網路安全架構

Networks must have security embedded into their very design. A network security architecture provides a basis for an organization’s cyber defenses and helps to protect all of the company’s IT assets. Here, we discuss the components of a network security architecture, how it benefits businesses, and different models for creating a secure network architecture.

申請示範 閱讀冰霜 & 沙利文報告

Elements of a Network Security Architecture

A network security architecture includes both network and security elements, such as the following:

  • Network Elements: Network nodes (computers, routers, etc.), communications protocols (TCP/IP, HTTP, DNS, etc.), connection media (wired, wireless), and topologies (bus, star, mesh, etc.).
  • Security Elements: Cybersecurity devices and software, secure communications protocols (e.g. IPsec VPN and TLS), and data privacy technologies (classification, encryption, key management, etc.).

The Purpose of a Network Security Architecture

A well-designed cybersecurity architecture enables businesses to maintain resiliency in the face of a cyberattack or a failure of one or more components of their infrastructure. The architecture should be optimized for daily use during normal business operations and prepare the company to handle reasonable bursts, spikes, or surges in traffic and to appropriately manage potential cyber threats to the organization.

How Does a Security Architect Create a Network Security Architecture?

A security architect is responsible for identifying and working to prevent potential cyber threats to an organization’s network and systems. As part of their role, security architects should develop a network and security architecture that provides the visibility and control necessary to identify and respond to cyber threats to an organization’s systems. This includes developing a plan for locating security controls to maximize their benefit to the company.

 

The Check Point Enterprise Security Framework (CESF) defines a process for developing a network security architecture that includes four primary phases:

 

  • Assess: This phase of the process is for business and architecture reviews. The key steps in this phase include data capture, business modeling, and risk assessments.
  • Design: This phase is intended to develop a response to the requirements and to build customized logical design blueprints and recommendations.
  • Implement: This phase is for professional services, partners, etc. to add low-level design details and deliver statement-of-works for real-world solutions.
  • Manage: This phase is geared towards continuous development and incremental improvements of the security posture.

Network Security Architecture Frameworks

Network security architectures can be designed based on a few different frameworks. Two of the most widely used models include zero trust and the Sherwood Applied Business Security Architecture (SABSA).

「零信任」

The zero trust security model is designed to replace traditional, perimeter-based security models that place implicit trust in users, devices, and applications inside of the network. Zero trust eliminates the network perimeter by treating all devices as potential threats regardless of their location.

 

With a zero trust architecture, all requests for access to corporate resources are evaluated on a case-by-case basis. If the request is deemed legitimate based on role-based access controls (RBACs) and other contextual data, then access is granted only to the requested asset at the requested level for the duration of the current session.

 

A zero trust security architecture provides deep visibility and control over the actions performed within the corporate network. This is accomplished using a combination of strong authentication systems, including multi-factor authentication (MFA), and granular access control implemented using micro-segmentation.

The Sherwood Applied Business Security Architecture (SABSA)

SABSA is a model for developing a security architecture based upon risk and business security needs. The model identifies business security requirements at the beginning of the process and works to trace them throughout the entire process of designing, implementing, and maintaining a security architecture.

 

SABSA includes a matrix for security infrastructure modeling. This includes multiple different layers (contextual, conceptual, logical, physical, component, and operational) and questions to be asked (what, why, how, who, where, and when). At each intersection, the model defines the component of the security architecture that should address that question at that layer.

Architecting Network Security with Check Point

近三十年來,Check Point 已為網路安全樹立了標準。在持續發展的數位世界中,從企業網路到雲端轉型,從保護遠端員工到關鍵基礎設施,我們保護組織免受最迫在眉睫的網絡威脅。

 

Check Point provides an integrated cybersecurity architecture designed to secure company networks, clouds and users against modern threats. It consolidates an organization’s array of Check Point solutions, and can be managed centrally via a single dashboard. This consolidated security architecture expedites incident detection and response and allows all security solutions to leverage threat intelligence generated by Check Point ThreatCloud AI, the world’s largest threat intelligence database.

 

Need help designing a secure network, Check Point Security Architects leverage its industry experience and employ independent frameworks, such as NIST CSF, SABSA, and Zero Trust Architecture, to provide advisory and assessment services to secure customer networks from threats. We invite you to sign up for a no-cost Security Risk Assessment today.

×
  反映意見
本網站使用cookies來實現其功能以及分析和行銷目的。 繼續使用本網站即表示您同意使用cookies 。 欲了解更多信息,請閱讀我們的cookies聲明