What is enterprise security?

Enterprise security is the practice of operating a business securely. It comprises IT and a business-centric cybersecurity strategy. As Kevin Powers of Boston College notes in “Enterprise Security: What does it really mean?”, “An enterprise security program needs to take into account that cybersecurity is more than just an IT issue and recognize that cybersecurity risks impact the entire business.” You can start by mapping your security capabilities to the MITRE ATT&CKⓇ Framework.


Protect your enterprise with innovative solutions

In today’s digital world, this largely means protecting against cyber threats and attacks, to maintain business continuity, data privacy, and, in the case of critical operations, employee and public safety. Because the nature and risk level of cyber threats differ by company, the practice of enterprise security also differs by company. The common thread, however, is the use of tools and technology to safeguard the enterprise, its network, data, high-value assets, and intellectual property.
Many businesses think about enterprise security in terms of necessity. What’s the minimum I can do, given my constraints, to make sure we’re secure enough? While every business would like to be 100% secure, the reality of achieving that security posture is prohibitive in terms of costs and human resources, and too difficult for most businesses to achieve individually. Even the most secure organizations with defense-in-depth strategies, such as financial institutions and energy companies, are facing a threat landscape marked by adversaries’ constantly changing tactics, techniques, and procedures (TTPs) and efforts to infiltrate an enterprise’s complex ecosystem. So enterprise security is transforming fast, from securing the perimeter around an individual company (“castle and moat” approach) to securing a vast web of distributed endpoints and an extended enterprise supply chain, including third-party physical and digital suppliers. Zero trust now rules.
The constant evolution
of enterprise security
Key concepts of
enterprise security
Enterprise security
maturity spectrum
Enterprise security
from IronNet

The constant evolution
of enterprise security

The history of enterprise security is one of constant evolution, influenced by computing technology advancements. In the 1950s, the world was introduced to mainframes and the concept of all computing in one huge, room-sized box. PCs and interconnected servers came about in the 1980s, but still fundamentally operated as a centralized computing solution.  Client/server computing followed, where people had their own PCs and could log in to powerful servers behind the scenes. Next came multisites, where employees could log in to different servers but still using corporate devices. At this point, security remained centralized.
The enterprise computing landscape had a critical shift in the early 2000s with the arrival of bring-your-own-devices and more widely distributed networking and computing. Employees began using their own mobile phones and laptops to enter a corporate network from anywhere. Today, cloud technology takes us further to the edge, giving employees a direct line from their personal device to applications housed in an external cloud, once again shifting how businesses must approach their enterprise security.
Over the decades, enterprise security has evolved on a continuum away from hub-and-spoke models to a more distributed model. Enterprise security is about securing the network, regardless of whether computing happens on premises, in the cloud, or in a hybrid environment. Enterprise security now depends on advancements such as Network Detection and Response and Collective Defense to detect unknown cyber threats, analyze them at scale, investigate anomalies, respond fast, and share insights with peers in real time. Enterprises often rely on either an in-house or managed security service providers (MSSPs) to monitor, triage, and respond to network threats.
Customer Story

Finally, greater visibility of cyber threats to the financial sector

As one of the largest hedge fund management companies based in the U.S., this IronNet customer has little to no tolerance for cyber risk. Securing its network and data is paramount, as the company manages approximately $125 billion in global investments for a wide array of institutional clients, including foreign governments and central banks, corporate and public pension funds, university endowments, and charitable foundations. Although this innovative customer’s security controls architecture is one of the most in depth and capable defense postures in the financial services sector, it knew it had limited ability to detect and respond to behavioral-based threats on the network, especially APTs. The company therefore looked to IronNet to fill this gap.

