What is network security?
Network security refers to the tools, technologies and processes that protect an organization’s network and critical infrastructure from unauthorized use, cyberattacks, data loss and other security threats.
A comprehensive network security strategy leverages a combination of advanced technologies and human resources to prevent, detect, contain and remediate a variety of cyber threats. It will include protection for all hardware systems, software applications and endpoints, as well as the network itself and its various components, including network traffic, data and physical or cloud-based data centers.
Learn More
Learn about delivering complete network visibility, detection and threat hunting services:
How does network security work?
Network security is based on three main components: protection, detection and response.
Protection
Protection refers to any proactive security measures that the organization takes to prevent cyberattacks or other nefarious activity. This may include tools such as a next-gen antivirus (NGAV) or policies like privileged access management (PAM).
Detection
Detection is defined as any capability that helps the organization analyze network traffic, identify threats and contain them.
Most often, this capability is delivered in the form of an advanced endpoint detection and response (EDR) solution. An EDR is an intrusion detection tool that uses advanced data analytics to record and store network activity and identify suspicious system behavior. Most EDR tools also provide contextual information and remediation suggestions to cybersecurity specialists.
Response
Response refers to the organization’s ability to remediate a security event as quickly as possible. Tools usually include a managed detection and response (MDR) system, which is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring and response.
Response efforts may also include a formalized incident response (IR) plan. An IR plan outlines the steps the organization will take to prepare for, detect, contain and recover from a data breach or other security event.
Types of network security
Next-generation firewall (NGFW)
For many organizations, the first line of network protection is a next-generation firewall (NGFW). Like a traditional firewall, a NGFW inspects all incoming and outgoing network traffic and creates a barrier between internal and external networks based on trust principals, rules and other administrative settings. A NGFW also includes additional features like application awareness and control, intrusion prevention and threat intelligence services.
While an NGFW is a critical component within the overall network security plan, it does not provide complete protection and must be supplemented with other security tools and technologies.
It is also important to note that traditional firewalls are now considered obsolete as they are largely ineffective in preventing advanced attacks, particularly within the cloud environment. For that reason, organizations are advised to upgrade to an NGFW solution.
Next-generation antivirus (NGAV)
Next-generation antivirus (NGAV) is a network security tool that uses a combination of artificial intelligence, behavioral detection, machine learning algorithms and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented. NGAV is cloud-based, which allows it to be deployed quickly and efficiently, reducing the burden of installing and maintaining software, managing infrastructure and updating signature databases for the IT or information security team.
Virtual private network (VPN)
A virtual private network (VPN) is a security tool that encrypts the connection from an endpoint to an organization’s network, allowing authorized users to safely connect and use the network from a remote setting. VPNs usually leverage advanced authentication methods to ensure both the device and user are authorized to access the network.
Web application firewall (WAF)
A web application firewall (WAF) is a security device designed to protect organizations at the application level by filtering, monitoring and analyzing hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS) traffic between the web application and the internet.
Arfan Sharif is a product marketing lead for the Observability portfolio at CrowdStrike. He has over 15 years experience driving Log Management, ITOps, Observability, Security and CX solutions for companies such as Splunk, Genesys and Quest Software. Arfan graduated in Computer Science at Bucks and Chilterns University and has a career spanning across Product Marketing and Sales Engineering.
