With Cyberattacks Coming From All Angles, Your Network is Part of a Strategy and a Strong Defense

The threat of cyberattacks increases each day. Did you know that only 30% of companies believe they are keeping up with the constantly changing threat landscape? In addition, the number of incidents is ramping up, with 38% more attacks on companies per week in 2022, according to data compiled by Extreme Networks. October is Cybersecurity Month and Extreme experts have weighed in on how to protect your network and fine tune your network security posture.

Think about it like this: your network is part of a strategy and the final backstop when cyberattacks are coming at you from all angles. While no one can guarantee immunity from attack, the network can serve as your best line of defense that limits the scope and impact of intrusions from severe to minimal. The network is the central nervous system of an organization’s operations and livelihood so it must be configured against vulnerability.

How the Network Becomes the Backstop

The potential cost of a cyberattack can be catastrophic. But there are critical network capabilities that can make all the difference. Extreme Networks solutions have security layers naturally built in, so you get:

• Secure wireless 
• Robust segmentation 
• Policy enforcement at every point in the network
• Granular access control policy 
• Secure data transmission and breakout to the cloud
• And unified management from the cloud.

With simple and proven ways to protect your network with fabric technology, you get foundational protection through three security strategies: hyper-segmentation, stealth networking and elasticity.

Hyper-segmentation

This allows the network to be segmented, which means boundaries run from device to device, not network to network, which reduces the potential scale of attack.  It creates a quarantine function if a segment is breached, in essence, which is the cherry on top in terms of a positive business outcome.  Imagine a worker has their laptop compromised.  A hacker could install a host of network scanning tools that would enable them to move from the network on which the compromised computer operates to others that may contain servers with confidential information. It could also create opportunities to hold the organization for ransom.  With hyper-segmentation, the only impact a hacker could make on the organization would be to the direct systems the machine had access to.

Stealth networking

These capabilities combine hyper segmentation with native stealth, which limits the visibility of the network. It effectively hides the segmentation within the network and prevents criminals from being able to target the trace traffic between IPs and to understand the traffic. So, if someone tries to plug in to a device and scan for unsecured ports or devices, the network appears “dark”, and they can’t get a view of topography and spot vulnerabilities. Attackers can’t attack what they can’t see, and stealth networking ensures that successful breaches are unproductive because your most sensitive assets appear invisible to the intruders.

Elasticity

This stretches services to the edge as required, and only for the duration of a specific application session, and it adds to resiliency so that the traffic can be rerouted quickly and automatically in case a device is compromised. In essence, elasticity means that the traditional limitations of networking can be overcome as assets or resources are tied to individual user-credentials and not to the physical connection a user is linked to as is typical on legacy networks. This is why network refreshes are important. Older networks carry vulnerabilities that are completely designed out of newer, more resilient networks. State and local governments must also do a complete cybersecurity audit to protect themselves. 

Martin Polak, Coordinator for Network Planning, SKODA  AUTO, says that Extreme’s virtualization solution brought much needed stability of infrastructure, and enabled them to rapidly implement Network Access Control and deploy new services when and where their company likes. "We have not experienced a single outage since the implementation. The network is much easier to manage, and we have greatly increased security by knowing at all times exactly who is connected to our network, where, and which devices they are using,” he says. In the City of Memphis, where everything from in-car video and body cameras for the police department to automated services for sanitation trucks is managed, it’s critical for officials to make sure that the network is always up and operational, as it is essentially the central nervous system of this smart city. “Extreme makes our jobs easier; the network is simple to manage and my team is free to focus on enhancing digital services for our citizens,” says Mickey Alderson, Network Architect, City of Memphis.

The City of Milwaukee became Extreme’s Fabric Connect technology’s first customer globally in 2011. Their city-wide fiber backbone with multiple carrier connections distributes network resources to more than 100 buildings and 7,000 city staff. The Information and Technology Management Division, including three dedicated network managers, maintain the city’s IT infrastructure and systems for multiple departments, all on separate virtualized networks. The vast network includes more than 500 switches and a recent extension of the fabric network to over 700 traffic cabinets. This is how retailers are using the network to safeguard data and more.

