Network Security, Defined and Explained
Network security refers to the technologies, processes, and policies used to defend any network, network traffic, and network-accessible assets from cyberattacks, unauthorized access, and data loss. Every organization, from small businesses to the largest enterprises and service providers, in every industry requires network security to protect critical assets and infrastructure from a rapidly expanding attack surface.
Network security must protect at the many edges of the network and also inside the network, with a layered approach. Vulnerabilities exist everywhere, from devices and data paths to applications and users. Because organizations encounter so many potential threats, there are also hundreds of network security management tools intended to address individual threats or exploits or assist with other mission-critical infrastructure needs, such as continuous compliance. Organizations should prioritize network security solutions that cover the multitude of threats, using a platform approach that prioritizes integration and automation.
Fortinet Security-Driven Networking
Fortinet’s Security-driven Networking strategy tightly integrates an organization’s network infrastructure and security architecture, enabling the network to scale and change without compromising security operations. This next-generation approach is essential for effectively defending today’s highly dynamic environments – not only by providing consistent enforcement across today’s highly flexible perimeters, but by also weaving security deep into the network itself.
Watch the video
The Importance of Network Security
Today’s threat environment is constantly changing, and from distributed denial-of-service (DDoS) attacks to ransomware, the frequency, volume, and sophistication of cyberattacks show no signs of slowing down. All organizations require network security because even a minor disruption to network infrastructures—such as a minute of downtime, or a lag in service performance—can cause damage to an organization’s reputation, bottom line, or even long-term viability. Catastrophic cyberattacks, which often begin as seemingly benign intrusions that inadequate network security tools failed to catch, can force organizations to pay crippling fines and even close their doors for good.
Types of Network Security Solutions, Devices, and Tools
A very critical component of network security is a next-generation firewall (NGFW). But to truly protect the network, other technologies are required, and effective network security requires a holistic approach that integrates the firewall with other important capabilities. Essentially, to protect an organization’s entire attack surface, a layered approach with managed network security solutions for all areas of the network must work together as an integrated and collaborative security fabric.
Traditional firewalls have been around for decades, and are a standard security product in use by a majority of organizations. But as the threat landscape has evolved, so too has firewall technology. A next-generation firewall (NGFW) moves beyond a traditional firewall’s port/protocol inspection and blocking techniques to add comprehensive application-level inspection, intrusion prevention, and intelligence from sources outside the firewall.
Both traditional firewalls and NGFW employ packet filtering (both static and dynamic) to ensure connections among the network, the internet, and the firewall itself are secure, and both can translate network and port addresses for IP mapping. NGFWs, however, can filter packets based on applications, using whitelisting or signature-based intrusion prevention systems (IPS) to distinguish between applications that are benign (i.e., safe) and applications that are potentially malicious. There are many other differences, but one major advance between traditional firewalls and the latest NGFWs is the ability to block malware from entering a network—a major advantage over cyberattackers that older-generation firewalls cannot deliver.
Explore FortiGate NGFW
WAN and Branch Protection
The vast majority of organizations today have offices, partners, or individual workers based all over the world, and remote work, or telework, is a trend recently accelerated by the global COVID-19 pandemic. But network security products can’t be an afterthought in these distributed locations, sometimes described as branch offices. Branch office network security means keeping internet traffic safe among branches, corporate resources such as headquarters or data center, and remote employees. There is a lot of data in transit among these distributed locations, all the time. The rapid embrace of cloud-based applications, such as G Suite, Office 365, and other popular Software-as-a-Service (SaaS) tools, means a consistent, secure internet connection among users at various locations is vital to keeping an organization productive.
Traditional wide-area network (WAN) technologies such as multiprotocol label switching (MPLS) are now too slow and cumbersome to keep up with the volume and speed of internet connections needed today. That’s why many organizations are turning to advanced network security solutions such as software-defined wide-area networking (SD-WAN) as part of fully realized network security delivered all over the world and across many distributed (branch) locations. Emerging business connectivity frameworks such as secure access service edge (SASE) combine flexible connectivity provided by SD-WAN with a number of different security needs, from Firewall-as-a-Service (FWaaS) to zero-trust access principles.
Explore Fortinet SD-WAN | Learn More About SD-Branch
Intrusion Prevention System (IPS)
An intrusion prevention system (IPS) identifies suspicious activities and detects or prevents them from attacking computer networks. IPS security technologies monitor for these activities, capture information about them, and report them to network administrators. IPS will initiate preventative steps such as configuring other network security tools to prevent possible attacks, and adjusting corporate security policies to block employees or guests on the network from engaging in harmful behavior. IPS tools are a critical component of complete network security, and increasingly are being integrated into network firewalls instead of their traditional place as a standalone product in the network security infrastructure.