Key concepts of enterprise security

Gartner Hype Cycles summarize the maturity, adoption, and value of key enterprise security technologies. Below are some of the popular concepts you’ll hear today – all rated by Gartner as either high or transformational in terms of benefit to the organization. And while these technologies are end states that take significant investment to achieve, it’s helpful to know where the market is headed.
Zero trust network access (ZTNA):
ZTNA is a cloud-based technology that operates on an adaptive trust model whereby access is granted on a “need-to-know,” least privileged model. ZTNA takes a context- and identity-centric approach in contrast to traditional network-centric architecture where there is implicit trust once someone is in the network.
Secure access service edge (SASE):
SASE is Gartner’s security model (typically SD-WAN, VPN, SWG, CASB, etc.) that includes principles of ZTNA. It’s an infrastructure-centric vision that combines networking and network security into a comprehensive solution.
Bring your own PC (BYOPC):
BYOPC is an endpoint deployment strategy that allows employees to use a personally selected and purchased client device to execute enterprise applications and access company services and data. BYOPC poses serious potential security threats due to unmanaged, unpatched, and infected user equipment.
Edge computing:
Edge computing describes a distributed computing topology in which data storage and processing are placed close to the things or people that produce and/or consume that information. Drawing from the concepts of mesh networking and distributed computing, edge computing strives to keep traffic and processing local and off the center of the network.
Software-defined wide-area network (SD-WAN):
SD-WAN products replace traditional branch routers. They provide several features: dynamic path selection, based on business or application policy; centralized policy and management of WAN edge devices; and zero-touch configuration.
Internet of Things (IoT) security:
IoT security addresses software, hardware, network and data protection for digital initiatives involving IoT. The term is most often used in the context of business or marketing efforts, as opposed to cyber-physical systems security, which is a more descriptive and pragmatic term for security and risk practitioners.
Firewall as a service (FWaaS):
FWaaS is a multifunction security gateway delivered as a cloud-based service, often intended to protect small branch offices and mobile users. FWaaS is primarily delivered as a multi-tenancy infrastructure that is shared among multiple enterprises.

Enterprise security maturity spectrum

Your enterprise security strategy should be based on your unique combination of business type, IT resources, and other factors. To determine the best strategy for your business, it’s helpful to look at where your organization sits on an enterprise security maturity spectrum as it relates to where you are now in relation to your desired end state. This maturity model will inform which steps you should take to achieve your optimal security posture. There are many well-known security maturity & capability models that can help assess the status of your security stance, such as COBIT, ISO27001, and NIST/CMMI.

How to use the spectrum

  • Where is your organization now?
It is key to take an honest look at your institution’s people and processes, as well as security hardware and software platforms. Assess your organization’s governance (internal and external), technology roadmap, and operations. What is working well and where are threats slipping through the cracks?
  • What is your desired end state?
Do you want a fully functional, in-house security organization or a system of outsourced experts? A truly powerful and proactive security stance is rooted in efficient and effective processes, rather than layers of mismanaged products. To move upwards, into a more mature security level, plan for automation, collaboration, and making the best use of the resources you have in place.
  • How should you prioritize effort?
To achieve your desired end state, it’s helpful to prioritize steps based on business factors. Are you entering a product refresh cycle? Is there a macro event such as the Covid-19 pandemic forcing you to change your operating model? Are you adopting a new technology to keep pace with market demands? Consider all relevant business factors before deciding where to prioritize effort.

5 Practical ways for a CISO to


Additional resources to strengthen your security posture


10-step executive action plan for collective defense


IronNet webinars on demand

Enterprise security
from IronNet

Once you assess your security maturity, you can better identify where and how you need to secure any weak spots revealed using an enterprise cybersecurity assessment tool, for example. IronNet offers a full range of enterprise security solutions to strengthen your cybersecurity posture.
Network Detection and Response
Network Detection and Response (NDR) is a field of cybersecurity that enables organizations to monitor network traffic for new malicious actors and suspicious behavior that signature tools don’t detect, and react and respond to the detection of cyber threats to the network. Advanced network detection leverages machine learning, expert analysis, and threat sharing so you can see rated unknown threats faster, accelerating triage and response.
Cyber Analytics
Cyber analytics involve the use of algorithms, statistical analysis, behavioral analytics, machine learning, and other classes of analysis to solve cybersecurity problems in a way that traditional security controls cannot. Cyber analytics is often compared with indicators of compromise (IoCs), though it is distinguished by the use of analysis to detect potential and unknown threats that signature-based (or known) IoCs miss.
Collective Defense
The more technology, the more sprawl, the more complexity. As an organization, you’ll never have the resources to manage this yourself. Collective Defense is a proactive, collaborative approach to cybersecurity that involves organizations working together through a common platform, within and across sectors to defend and proactively protect participants against targeted cyber threats.
Human Intelligence
Enterprise security is largely a technical field comprising networks and algorithms. But humans are the real heroes at IronNet. IronNet’s team of expert offensive and defensive cybersecurity operators help defend against advanced threats by offering monitoring and threat hunting in our customers’ networks.
Cybersecurity Services
IronNet’s advisory and operational cybersecurity services can raise your cybersecurity posture. We can help you assess your cybersecurity maturity, sharpen and advance your cyber strategy, and accelerate the work of those defending behind the scenes within your company and sector.