Demands on the Network

Unlike SKODA AUTO and the Cities of Memphis and Milwaukee, not all companies are sufficiently heeding the growing demands, says Extreme Networks CIO John Abel. "The demands that we're placing on the network, from data, AI, computing and storage are all going up exponentially, and some companies maybe have not paid attention to the network. Now that's why we have some of our tools where we want you to be able to run your network in a more simple environment,” says Extreme Networks CIO John Abel. “The network is still very much a strategic aspect of the technology footprint of any company.” Healthcare needs the network to protect vital data.  

And the size of your company doesn’t matter, says Extreme Networks Director of Product Management Bill Lundgren. “It is critical to take cybersecurity seriously in this day and age, no matter how big or small your business is.” With threats such as phishing, identity theft and ransomware attacks, it is essential to create a system that has multiple layers that can thwart attacks along the way. This can minimize the damage. Equipping your network with this protection is not an easy exercise, but it mitigates losses, especially if you take a multi-layered approach. “Any security company that tells you this is that they have the answer that solves the problems is lying. You need a collection of solutions and suites that look at that the integrity of the network and work together,” says Extreme Networks CISO and Senior Director of Information Security Phil Swain.

Potential Attack Surface

The reality is that the potential attack surface has never been larger. More devices are connecting at any given time, and the number of things any network is attempting to manage is continuously growing. That increased surface area creates more opportunities for attacks. Over four billion Wi-Fi devices hit the market every year, and IoT devices are exploding, especially in healthcare and manufacturing, with 27 billion expected to connect in 2025. In addition, worldwide end-user spending on public cloud services is expected to grow 20.7% to $591.8 billion in 2023, up from $490.3 billion in 2022. According to Extreme Networks surveys, 73% of organizations believe they lack the visibility and control of every user’s device activity. The shifting the work/life balance has also heightened the chances of an attack, with more people taking a hybrid approach and with education more online than ever before.

“The IT security gaps are only growing as we distribute our networks and have new ways of attaching with different kinds of devices,” says Laura Flores, Sr. Product Marketing Manager, Security with Extreme Networks. “Think IoT devices and the fact that we now have this hybrid work situation. Now that people are moving back and forth, we're seeing gaps inside of campus security that the products made for remote access like that just don't fill.” Even children are now being educated more online and more at home, which further muddies the picture and adds potential new surfaces, Flores says. Another issue facing companies as they try to stave off cyberattacks is staffing shortages. The reality on the ground is that there are not enough skilled people available to protect the network.

Staffing Shortages

“One of the biggest challenges and especially from an IT security gap perspective is as fast as these things move, it's hard for people to keep up, and there is a shocking lack of trained people across the globe,” says Flores. Extreme’s CIO John Abel agrees, adding that it is a challenge he is currently facing. “Most CEOs are constrained by the ability to get the right kind of talent to meet the demand that they've got.” And getting the right kind of talent is insufficient. ““It's ensuring that the people you've got are good and stay with you and you keep them happy and give them careers. What's in high demand right now is data science analytics and AI, but those are skill sets that are in very high demand that are in short supply.”

The Emerging Threat of AI

AI is an emerging but pervasive and strong threat, he adds. Perhaps more immune to training, AI is also widening the field for who can become bad actors. 

"There is a lot of work being done around CHATGPT and AI, large language models, and so the bad guys are also leveraging that to actually get smarter and use that as another threat vector to a company,” says CIO John Abel. “For bad actors, they are using the same abilities of large compute power and large amounts of data to look at behavioral patterns, either companies or an individual basis and therefore they can see and tweak their phishing attacks. They can tweak their routes to try and attack a company based on data.” They can now also direct AI to write code to perform a specific, tailored attack. “The criminal is moving to a service model. You can buy phishing or malware attacks that is written and tailored to attack targets,” Swain says. It’s almost like buying a service on Amazon, mainly on the dark web, and the criminals can be nation states or other bad actors.  They are creating increasingly sophisticated phishing schemes that rely on AI, he says.  “You can manage and control your network in terms of what's moving around your network isolated and minimize any attack surface. That's the key,” he says. Extreme fabric, in conjunction with XIQ, is a is a key cornerstone of security in terms of ability to real time segment and isolate networks and micro-segmentation. Lundgren says that Extreme takes an in-depth approach to defense. “We have tools within our IT department that help protect the perimeter as well as from a cloud perspective. We have ISO 27,001 certification for the Extreme Cloud IQ product. What that means is that we're audited annually,” he says, a status that adds a layer of security. 

Discover how Extreme helps guard your network against security risks.