How Secure Network Fabric Protects Against Emerging Threats | Extreme Networks

From myths about ancient Greeks waging wars against Troy to modern digital societies plagued by digital Trojan horses, backdoors, and other types of sneaky malware, attackers have always been good at outmaneuvering each other and getting past even the most competent defenses. According to the recent study by Check Point Research, enterprise networks in Q2 2024 were attacked as much as 1,636 times per week, translating into a 30% YoY increase, and a 25% rise compared to Q1 2024.

The highest increase of global cyber-attacks seen in the last two years follows the growing complexity of threat actors. Multiple cyber threat trends are converging simultaneously, only contributing to their sophistication, diversity, and persistence. For businesses and organizations around the world, it is essential to evaluate their readiness to respond to those hidden dangers. With its inherent security, network fabric has become one of the primary lines of defense against threats both new and old. But to beat the enemy, one must know the enemy. Let us explore the latest cyber threats first.

Overview of cybersecurity threats

Ransomware

One of the most common yet increasingly effective types of cyberattacks continues to be ransomware. IBM and Ponemon Institute estimate the current global average cost of a data breach at $4.88M (USD) - a 10% rise over 2023 and the highest total ever. In a ransomware scheme, as the name suggests, bad actors encrypt a victim's data and demand payment in exchange for the decryption key. Even worse, the attack can escalate and impact multiple parties by denying access to several workstations or a central server that is critical to business operations. This type of malware often exploits policy misconfigurations and unpatched vulnerabilities in the system, whether overlooked by the manufacturer or the IT team, although most attacks are staged through malicious links delivered via phishing and social engineering methods.

Phishing

In essence, phishing attacks use email, SMS, phone, social media, and other forms of communication to entice victims to share sensitive data or download malicious software. To create the illusion of legitimacy, bad actors employ a variety of psychological tactics and motivators like love, money, fear, or status. According to StationX, approximately 36% of all data breaches involve phishing tactics and in 2021, nearly one in five recipients clicked on a compromised link from an email, with more sophisticated spear phishing schemes achieving a more than 50% success rate.

Although companies and organizations train their staff to stay alert to deceptive messages, the rapid growth of AI tools such as ChatGPT is making it increasingly harder to spot a phishing attack. In 2023, Darktrace Research reported a 135% growth in malicious email campaigns demonstrating advanced linguistic deviation in syntax, semantics, grammar, and sentence structure.

IoT device vulnerability

One other major source of vulnerability through which malicious attacks can be launched on the network are IoT devices. Designed with a primary focus on functionality, this type of equipment usually lacks the robust security mechanisms present in more advanced machines like employees' PCs or smartphones, making it especially susceptible to malware. As a result, attackers often view IoT devices as low-hanging fruit, an entry point for staging damaging attacks across the organization's network. According to Demandsage, 84% of businesses that have adopted IoT reported security breaches, and almost half admit that they lack the means to detect IoT breaches on their network.

Malware

As if all this was not bad enough, malware has evolved to include increasingly sophisticated stealth capabilities in its arsenal. Compounding the challenge, its primary objective has shifted from causing immediate damage to staying undetected and operating covertly over an extended period. The so called Advanced Persistent Threats (APTs) can remain dormant and not initiate systems captivation until days or even weeks after the malware's initial penetration. Malware can then distribute AUTORUN files, spreading from one system to another through internal networks. Once the attacker triggers the encryption process, it simultaneously affects all infected systems, amplifying the damage.

How secure network fabric adds a layer of protection

The sad truth (or an optimistic one, depending on how you look at it) is that the majority of data breaches are caused by simple mistakes that could have been avoided. Studies from IBM, Tessian, and Stanford University recognize "human error" as a contributing factor to 88-95% of security incidents. But what if managing, extending, and securing enterprise networks could be more automated, and therefore less prone to attack? That is exactly how network fabric works!

With the industry's most widely deployed and only end-to-end, automated, and secure network fabric solution, Extreme makes secure network fabric easy. By leveraging zero-touch, edge-only service provisioning and auto-sensing of devices connected to the network, IT teams can eliminate manual configurations to enable faster deployments and easier troubleshooting-reducing their workload on the one hand and enhancing overall network resiliency on the other. But that is just the tip of the iceberg, because the most important feature remains hidden from the attacker's view.

The inherent security of this solution stems from the way network fabric uses segmentation and isolation to contain threats. Extreme Fabric enables multiple, discrete virtual networks to run seamlessly over a common infrastructure, independent of topology. With automated, edge-only provisioning and a comprehensive, core-to-edge hypersegmentation of devices, users, guests, IoT, and other services, this solution essentially eliminates the risk of lateral movement by attackers. Being ethernet-centric, Extreme Fabric is invisible from an IP perspective, making it untraceable using remote IP-based tools.

Speaking of visibility - in conjunction with Extreme's industry-leading network management portfolio, the solution offers further benefits to network administrators. ExtremeCloud IQ Site Engine is natively designed to provide end-to-end network visibility, fabric monitoring, and management capabilities, providing in-depth details into the performance of applications and the network.

How organizations have enhanced network security with Extreme Fabric

Managing and securing a K-12 school environment

Serving approximately 22,500 students across 50+ locations, Durham Catholic District School Board (DCDSB) stands among the largest school districts in Ontario, on top of being named one of the best employers in Canada, according to Forbes. The school district was looking for a new solution that would allow a small IT team to manage and secure the entire network easily and efficiently.

Between the 15,000 concurrent devices on network, contributing to its growing complexity and the need to comply with both current and future rules for protecting student and faculty data, DCDSB decided to base their new network infrastructure on Extreme Fabric. The result? A three-man IT staff can now efficiently manage DCDSB's network, enable high performance and security, and support the diverse technological needs of students and staff.

Consolidating healthcare operations

As part of a merger process involving three separate locations, Elisabeth-TweeSteden Hospital (ETZ) was looking for a way to migrate individual networks into a consolidated, secure metropolitan-area network, managed from a single interface and enabling scalable connectivity and deployment for future expansions.

Today, with the help of Extreme Fabric, one of the largest healthcare providers in the Dutch province of North Brabant can segment connections for onsite partners, companies, and users easily and at scale. Additionally, thanks to the hypersegmentation capability, ETZ does not require separate networks for their many IoT devices and can better protect outdated medical endpoints. Without the need for high-level expertise or costly staff, the organization benefits from operational efficiencies across the board.

Unify, automate, secure

How can you stay proactive and fight fires with fire, despite the constantly evolving cyber threat landscape? You can start by transforming your IT operations to simplify, automate, secure, and optimize your network.

Learn why customers love Extreme Fabric and explore the benefits for your organization!

• Enterprise Networking
• Network Fabric
• Security
• SD-WAN
• Wired Access
• Wireless Access
• Data Center