The New Route for Delivering a Secure Network – Three Key Strategies Featured

Clock 10 months ago
(0 votes)
The New Route for Delivering a Secure Network – Three Key Strategies Image Credit: Alcatel Lucent

The Internet of Things offers transformative potential, however the benefits IoT devices bring don’t come without challenges. As more and more organizations become invested in digital transformation the talk around device security has increased.

Distributed Denial of Service (DDoS) attacks made it into the mainstream last year courtesy of some high-profile attacks. The infamous Dyn takedown was performed using poorly secured, hijacked IoT devices, and knocked some of the world’s leading websites offline. Research has found that the overall number of DDoS attacks is growing and new types of botnets are being used to get around system security. DDoS is not the only high-profile threat facing networks and IT departments. last month’s WannaCry ransomware attack affected more than 200,000 organizations in 150 countries. Many of the NHS hospitals in the U.K. had to turn away non-critical emergencies with up to 70,000 devices being hacked – including computers, MRI scanners, blood-storage refrigerators and theater equipment.

With organizations adopting more and more connected devices within corporate networks, and cyber criminals ramping up their activity, there are going to be three key areas IT departments focus on: Increasing network protection from potentially susceptible IoT deployments, safeguarding from costly DDoS attacks, and the adoption of ‘as-a-Service’ deployment methods to cost-effectively move toward secure network infrastructure.

1. Living on the edge - containing IoT devices across the network  

IoT-enabled devices are finding their way into more industries as the advantages become clear. Healthcare, education, transport and manufacturing are just some of the industries which will benefit from improved productivity, reduced energy costs and expanded visibility.

However, these new benefits bring a new set of issues - poorly secured devices which live at the network edge offer an unsecured gateway, making the network vulnerable to attack. By ‘containing’ IoT into virtualized environments on a corporate network, the potential damage of a network breach is greatly decreased - If one container is compromised, the others stay isolated from that threat.

Network virtualization techniques group selected connected devices and authorized users, enabling deployed devices to be managed and operated only by personnel that need to use them, making IoT management simpler for the enterprise. For example – the IoT network can be segmented so that the HVAC control system is operated by the HVAC specialists, who can configure, monitor and operate the system without impacting the rest of the network.

Over the coming year or so, how to effectively secure and manage IoT networks will become a hot topic and IoT containment is set to form a core part of the solution.

2. DDoS protection - top priority for every business

The Akamai State of the Internet / Security Report shows 2016 saw an increase of over 12 percent in DDoS attacks compared to 2015. One of the largest attacks last year saw the Mirai botnet exploit poorly secured, IP-enabled ‘smart things’ resulting in major websites being offline for hours. With so many IoT devices being left with default security settings and passwords, it allows malware such as Mirai to easily scan for these unsecured devices and take advantage of them.

DDoS attacks using such malware have the ability to both attack your network directly, but also recruit unsecured devices in your network to attack other enterprises. These attacks can have a huge negative impact for organizations – imagine the financial loss suffered by an e-commerce businesses knocked offline during peak season.

Recent attacks have shown that businesses and organizations need to scrutinize all aspects of their networks, right down to the hardware. The ability to entirely prevent DDoS attacks is difficult, however introducing protection at the access switch level improves the first line of defense for enterprises, filtering and blocking malicious traffic before operations are hindered.

The level of embedded intelligence needed to provide this extra layer of defense is not found in outdated network technology. There are three critical capabilities essential for enterprises looking to enhance their network infrastructure to better provide a first line of defense strategy:

The system source code has been independently certified by industry security experts;

The software will be scrambled in the hardware’s memory, to minimize the ability for attackers to find vulnerabilities in the system and prevent any minor exploit from being used across the entire network;

Software that can be delivered by a trusted, secure infrastructure, to eliminate the risk that tampered code is received and installed on the system.

3. The shift to NaaS

A major challenge faced by some organizations is that the infrastructure they have in place doesn’t have the capabilities found in the latest generation of network access equipment and is unable to contain IoT devices and carry out a DDoS mitigation strategy.

Organizations are overcoming this challenge by taking a new route to implement a network. Similar to CAPEX deployments of software applications, such as databases, CRM systems, and office productivity suites, by moving to OPEX deployments and network infrastructure as a service (NaaS) offerings, organizations have more affordable options to upgrade their networks.

Implementing a NaaS solution has similar benefits to SaaS – including lower upfront costs, shifting the burden of maintenance and scalability. These benefits often come at an overall lower cost than the expense of just keeping the lights on with their existing, legacy infrastructure. 

Securing the way for digital transformation

In order for organizations to remain relevant they must keep up with the rapid changes brought by the new digital era. It is key for businesses to have a properly laid out plan on how to tackle digital transformation. Without a plan in place there is an increased chance of being hit by some of the pitfalls, potentially resulting in a significant impact on finances and reputation. By using the latest generation of networking equipment, you are able to take advantage of the embedded intelligence to provide secure access and your digital transformation initiatives deliver the best possible outcome for your business.

Kenny Ng joined the company in November 1995 as Network Consultant, Asia for XYLAN Corporation, which is now part of Alcatel-Lucent since April 1999.  He is one of the pioneers in setting operation for XYLAN Asia Pacific region.


He has been in the networking arena for more than 14 years.  Prior to Xylan, he was working as Network Engineer for ADC Fibermux that deals with fiber-optics equipment. 


Kenny’s international experience began when he first joined Alcatel-Lucent as a Network Consultant.  He was subsequently appointed System Engineer Manager for Asia Pacific.  In his present position, he travels extensively to Asia Pacific to support the enterprise solutions business and providing network design & consultancy to business partners and customers.


His experiences in IP Networking, IP Telephony, Wireless LAN, IP Security, Data Center and Network Design methodology has resulted him creating training certifications on Design Network Academy (DNA) for Security on Network Design, Wireless LAN Network Design, IPT Network Design and High-Availability Network Design. 


How to Make a City Smart: The Benchmark for Success


The Carrier Cure: Turning Mobile “APPathy” into Opportunity