Network security is a leading concern for every business owner, CIO and network administrator. This issue is compounded in the smart building space as the number of IP connected devices is multiplied, considerably increasing the number of potential attack surfaces.
It is widely accepted that the weakest link in network security is the human user, usually through inadvertent bad practice. In addition to user behavior, security can be compromised by unmanaged devices connected to a network, such as IoT sensors, IP cameras or machine-programmable controllers, many of these devices have inherently poor security with hard-coded passwords or backdoors. These can be used as “Trojan horses”, since they cannot host any local threat protection agent.
Protecting the Edge
The conventional way to protect from attackers and threats is to use a firewall to inspect all traffic to and from the Internet. This is a very common design, which focuses on protection from the Internet, but which still leaves the entire network vulnerable to attacks from within, from connected devices and external media. A more secure approach is to force all traffic to pass through the firewall, including internal traffic. But this solution requires a very powerful and expensive firewall which is prohibitively expensive and impractical.
A firewall can't control the device that is causing the problem. Once a firewall detects this kind of attack, all it can do is alert the administrator to manually investigate and act. This takes time and resources—time in which the threat can spread, and sensitive information can be lost. If a network device is copying infected files or uploading sensitive material, then that device should be immediately isolated from the network to prevent any further damage, and this simply cannot wait for the required human reaction time.
Enter Self-Defending Networks
Ideally, a network would defend itself based upon the threat detected and the device that caused the problem. The action taken would be immediate, and the device responsible would be automatically isolated from the network to prevent further damage.
Enter the Allied Telesis Self-Defending Network solution. The AMF-Sec controller at the heart of our AMF Security solution adds AI to the network to automatically decide the appropriate reaction for any detected attack. Our AMF-Sec controller integrates with most common firewall products, to centralize your security policies on one device and save you the expense and inconvenience of changing your primary security device.
The major benefit of the Self-Defending Network is immediate and accurate threat response, without any manual intervention. Actions are configurable depending on the firewall event, suspect devices can be isolated from the network completely, or moved to a quarantine area to await remediation.
Suspect user devices can be automatically isolated whether they are wired or wireless, ensuring there are no weaknesses anywhere on your network, and without the need for end-point agents or applications. Instead of shutting down the device, we control the network to restrict access until remediation can be applied. We can block a threat emanating from an IoT device just as easily as one from a mobile device or PC.
The Self-Defending Network also monitors and protects traffic moving within a corporate network without adding unacceptable latency. Our solution allows the security appliance to monitor a copy of the traffic (I.e. one-armed) so no latency is introduced and blocks any threats instantly and automatically.