Field
The present embodiments relate generally to a network architecture that eliminates anonymous traffic, reduces a threat surface, and enforces policies.
Background
Conventional computer networks present a number of undesirable issues and challenges for network administrators. Conventional networks allow for easy addition and subtraction of devices. They also allow for dynamic changes and modifications to devices including software used on the devices. However, these benefits represent a double-edged sword, because they leave conventional networks vulnerable to attack by had actors. Enterprise networks that are based on conventional networks are often targeted because of their size and the plethora of easy targets they provide.
Such enterprise networks may include a variety of different devices and infrastructure that are difficult to protect. Attackers of enterprise networks may seek to compromise devices connected to the network, take down web services by way of attacks such as denial of service attacks, and/or steal confidential data such as passwords and other sensitive information. For networks such as those used by the U.S. military, the U.S. government or even hospitals, these attacks may present a life or death situation. Further, a banking network attack could cause bank accounts to be emptied in fractions of a second.
Many attacks succeed because they are “new” or variants on old attacks. Thus, because of the difficulty of defending from attacks which were previously unknown, most attacks are not addressed until after the fact. At that time, it may be too late to stop damage to a network and its infrastructure.
One example of unknown attacks include attacks using malware or malicious software such as computer viruses, worms, Trojan horses, spyware, adware, etc. Enterprise networks struggle to deal with malware.
There are many ways that malware can establish an initial foothold within a network. One such example is a “Zero Day” exploit, e.g. an unknown vulnerability in some aspect of a computer software application being executed on a device connected to the conventional network. These exploits are problematic because network operators as well as developers of the software application have no awareness of a “Zero Day” threat until such vulnerability is exploited.
In addition, many attacks come from within a network. Other attacks may appear to come from within a network, as a result of a malicious user obtaining access to compromised device connected to the network, or a user unintentionally opening up a network to harm.
Patches and network-related hygiene practices to stop malware and unpredictable security issues are reactive rather than proactive. Malware detection based on signatures is a losing proposition, and conventional signature detection methods are not viable options to stop future infections.
Accordingly, a new, proactive network model is needed to detect anomalous or malicious network activities and help mitigate the impact of malware on enterprise networks.