Protecting the Edge

By Graham Walker

The increasing consumption of data on mobile devices and the Internet of Things (IoT) revolution have both transformed the edge of the network. Mobile has moved the edge of the network from the traditional wired LAN to the Wireless LAN and IoT adoption means more devices are connected to the network. In parallel, attackers have increased their sophistication and threats come in so many forms that maintaining a secure, effective network has become time-consuming and costly.

Traditional security models focus on preventing attacks from getting inside the network. The focus is to defend the borders since these are typically the weakest points. Firewalls are a good example—they inspect traffic crossing the network border to block any threats from coming in and sensitive data from leaving. However, relying solely on a firewall for network protection is like locking your front door while leaving all your windows wide open.

Protection from the User

Anti-virus tools and security policies can be effective in protecting the network from misuse by desktop (wired) users. Mobile (wireless) users pose different challenges because they consume their data on a wide variety of device types that are often outside the control of corporate IT. Traditional methods of securing the network edge from wireless devices include registering the device’s MAC address and/or Network Access Control (NAC), which requires the mobile device to run a security agent. Both methods together can be effective, but they are cumbersome since the user must install the agent on their device, which can limit device support and cause issues if the user changes their device.

Agentless solutions such as Self-Defending Networks can be an effective alternative to NAC—offering faster responses and simpler administration with no device compatibility issues.

IoT devices introduce yet another risk because they are typically simple devices with limited functionality that are seldom inherently secure. Effective IoT security should consist of two components: identification of the device and inspection of the data it is transmitting. Digital certificates provide a reliable means of identification but not all IoT devices support these, so data inspection is mandatory to ensure that no threats are being injected.

Balancing Requirements

As security measure tighten, usability issues, and management overheads increase, which add costs to the network operating budget. A balance needs to be found that optimizes security, cost, and usability. The key is to select network infrastructure that can provide the necessary functionality to enable the required protection without adding complexity.

Allied Telesis has a range of integrated security solutions that leverage the intelligence built into our network products to provide strong security without the usability hassles and overheads of separate security systems. Talk to us to find out more.