalls should be strategically placed in your organization to control outbound and inbound internet access, as well as cross-domain and lateral access between environments.

Enterprise assets that host web applications are best protected by a Web Application Firewall.

Next-Gen Firewalls provide application-based services as well as network-based security signatures.

Maintaining firewalls can quickly become complicated; consider finding a firewall partner for more complex enterprises.

Step 6: Set User Access Permissions 

Set clear user access policies based on Zero Trust or least privilege.

Maintaining a strict access control of enterprise identities makes system administration easier by creating clear maps of access.

In Active Directory environments, administrators should place a priority on group objects and policies.

Access controls based on department and job create a clear delineation of privileges and access that is required for users in each group.

This makes limiting access to sensitive data much easier.

Auditing and logging must also be enabled for all of these groups to monitor access requested, granted, and denied across the enterprise.

SIEM systems and threat hunting can use this data to identify potential attacks or insider threats; as well as make life easier during audits.

An important step that should never be forgotten is disabling inactive accounts and archiving the data of terminated users.

Step 7: Develop Data Backup Solutions 

Backup solutions and tools—while it is practical to back up data manually, the majority of organizations rely on a technology solution to ensure systems are backed up routinely and consistently. 

• Backup Administrator — Every organization should designate a person to be responsible for backups.  That person should ensure that backup systems are properly configured, verified on a routine basis and that critical data is actually backed up.
• Backup Scope & Schedule — An organization must develop a backup policy, specifying which files and systems are sufficiently important to be backed up and how frequently data should be backed up.
• Recovery Point Objective (RPO) — An organization’s tolerance to sacrifice data in the event of a disaster is defined by the frequency of backups.  If backups are conducted once daily, the RPO is 24 hours. The lower the recovery point objective (RPO), the more data storage, computational, and network resources are required to do regular backups.
• Recovery Time Objective (RTO) — An organization’s recovery time objective (RTO) is the time it takes to restore data or systems from backup and restore regular operations.  Cloning data and restoring systems can take time when dealing with complex data volumes and/or off-premises backups, and robust technical solutions are required to achieve a low RTO. 

Step 8: Don’t Forget Spam And Email Security 

Initially, ensure that your team receives professional training.

Regardless of the threat, depending solely on tools will not always secure your organization’s assets. Your security system will have holes in it.

Your team should be required to participate in security awareness training.

You should prioritize training programs to educate your team about email threats and how to respond to them.

Regular simulations and training sessions guarantee that your internet-facing users are aware of the ever-changing cyber threats targeting your company’s data.

Additionally, it ensures that they are applying what they are learning and monitoring their inbox for phishing emails.

Wrapping Up

In this article, we defined Network Security Management, its purpose, and provided recommendations on how your organization can implement based on the strategic plan of your business.

We also discussed the challenges of managing network security in complex environments along with examples of tasks your teams can perform to ensure your business data is protected and continuously monitored for internal and external threats.

Finally, we reviewed 8 steps your organization can reference as a guide to improve the overall security of your business.

By following the recommendations provided in this article, your company will stay one step ahead of threat actors and protect the most valuable assets of your organization.