What is Network Security? | VMware Glossary

The elements of a complete, multilayered security architecture that implements network security across an organization fall into two general categories: access control and threat control. 

Access Control
Network security starts with access control. If bad actors gain access to a network, they can surveil traffic and map infrastructure. Once they have mapped infrastructure and applications, they can launch a DDoS attack or insert malware. Access control restricts the movement of bad actors throughout the network. 

Threat Control
Even with access control in place, problems can arise. For instance, a bad actor may compromise an employee’s credentials to gain entry. Thus the need for threat control, which operates on traffic that is already permitted. Threat control prevents the actions of bad actors from doing damage within the network.
Threat control technologies begin with the firewall and load balancer. These devices protect the network from DoS/DDoS attacks. Next, IDS/IPS counters known attacks traveling through the network. Finally, unknown malware objects traveling through the network are captured with sandbox technologies, while anomalies in network traffic that may be symptoms of a threat are caught with NTA/NDR.