Learn More About FortiGate IPS
Secure Web Gateway
Much like its name suggests, a secure web gateway is a checkpoint that prevents unauthorized traffic from entering the organization’s network. A secure web gateway sits between all data incoming to the network and outgoing from the network, and provides a barrier against malicious traffic from accessing key resources on the network. More sophisticated secure web gateways can also prevent exfiltration of sensitive information from the organization’s network. Secure web gateways have become more critical to overall network security technology, especially as cyberattackers grow more creative and sophisticated with the use of spoofed websites and other now-standard tools of their trade.
Explore FortiGate Secure Web Gateway
SSL inspection is a critical component of network security infrastructure. SSL, or secure sockets layer, inspection intercepts and decrypts all traffic transmitted through an HTTPS website, identifying malicious content. Organizations often use SSL certificates on their websites to provide safe connections. SSL, however, also has a downside—SSL encryption is often today used by attackers to hide malware. Network security solutions, therefore, must include SSL inspection support as a core capability.
Learn More About FortiGate SSL Inspection
SD-WAN offers faster connectivity, cost savings, and performance for SaaS applications as well as digital voice and video services. But SD-WAN has its own shortcomings—especially when it comes to security. Accurate detection and intelligence business policies employed with SD-WAN are important to another network security need: application optimization. Application optimization uses several techniques to boost the overall functionality of the network, and do it securely. Bandwidth capacity monitoring, application coding, and addressing network latency are some of the relevant techniques.
Learn More About Application Optimization with Secure SD-WAN
Crucial to modern network security is seamless cloud connectivity, and by the end of 2020, more than 80 percent of all enterprise workloads will run in the cloud. Therefore, network security must include cloud on-ramp considerations, and the ability to optimize cloud connectivity by enabling fast, secure cloud adoption and connections to SaaS and Infrastructure-as-a-Service (IaaS) applications.
Learn More About Securing the Cloud On-Ramp
Virtual private networks (VPNs) use virtual connections to create a private network, keeping any endpoint connected to the internet safe, and protecting sensitive information from unauthorized viewing or interception. A VPN routes an endpoint device’s connection through a private server so that when data reaches the internet, it’s not viewable as coming from the device. High-performance crypto VPNs accelerate cloud on-ramp, deliver a better and more secure experience for remote workers, and allow all organizations to maintain a consistent security policy and appropriate access control, regardless of location, for all corporate users, applications, and devices.
Explore FortiGate VPN
Perimeter security is evolving, like every other aspect of network security in the modern age. Traditionally, the network perimeter refers to edge infrastructure that sits between the corporate network and the public internet, creating safe controls for inbound and outbound information passing among them. NGFWs are a typical part of this edge infrastructure. Robust perimeter security must include capabilities such as application awareness and control, monitoring and blocking malicious content, and overall traffic management.
Learn More About FortiGate's Perimeter Security
Organizations are utilizing more data, transmitted at faster speeds among globally distributed sites, than ever before. The advent of technologies such as 5G and the needs of organizations transmitting massive datasets, such as those found in high-velocity e-retail, transportation, energy, and manufacturing, have created the need for hyperscale security. All of these developments require proper security controls.
Too often, organizations find their security tools can’t keep up at the pace hyperscale requires, and forgo security safeguards in favor of an optimal user experience—a dangerous trade-off. Hyperscale applications require a different mindset than traditional network security tools. They need properly scaling network firewalls and other solutions to process unprecedented volumes of data at unprecedented speeds.
Learn More About Engineering for Hyperscale
Network automation uses network and security software tools to maximize the efficiency and functionality of the network. Automation is employed in many aspects of a corporate IT infrastructure to alleviate human teams and significantly reduce the possibilities of human error, which continues to be a leading cause of network security issues and outages. Employing network automation to update configurations and perform countless other functions in place of cumbersome, manual processes helps reduce the overall complexity of network management and deliver stronger network security as a result.
Learn More About Automating Your Security
Compliance management isn’t optional in this age of data privacy regulations and other compliance controls put in place by various industries, governments, and regions. Compliance management is also traditionally quite cumbersome, involving long, team-led manual processes and weeks and months of work to obtain, analyze, and report on data.
Network and security teams can overcome complicated and exhausting audit processes—which are often ineffective anyway—by automating compliance tracking and reporting and integrating those techniques with other network security operations. Robust tracking and compliance monitoring tools can also evaluate network environments against industry benchmarks and best practices, ensuring that measurement of compliance risks is a simple process.
Learn How to Automate Compliance