Without comprehensive visibility of who and what is on your network and an understanding of what they are doing at all times, your network has unknown and exploitable security gaps that cybercriminals are constantly penetration-testing to find.
This trend is expected to continue. According to Gartner, 75 percent of data will live at the edge by 2025—much of it generated by and stored on connected devices.
If IT doesn’t know what’s on the network, they cannot secure it
Protecting valuable data and responding to attacks in real time is feasible only if your organization can see across its entire network. But this kind of visibility is rare. It takes an organization 197 days on average to recognize that its data has been breached. Any delay in identifying that a malicious actor is inside your network may give the hacker time to filter through sensitive intellectual property and customer and financial data undeterred. They may corrupt, modify or even delete primary and back up files prior to releasing ransomware—and any of these scenarios can have catastrophic consequences. Organizations must develop the policies and institute the technologies needed for complete visibility, even in sprawling modern networks.
Establishing policy
The first step to realizing consistent visibility and access control is to lay a foundation of strategic cybersecurity policies. One way to accomplish this is to align with the holistic tenets of the National Institute of Standards and Technology's security framework: identify, protect, detect, respond, and recover.
NIST guidance on identification and detection will help you develop the policies that will enhance visibility into your network. In particular, NIST stresses knowing not only what is in the network and the server environment, but also knowing who is allowed access to what information.
There are nearly 18 billion connected devices—7 billion of them IoT devices—in the world. Achieving complete visibility is easier said than done. Legacy solutions are no longer viable. Enterprises must be able to automate device discovery.
As more edge devices harbor more data, solutions such as Aruba ClearPass Device Insight provide organizations with a simple, centralized dashboard for automated device and IoT visibility. This machine learning-based solution uses numerous attributes about a device (e.g., domain name lookups, destination IP addresses, applications accessed, communication frequencies) to create a unique and detailed fingerprint for the device, making it easier for security managers to automate the process of identifying and cataloging what is on their network.
Aruba IntroSpect also uses machine learning to learn the ongoing behaviors of users and devices This insight allows IntroSpect to flag gestating attacks and notify ClearPass to make on-the-fly policy enforcement decisions.
Network-wide visibility goes hand in hand with effective access control. Strictly enforced access control policies ensure that even if a hacker compromises a device on your network, they can't move freely around it. With a solution such as Aruba ClearPass Network Access Control, you can establish and enforce granular policies across your entire IT environment. It also allows for quick and secure guest access. IONstead of cumbersome and error-prone vlans, enforcement is based on the identity and associated role for each user and device. These roles define IT privileges up to and including Layer 7 application access and can be easily changed without altering the underlying network topology.
This level of access control ensures, for example, that a contractor who has been granted remote access to HVAC equipment cannot use that same access to gain backdoor entry to other areas of your environment. The ability to monitor activity also helps you identify and stop any unscrupulous activity associated with legitimate users whose access has been compromised—which the Ponemon Institute classifies as one of the greatest risks to organizations in its Closing the IT Security Gap with Automation & AI in the Era of IoT report.
Securing server access
Although more data is moving toward the edge, protecting the data center must remain a top priority. HPE Rack Security controls access to your server racks through a universal locking standard that supports multifactor authentication. Electronic and biometric locks prevent external cybercriminals and internal saboteurs from accessing the critical infrastructure that supports your business.
Rack Security is one of many solutions that can secure your system all the way down to the hardware level. HPE's Silicon Root of Trust, with its factory-embedded fingerprint verification, ensures security down to the lowest-level firmware, and the HPE iLO5 server management software provides an array of protections, such as a security dashboard, server configuration lock, firmware downgrade protection, and secure erase function. These tools provide the ability to identify who is accessing your servers when, helping to ensure that your IT team obtains a comprehensive view of what's happening across your network.
To adapt to ever-evolving enterprise networks, organizations must embrace an array of solutions to identify connected devices, defend data from unwanted access, and respond to threats as they occur. As a dynamic partner focused on preventing cyberattacks, HPE offers the suite of tools needed for those capabilities.
Featured articles
- How networking pros can prepare for the software-defined future
- Want to know the future of technology? Sign up for weekly insights and resources
Bob Moore
Hewlett Packard Enterprise
twitter.com/HPE_Servers
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
Bob_Moore
Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.
