Network Security: What it is and how it works

Network security is an approach to cybersecurity that involves monitoring network activity for cyber threats. As attackers improve at sidestepping traditional firewall and endpoint protections, network security provides added visibility into insight-rich network traffic data, enabling organizations to detect and respond to threats they might otherwise miss.
The evolution of
network security
Network security for
today and tomorrow
Network security
maturity spectrum
IronNet for
network security

The evolution of network security

Monitoring network traffic is nothing new. In the early days, computer networks were exclusively the domain of the government and large commercial research labs. In these sparsely connected environments, companies logged network traffic mainly for debugging purposes. Networking as a category grew slowly but really came into its own in the late 80s and early 90s when network switching vendors started connecting corporate networks across various campuses and remote offices. In these environments, network monitoring focused on network performance monitoring use cases, where IT teams were leveraged to diagnose network bottlenecks within their users and the applications that they needed to access to do their jobs. At this point, network monitoring was basically about helping companies maximize performance and reduce bottlenecks.
IronNet-evolution-network-security
With the growth of the Internet in the late 90s and early 2000s, all of a sudden companies became connected to each other and could interact directly with their customers through eCommerce and other means through the external Internet. While this was an extremely transformative time for how companies conducted business, the unforeseen consequence of this innovation was the creation of new attack surfaces where external actors anywhere on the Internet could potentially access systems, data, and applications that they were not intended to access. As a result network monitoring began to take an increasingly security-centric angle. Network visibility was no longer exclusively about performance; it was increasingly about gaining visibility to who was accessing what systems or data. Companies began tracking network activity for compliance purposes and as a mechanism to audit unauthorized access to sensitive data.

As the internet revolution gave way to the mobile revolution, the world became increasingly connected across companies, regions, and nations, network security began to plan an increasingly fundamental role in how companies conducted business. On the other side, computer “hackers” began to evolve from individual pranksters to full-fledged criminal gangs to become core-elements of national power for nation states. The realization that hackers were accessing the network to cause harm eventually drove companies to seek a more behavior-based approach to network security. But the huge data volumes generated by networks outpaced the compute and analytical capacity of most security systems. The lack of compute limited behavioral monitoring to segments of the network and often to a device-centric security strategy. A device-centric strategy, however, faced limitations with attackers’ increasing sophistication and ability to evade or disrupt endpoint security solutions, necessitating a refocus on network security as a source of truth for the detection of threats. The recent gains in big data helped enterprise refocus on the network.

Today, with the trillion-fold increase in computing power, countless software vendors offer network monitoring capabilities. And while visibility remains an essential component of network security, the true power lies in combining visibility with deep behavioral analytics and response tools (advanced Network Detection and Response, or NDR) to help companies identify malicious activity and stop the attackers before they can cause damage to the enterprise.
IronNet helps us with the know/unknown problem. Every senior leader asks, ‘Are we secure?’ With IronNet, I have a control in place that gives me assurance that we are not being targeted by adversaries based on threat intel, proactive hunting, and attacks from other network.
— Head of Security Operations,
Global Hedge Fund Management Firm
Ironed-Blog-Featured
IronNet Blog
For financial services institutions, for example, being able to monitor traffic across the network is especially critical particularly as defending the network remains the toughest challenge for security teams responsible for defending large EIT architectures, as well as securing interconnected supply chains.

Network security for today and tomorrow

The most effective approach to network security is one that combines visibility, detection, and response.

Visibility
You can’t stop what you can’t see. Gaining access to real-time network traffic data is the critical first step in network security. Sensors provide observation points across the network, revealing patterns in network traffic that can be used to detect anomalies. Your network architecture, traffic volumes, and locations of critical assets will determine where sensors should be placed and what data should be collected.


Detection
Once network monitoring is established, the next step is threat detection. Advanced network detection often relies on statistical analysis, machine learning, and artificial intelligence techniques to identify as suspicious at extreme rates of speed. This often requires the analysis of large datasets in order to make more accurate predictions as to whether a detected event is benign, suspicious, or malicious.


Response
The critical final step in network security is responding to threats. Many NDR integrations occur within large enterprises with mature security operations centers (SOCs), which prefer to leverage their own workflows for response. Consequently the focus of NDR vendors is to provide integrations with market leaders in SOAR tools such as Splunk, Palo Alto XSOAR (Demisto), and Swimlane.

Why cybersecurity is
not a post-pandemic luxury

Cyber attacks and data breaches aren’t pausing while business returns to normal. Hear from seasoned venture capitalist Ted Schlein and IronNet co-CEO Bill Welch, who led the launches of both Zscaler and Duo, as they share frontline stories about the real value of cyber as part of a maintenance and growth strategy.
Commonly used in network detection and response (NDR) solutions, machine learning models can detect “unknown unknown” threats to your network using behavioral analytics. Machine learning algorithms can see cyber threats coming around the corner (e.g., ports suddenly being used that have never been used before), in turn enabling more rapid triage and mitigation. Machine learning models are also used to continually reweigh prioritization of potential threats based on real-world outcomes. Providing greater visibility of the threat landscape, detection of unknown threats, and faster response capabilities, NDR is an important element in a security team’s defenses.

Network security maturity spectrum

Each network security approach will differ based on your unique combination of business type, threatscape, and network architecture.
Use the maturity spectrum below as a rough guideline to where you are and where you would like to be.
Foundational-Reactive-Proactive
IronNet-foundational-icon
Firewalls, VPNs, basic access control

Every company needs at least a basic firewall to control access and close certain ports. You will also need a VPN to ensure employees can securely connect to the internet. These basic controls are like having a lock on the front door of your house.
IronNet-reactive-icon
Real-time Network Monitoring

Further along the spectrum comes elements of behavioral analysis and NetFlow analysis. Seeing things like who goes where at what time helps security teams detect changes in network behavior and identify anomalies consistent with security breaches. Think of it as having video monitoring that allows you to replay moments in time in an investigation.
IronNet-proactive-icon
Proactive security operations
 
Mature approaches to network security extend beyond firewalls, giving organizations active control over their entire network. This involves using a combination of tools including identity, endpoints, access control and NDR platforms, providing a blanket of security against both sophisticated network attacks and highly organized threat actors.

IronNet for
network security

IronDefense is a powerful NDR platform that improves visibility across the threat landscape and amplifies detection efficacy within your network environment.
IronNet-enhanced-visibility@2x

Enhanced visibility

IronDefense offers real-time insights across industry threatscapes, human insights to detected threats, and deep analysis of anomalies correlated across peer groups via IronDome Collective Defense integration.
IronNet-faster-detection@2x

Faster detection

IronDefense includes advanced network behavioral analysis that leverages proven AI to defend highly secure networks, allowing companies to scale up quickly and detect threats faster.
IronNet-Increased-SOC@2x

Increased SOC efficiency

With IronDefense, you get experienced insights from some of the nation’s top defenders. IronDefense’s Expert System supplements limited cyber staff to enable faster, more effective prioritization, mitigation and response.

IronNet network security services

IronNet’s elite subject matter experts and security personnel work closely with each of our customers to help them deploy, operate, scale, and mature their network defense. Unlike other NDR vendors that provide a basic level of onboarding service, we customize our services to meet our customer needs. This can range from consultative engagements at the executive level down to operational ‘co-drive’ capability where our Cyber Operations Center (CyOC) provides NDR overlay hunt services to our customers’ SOCs.
IronNet-Network-Security-Desktop