23 Points of Failure

Securing the Modern Enterprise by Eliminating 23 Critical Points of Network Failure

Author: Ron Lovern
First Published: March 2019

Customer Profile

  • Organization Type: Mid-to-large enterprise
  • Environment: Hybrid workforce (on-site, remote, mobile users)
  • IT Landscape: LAN, WAN, cloud applications, collaboration platforms
  • Primary Concern: Increasing cybersecurity risk and lack of visibility across the network

Business Challenge

As digital transformation accelerates, organizations face an expanding attack surface driven by cloud adoption, remote work, and distributed applications. Traditional, single-site, hierarchical network designs no longer provide adequate visibility, control, or security.

The customer was experiencing:

  • Limited end-to-end visibility across LAN, WAN, and cloud environments
  • Increased exposure to cyber threats across multiple unmanaged access points
  • Fragmented communication and collaboration platforms
  • Difficulty managing security consistently for remote and mobile employees
  • Growing risk of business disruption due to unaddressed points of failure

Daily cyberattacks and the decentralization of IT resources made it clear that existing security models were no longer sufficient.

Solution Overview

The organization adopted an End-to-End Network and Communication Security Framework designed to identify, manage, and mitigate 23 distinct points of failure across the enterprise network.

The solution focused on:

  • A holistic, end-to-end view of the entire communication stack
  • Integrated security across LAN, WAN, and Virtual (Cloud/Application) environments
  • Cloud-based, managed network security services
  • Real-time threat protection and monitoring
  • Secure enablement of collaboration, mobility, and remote access

Rather than treating security as a perimeter-only function, the framework extended protection beyond the firewall, ensuring visibility and control across all users, devices, and applications.

Architecture & Key Components

1. LAN Security

  • Endpoint access control
  • Internal traffic monitoring
  • Segmentation to limit lateral movement

2. WAN Security

  • Secure connectivity between sites
  • Encrypted traffic flows
  • Centralized policy enforcement

3. Virtual & Cloud Security

  • Application-level protection
  • Secure access to cloud services
  • Visibility into collaboration and business intelligence platforms

4. Centralized Management

  • End-to-end visibility of the communication framework
  • Actionable data for proactive network management
  • Unified control across physical and virtual environments

Business Outcomes

By addressing all 23 potential points of failure, the organization achieved:

  • Reduced Security Risk: Minimized exposure to network breaches across all environments
  • Improved Visibility: Full end-to-end insight into network and communication flows
  • Stronger Business Continuity: Security embedded into daily operations and disaster recovery planning
  • Workforce Enablement: Secure, seamless connectivity for remote and mobile employees
  • Operational Efficiency: Simplified management of a complex, distributed network

Key Value Delivered

  • Security aligned with modern digital transformation initiatives
  • A resilient, agile IT foundation supporting data-driven business operations
  • Protection designed for today’s collaboration-heavy, cloud-first workforce
  • A scalable framework that evolves with technology and business growth

Conclusion

As businesses become more distributed and cloud-dependent, addressing security gaps in isolation is no longer effective. This use case demonstrates how an end-to-end network security strategy, built around identifying and mitigating 23 critical points of failure, enables organizations to protect their networks, empower their workforce, and sustain growth in an increasingly hostile threat environment.

1. Mapping to the NIST Cybersecurity Framework (CSF)

NIST CSF Core Functions: Identify, Protect, Detect, Respond, Recover

IDENTIFY

NIST Categories: Asset Management, Risk Assessment, Governance

Solution Alignment

  • End-to-end visibility across LAN, WAN, and Virtual (Cloud/App) environments
  • Identification of 23 distinct points of failure within the communication framework
  • Continuous understanding of users, devices, applications, and data flows
  • Risk awareness driven by centralized network intelligence

Value

  • Eliminates blind spots across distributed and remote environments
  • Enables proactive risk mitigation instead of reactive security

PROTECT

NIST Categories: Access Control, Data Security, Protective Technology

Solution Alignment

  • Secure access to applications and data regardless of user location
  • Network segmentation and policy-based controls across all environments
  • Encryption and secure connectivity across WAN and cloud services
  • Protection extends beyond the firewall to users, devices, and apps

Value

  • Consistent security enforcement across all 23 points of failure
  • Reduced attack surface in hybrid and cloud-first environments

DETECT

NIST Categories: Anomalies and Events, Continuous Monitoring

Solution Alignment

  • Real-time monitoring of network traffic, applications, and user behavior
  • Visibility into collaboration platforms and cloud-based workloads
  • Continuous insight across LAN, WAN, and Virtual networks

Value

  • Faster identification of threats and abnormal activity
  • Reduced dwell time of attackers inside the network

RESPOND

NIST Categories: Response Planning, Mitigation, Communications

Solution Alignment

  • Centralized control for rapid containment of threats
  • Policy-driven response actions across the entire communication stack
  • Coordinated response across network, cloud, and application layers

Value

  • Faster, more consistent incident response
  • Reduced operational disruption

RECOVER

NIST Categories: Recovery Planning, Improvements

Solution Alignment

  • Security embedded into business continuity and disaster recovery planning
  • Rapid restoration of secure connectivity and services
  • Continuous improvement through insights gained from incidents

Value

  • Increased resilience and uptime
  • Stronger post-incident posture

2. Mapping to Zero Trust Architecture

Zero Trust Principle: Never trust, always verify

Core Zero Trust Tenets

1. Verify Explicitly

Alignment

  • Continuous validation of users, devices, and applications
  • Security decisions based on identity, location, and behavior
  • Visibility into all access paths across the 23 failure points

2. Use Least Privilege Access

Alignment

  • Granular access controls across LAN, WAN, and cloud
  • Segmentation to limit lateral movement within the network
  • Application-specific access rather than broad network access

3. Assume Breach

Alignment

  • Continuous monitoring and real-time threat detection
  • Design assumes compromise and limits blast radius
  • End-to-end visibility enables rapid isolation of threats

Zero Trust Pillars Supported

  • Identity: User and device awareness
  • Device: Secure access from managed and unmanaged endpoints
  • Network: Segmentation and encrypted connectivity
  • Application: Secure, policy-driven app access
  • Data: Protected data flows across environments

Zero Trust Outcome

  • All 23 points of failure are treated as potential breach points and continuously controlled

3. Mapping to SASE (Secure Access Service Edge)

SASE Objective: Converge networking and security into a cloud-delivered service

Core SASE Components

Secure Networking

Alignment

  • Cloud-based WAN connectivity
  • Secure access for branch offices, remote users, and mobile workers
  • Centralized policy enforcement

Security Services

Alignment

  • Integrated threat protection across network and cloud
  • Consistent security policies regardless of user location
  • Protection for collaboration and SaaS platforms

Identity-Driven Access

Alignment

  • User-centric security model rather than location-based
  • Secure application access from anywhere
  • Policies enforced at the cloud edge

Centralized Management

Alignment

  • Single-pane-of-glass visibility into the full communication framework
  • Unified control across LAN, WAN, and Virtual networks
  • Simplified operations and reduced complexity

SASE Business Value

  • Enables secure remote and hybrid work
  • Reduces reliance on traditional perimeter-based security
  • Aligns networking and security with modern digital transformation
Diagram showing components that open up a company's network.