Network Security: The Last Prong in the Three-Pronged Approach to Security

The third and most crucial component of a holistic security strategy is network security. The network is really the underlying infrastructure for both physical and cybersecurity. But it’s quickly evolving to be more complicated to secure and manage.

With the connection of more devices, and the increase in IT users in more locations, the network itself is more complex and spread out than ever before. To meet these demands, most networks are being virtualized. That means administrators are combining hardware and software resources and network functionality into a single, software-based administrative entity. That makes it easier to scale for resource-constrained agencies, but it also means that traditional network security control models must be reconsidered.

So, what does network security look like in the age of the “everywhere perimeter”? First, make sure your network can safely grow. You’ll want Automatic Elasticity, which means that your network can scale rapidly to meet the demands of increased users and devices. The key word here is automatic. Virtualized networks are created to scale, but they often require extensive and error-prone manual configuration to expand and adjust.

Automated elasticity simplifies and expedites provisioning – saving your IT and security professional’s time.  More importantly, it mitigates the possibility of human errors that could introduce new vulnerabilities when you scale or adjust things – either by configuring something incorrectly or by connecting devices that could compromise the security of the network.

Next, you’ll want what’s called Native Stealth. That’s the idea of limiting how much of the network is visible to outsiders, and hardening the components that are visible. It employs “edge-only provisioning.” That’s where traffic in one network service is isolated from every other service and its associated traffic. If a service is shared between two network points, then the necessary configurations only appear on those two nodes while remaining obscured from the rest of the network. That keeps events isolated while simplifying and automating the configurations to reduce errors.

Finally, you’ll need to employ Hyper-segmentation. Network segmentation is where you divide your network into smaller components so intruders can’t roam around unencumbered and unidentified. If the network is not segmented, intruders could potentially gain access to other networks and resources. By segmenting the network, you can establish lanes of control that permit only those required devices and applications to communicate. Other resources are invisible to them. 

But segmenting a network manually is a complex and costly process. As networks expand, segments are created and connected into long chains. It protects the network from completely free access, but it also creates long paths of vulnerabilities that are hard to configure and maintain.

There’s a better, safer way. Hyper-segmentation doesn’t use traditional node-based IP routing. Instead it uses shortcuts to connect endpoint to endpoint, with nothing in between. Hyper-segmentation doesn’t use IP addresses to route or switch applications flows. So, at best, intruders can only see the entry and exit points of the network. Since they can’t see everything in between, the network exhibits a stealth mode that makes it invisible.

Avaya Fabric Connect is a completely new way to build networks that delivers a simplified, agile, and resilient infrastructure that makes network configuration and deployment of new services faster and easier. Based on IEEE and IETF well-defined standards, Avaya Fabric Connect combines decades of experience to deliver a next-generation technology that combines the best of Ethernet with the best of IP.  This provides an easy to deploy, secure, hyper-segmented network that is easy to scale and maintain. 

Alliance can help mitigate the cost of upgrading older security technology to top notch IP infrastructure by assessing your current environment, developing a recommendation, and a phased implementation plan.  Alliance understands the federal landscape, the embedded wiring issues, and funding strategies.  Our approach does not depend on setting up VLANs, manual administration for new devices added to the network, or multiple layers of protocols.  Labor, workload and operating costs can be reduced while management of the infrastructure improves.  And physical, cyber and network security are all in synch. 

Alliance Technology Group, a woman-owned small business and an Avaya Platinum business partner, has a solid proven past performance providing support to the Federal Government.  Alliance provides turn-key, multi-vendor solutions that include hardware, software, installation services, maintenance, and accreditation support that can meet and exceed customer expectations. 

For more information about Alliance and how we can help your agency to fortify your physical security, contact