How to develop and implement a network security plan

What do I need to protect?

You can't protect what you can't define, including inbound and outbound traffic. For years, network security professionals were only concerned about blocking inbound threats across the network. It was assumed that all traffic going out was approved. That isn't the case anymore.

Many companies today are concerned about sensitive data that is exfiltrated, or sent out, via the corporate network. Data loss prevention (DLP) is an important requirement for many companies as it helps to ensure end users do not send sensitive or critical information outside the corporate network. So, first, establish whether your network security plan needs to address inbound traffic only or if it needs to address outbound exfiltration scenarios.

User management and logins are another important consideration. While user logins traverse your network, are you responsible for keeping logins secure?

Most larger companies have a group dedicated to managing single sign-on and Active Directory user environments, but are they also looking for security? Is it their job or your job to detect and deter network-based attacks on credentials? This responsibility should be made clear.

A team of network security professionals will also manage email and collaboration environments. Systems such as Office 365 integrate extensive security features that range from basic malware and antivirus protection to antiphishing and, possibly, DLP.

All these items are network-related. So, you need to establish whether the email and collaboration team is activating and using these network-related security features or if it's leaving them dormant, figuring the network group will provide these protections.

What government regulations must I follow?

Depending on your industry, compliance can be a big issue. Companies that deal with healthcare, financial and other sensitive data have specific legal requirements that have a direct effect on their network security plans. In these cases, you'll want to work with your legal department to confirm what regulations cover your firm.

Additionally, if you have locations or customers in the European Union, for instance, your network security plan might need to be adjusted for geographic considerations. Some privacy and data protection requirements might cause you to augment your protections.

How will I audit my network security plan?

Ultimately, you will need to monitor the effectiveness of your plan. In addition to whatever statistics and analytics your network security devices give you, you may need more.

Government regulations may require certain logs and audit trails to be kept. In the event of a breach, you may need to replay network events. You may want to implement a security information and event management system to help log, monitor and analyze the flood of data that your security devices can produce.

What tools can support my network security plan?

Before you implement your network security plan, you'll need to consider the tools that can help with implementation.

The security infrastructure business has evolved considerably in recent years. To implement your updated plan, you may need to replace existing infrastructure. For example, basic firewalls and intrusion detection or prevention systems can't always thwart the more sophisticated threats that are common today.

Essentially, you can't use old tools to fix new problems. Security platforms, such as cloud access security brokers and network detection and response systems, didn't exist a few years ago. Today, though, these tools detect and prevent threats that are invisible to older-generation devices, such as firewalls.

Define your network security requirements clearly. Determine where network security begins and ends. And, lastly, take advantage of today's technology to deal with today's threats.