A lot has changed in the network security world in the last 10 years. The firewall used to be a fixture in a network’s perimeter security design where network specialists used to create complex security rules to define and control the permitted inbound and outbound traffic. Lately, the role of the network firewall and perimeter defense has come under question as it seems the perimeter has disappeared.
Don’t get me wrong, a network’s firewall is still a critical element in the overall defense-in-depth of a network, but times have certainly changed. Perimeter security used to be the best method of defense. Controlling the flow of information into and out of a network and protecting it from malicious insiders, external entities with malicious intent, intentional or inadvertent denial of service attacks and unauthorized access or disclosure of sensitive information are essential activities of network security. Boundary or perimeter protection was intended to provide protection and monitoring capabilities against such threats to the network. The risk of a malicious user getting into your network was the worst case scenario. This is not necessarily true anymore.
Today’s information systems landscape consist of complex technologies, users with very sophisticated tools and high powered machines that make it much easier to penetrate into a network. It only takes one time for one user to breach perimeter network security. The paradigm of cyber-security based on the perimeter is no longer sufficient. While perimeter security is still a critical element in the overall cyber security design, it is not sufficient to prevent 100% of the advanced threats. It has become more important than ever to focus more on threat detection and data protection aka inside security than simply on threat prevention. Because of this paradigm shift, enterprises are designing their infrastructure to compartmentalize the network. Separation of duties, strict access control, permission sets, isolated VLANs, and other methods of segmenting your network is the new paradigm. This approach assumes that a threat may already be inside the network. Once this assumption is accepted then cyber security specialists can start to think about ways of limiting the impact of a malicious event.
There is no one best way to defend a network, but once all pieces of security are put together, enterprises give themselves the best chance. The Blue team defense is always on guard to monitor, detect, analyze, mitigate and prevent malicious threats. While none of us know what the future holds for any of us, but if we stay vigilant, and collaborate on defensive strategies, then we can be prepared for any scenario.