Question

What elements comprise network security? What are the key network elements in monitoring and tracking data traffic and information?

Answer 1

Here are the four basic elements of network security to keep in mind:

1. Network Access Control (NAC)

NAC basically allows the admin to understand and control who can and cannot access the

network. NAC identifies what users and devices are allowed on the network. This helps the admin to remain aware of which devices are blocked. Behavioral analytic tools to identify abnormal behavior on a network are a modern tool that can help network administrators monitor their networks for anomalous traffic. Once the behavioral analytic tool is applied, it then sends notifications to the user as soon any abnormal activity is found.

According to Quadrant Knowledge Solutions, the global NAC Market is expected to develop significantly in the next five to six years. Rising from a market size of $997.3 million in 2017 to $5.37 billion by 2023. [3]

2. Firewall Security

A firewall is a network security device that monitors outgoing and incoming network traffic, forming a type of barrier between an untrusted and trusted network. Firewall security decides whether to block or allow specific traffic in the network or not. It is one of the first lines of defense. There are different types of firewall security such as stateful firewall, application-aware firewall, packet filtering firewall, deep packet inspection firewall, and proxy firewall.

According to Stratistics MRC, the Global Network Security Firewall Market value was $3.15 billion in the year 2017. Whereas, it is expected to rise to $9.41 billion by the year 2026 at a growing CAGR of 12.9%. The increasing demand for firewall security, the rapid developments in a digital transformation in the telecommunication sector, and the vulnerability growth in SS7 also contribute to the overall market growth. [4]

3. Intrusion Prevention System or IPS

IPS or Intrusion Prevention System is a threat prevention technology that examines, identifies, and prevents unusual network traffic from exploiting vulnerabilities, such as malicious inputs, target supplication or service to gain control or interrupt a machine or application. The Intrusion Prevention System is positioned right behind the firewall security which provides a complementary layer of analysis. This acts as a direct communication path between the destination and the source. IPS actively analyzes and takes automated actions on all the traffic flows which enter the network. Such actions include:

• Resetting the overall connection
• Blocking unscrupulous traffic from the source address

4. SIEM or Security Information and Event Management

SIEM is an approach towards security management which combines Security Event Management and Security Information Management into one composite security management system. SIEM gathers the relevant and required data from multiple sources to help identify deviations and take appropriate actions.

For example, when a potential issue or threat is detected, SIEM directly logs all additional information and generates an alert so that the security controls stop the activity’s progress on an immediate basis.

Key network elements in monitoring and tracking data traffic and information, i could think of are:

• Firewalls
• Intrusion detection and prevention systems
• Network monitoring, managing and performance software
• Anti-virus/Anti-malware software