SD-WAN security padlock
4 MIN READ | SD-WAN News

5 Ways a cloud-native approach will improve security posture

Mitchell Muro of Check Point and Ryan Garvin of Infovista
Jul. 21 2021

Migrating apps to the cloud and expanding remote work capabilities – a project more and more companies are engaging in now more than ever before. However, this effort can expand the attack surface if security best practices aren’t implemented from the start.

Security and networking have joined the migration to the cloud and can now be delivered in a fraction of the time from the cloud edge as a service. A key factor in securing your business is advanced cloud-based edge security. Taking a smart approach to unifying your security and networking strategies in a cloud-native solution is the fastest, simplest way to improve secure posture.

Managing a massive, interconnected IT infrastructure and the apps that depend on it can seem like a constant battle when considering the often-contradictory requirements for success:

It must run smoothly;

It should guarantee secure access; and

It should meet both of these demands at a price that doesn’t break the bank.

Security and a good user experience are often on opposing sides of a fulcrum. Like the ends of a seesaw, as one is raised, the other is lowered.

So how can you find the perfect balance?

Well, despite a never-ending obstacle course of security threats lurking in the shadows, there is a safe and effective path to follow; one that’s built on the right systems and, of equal importance, the right way of thinking.

It starts with your organisation’s security posture.

As defined in Infovista’s recently published A-Z Guide to SD-WAN and Cloud Edge Networking Terms and Trends, a security posture is an organization’s cybersecurity strength and its ability to deal with constantly evolving threat, whether predicting them, preventing them or responding to them. Think of a vendor’s ‘security posture’ as a (technical) summary of their security philosophy.

Here’s a review of some of the related considerations that you should incorporate to improve security posture:

1. Identify and assess cybersecurity risks throughout your network

How strong are the measures and controls you currently have in place? After all, you can’t secure what you can’t see.

Numerous suppliers offer solutions to help automate cybersecurity risk assessments that help you answer this question when applied to your networks, systems and apps, whether built in-house or provided by third-party vendors.

Some of your systems themselves, such as your SD-WAN, will also provide their own analytics to tap into.

Don’t forget small and seemingly innocuous devices like employees’ phones and printers. If they’re connected, they’re a potential threat.

But this isn’t a one-off activity; as part of your security posture, establish a cadence by which you carry out these assessments. At the very least, they should be done annually.

Check Point offers a FREE security check-up that can analyze your network and collect comprehensive data on active threats to your complete environment, including networks, endpoints and mobile devices.

2. User awareness and education campaigns for your workforce

If you live and breathe tech and IT, it’s easy to forget how much more knowledgeable about this landscape you are than your less technical colleagues.

You can install the best software in the world on their computers but all it takes is for a clever phishing email to slip through the net. If they don’t know the signs to look for and are unfamiliar with the concept, they could click on a dodgy link.

So set up basic training from Day One, including tests at the end. Consider periodically repeating this with updated training. And send out occasional mock threats by email to see who’s been paying attention.

3. Make security intrinsic to all systems and processes

This suggestion goes hand-in-hand with the last.

Promoting security awareness among your workforce should extend to building it into everything you do – the systems you use, the systems you build, the thinking behind your work and the way you go about your business.

Don’t be a reactive firefighter; prevention is better than the cure.

And write this into your security posture.

4. Verify a secure networking foundation:

  1. By orchestrating path selection for critical workflows through a policy defined in a single UI together with application traffic visibility and prioritization, you build security right into your WAN management console and network traffic control practices and processes.
  2. You get to say what can cross your network (how, when and why), down to the user- and session-level (with certain solutions, that is, for instance Ipanema SD-WAN), ensuring critical traffic always takes the transport type declared as secure (e.g. MPLS or encrypted IPsec tunnel).
  3. You can shine a light on the WAN and see and control all the slippery applications hiding under the rocks, aka shadow IT.
  4. You can also use a secure web gateway (SWG) that offers advanced threat prevention backed by AI-powered threat intelligence, delivered as a cloud security service.

5. Unify security services to prevent unknown threats and reduce complexity

Chaos tends to come to light when an organization’s applications are spread all over. And when this happens, it’s difficult to know exactly where to even start when trying to fix this problem. The common approach to the issue is to pile up multiple point solutions, but what you’re left with at the end of the day is management complexity, fragmented visibility and inconsistent policies. Unifying your security services and delivering top-rated threat prevention is key. Here are a few security best practices that can help get you started:

  • By integrating security, organizations can decrypt traffic once and inspect it in a single pass. Application control, URL filtering, and content awareness (DLP) enforce safe web use. IPS, anti-bot and antivirus software protect customers from known threats. HTTPS inspection safeguards companies from threats trying to hide inside encrypted HTTPS channels.
  • Preventing threats before the damage is done saves staff valuable time when responding to them. Check Point offers SandBlast Zero-Day Protection – a cloud-hosted sandboxing technology where files are quickly quarantined and inspected, running in a virtual sandbox to discover malicious behavior before it enters your network.
  • Threats shouldn’t really enter your networks or your devices. Solution should prevent threats, not just detect them.

Conclusion

Security is about ongoing vigilance but it’s also about optimising your systems. Infovista and Check Point can help with that, so get in touch to find out how we can help.

You might also be interested in our recent eBook, What is secure SD-WAN? The definitive guide, which is free to download.

Written By
Mitchell Muro and Ryan Garvin
Mitchell Muro of Check Point and Ryan Garvin of Infovista

Take a look at our cloud-native SD-WAN

Learn more