Understanding the Value behind Enterprise Application-Aware Firewalls

Similar documents
SUPPLEMENTARY DEFENSES FOR ENDPOINT SECURITY

AUTHENTICATION AND AUTHORIZATION: TWO SECURITY ESSENTIALS THAT WORK TOGETHER

PREVENTING PRIVILEGE CREEP

MANAGING ENDPOINTS WITH DEFENSE- IN-DEPTH

E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY

AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER?

NETWORK-BASED CONTROLS: SECURING THE INTERNET OF THINGS

BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES

ADDRESSING TODAY S VULNERABILITIES

BRING SPEAR PHISHING PROTECTION TO THE MASSES

ADOPTING FIDO SearchSecurity

Evaluating the Security of Software Defined Networking

TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS

WHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY

Disaster Recovery Planning: Weighing your customer s options

Storage Virtualization Explained

SSL Certificate Management: Common Mistakes and How to Avoid Them

SDN Technologies Primer: Revolution or Evolution in Architecture?

Solid State Storage: Trends, Pricing Concerns, and Predictions for the Future

Desktop Virtualization: What Windows Managers Should Know

Utilizing Windows Server 2012 without the GUI Key workarounds for avoiding the Modern UI

BUYING SERVER HARDWARE FOR A SCALABLE VIRTUAL INFRASTRUCTURE

VMware vsphere Beginner s Guide

10 Cloud Storage Concepts to Master

Identify and Eliminate Oracle Database Bottlenecks

An introduction to the VDI landscape

Best Practices for the Hybrid Cloud

E-Guide BENEFITS AND DRAWBACKS OF SSD, CACHING, AND PCIE BASED SSD

Server Hardware for Virtualization: Exploring the Options

1110 Cool Things Your Firewall Should Do. Extend beyond blocking network threats to protect, manage and control application traffic

E-Guide WHAT WINDOWS 10 ADOPTION MEANS FOR IT

SECURITY MONITORING: BE EVERYWHERE AT ONCE

STORAGE NETWORKING TECHNOLOGY STEPS UP TO PERFORMANCE CHALLENGES

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

LESSONS LEARNED FROM AN OFFICE 365 MIGRATION

Integrated Access Management Solutions. Access Televentures

The Emergence of SDN in WLAN

Requirements for virtualizing Exchange Server 2010

Disaster recovery planning for health care data and HIPAA compliance regulations

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

Backup Appliances: Key Players and Criteria for Selection

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

with Advanced Protection

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

RSA INCIDENT RESPONSE SERVICES

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

Services solutions for Managed Service Providers (MSPs)

A primer to SQL Server 2012

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

RSA INCIDENT RESPONSE SERVICES

Build Your Zero Trust Security Strategy With Microsegmentation

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Cloud-Enable Your District s Network For Digital Learning

The McGill University Health Centre (MUHC)

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

KNOW THE FEATURES OF WINDOWS SERVER 2012 R2

E-guide Getting your CISSP Certification

Education Network Security

Vista Deployment: What s in the Box and What s Not

Symantec Client Security. Integrated protection for network and remote clients.

E-Guide DATABASE DESIGN HAS EVERYTHING TO DO WITH PERFORMANCE

WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION

Security 2.0: Balancing Business Enablement and Information Security

Stopping Advanced Persistent Threats In Cloud and DataCenters

AKAMAI CLOUD SECURITY SOLUTIONS

BUILDING A NEXT-GENERATION FIREWALL

Use Cases. E-Commerce. Enterprise

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Simplifying the Branch Network

SRX als NGFW. Michel Tepper Consultant

Digital Marketing Manager, Marketing Manager, Agency Owner. Bachelors in Marketing, Advertising, Communications, or equivalent experience

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Why Enterprises Need to Optimize Their Data Centers

The SD-WAN security guide

Information Security Controls Policy

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

10 ways to securely optimize your network. Integrate WAN acceleration with next-gen firewalls to enhance performance, security and control

Business Strategy Theatre

Best Practices in Securing a Multicloud World

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

Cisco s Appliance-based Content Security: IronPort and Web Security

Transform your network and your customer experience. Introducing SD-WAN Concierge

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

The Value of Automated Penetration Testing White Paper

Taking Back Control of Your Network With SD-LAN

2018 Mobile Security Report

Software-Defined Secure Networks. Sergei Gotchev April 2016

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Networking for a dynamic infrastructure: getting it right.

A Firewall Architecture to Enhance Performance of Enterprise Network

Transcription:

Value behind Enterprise Application-Aware Firewalls

Value behind Enterprise Firewalls have remained largely unchanged since their emergence 25 years ago, but with Web 2.0 technologies surfacing, organizations are in need of a solution that can distinguish different risks within a website s features and content. This expert E-Guide, brought to you by SearchSecurity.com, explores the and uncovers why they re in such high demand among users. applicationaware By: Michael Cobb, Application Security Firewalls have been the predominant form of security for Internet-connected networks for some 25 years now. While the technology remained largely unchanged for much of that time, more recently a new generation of "" s has emerged to deal with today's applicationcentric threats. During this last quarter century, attackers have moved from targeting operating systems to targeting the applications that run on them, moving up the protocol stack to use protocols such as HTTP and XML to launch sophisticated attacks. These attacks are designed to circumvent the traditional access control policies enforced by perimeter s. In turn, s have added more functionality to be able to operate on all layers of the protocol stack, from layer 2 to layer 7, inspecting traffic and analyzing protocols to thwart the latest attack techniques. Firewalls have traditionally been based on a "block or allow" model: "Bad" packets are blocked by the, and any packets that don't violate rules are deemed "good" and allowed to pass through. However, today, with the emergence of Web 2.0 technologies, organizations needs a that is able to distinguish between different risks within a website's features and content, and apply policies accordingly. Page 2 of 10

Value behind Enterprise Many organizations resort to restricting employees' use of certain Web applications altogether, losing out on the potential benefits of Software as a Service (SaaS) and other cloud and mobile apps. These decisions often arise because of installed technologies not being able to effectively enforce security policies as they can't put content into context. The new generation of s, such as SonicWall Inc.'s E-Class and McAfee Inc.'s Firewall Enterprise, are far more context-aware, enabling network administrators to fine tune network traffic rules. The key features include: Real-time visualization: Create effective rules that perform as intended based on real-time information and observations, such as bandwidth utilization or sites visited by a user. Monitor how rule changes affect productivity and security and really understand how your network is being used. Greater levels of granular control: Apply rules to specific applications rather than trying to rely on generic port or protocols. Ensure critical applications such as Microsoft SharePoint and Salesforce.com get the bandwidth required and review the impact of rule changes via live graphs. Easy implementation of complex rules: Avoid draconian "block all" rules and use more flexible ones, such as "Facebook but no Farmville," and "Facebook can only use less than 10% of connections and bandwidth during business hours." Also restrict access to certain applications to specific groups or users. Automatic signature updates: Block dynamically changing applications such as P2P, designed to evade rules, with automatic updates of application signatures regardless of the port or protocol being used. Control data transfers: Warn users with messages whenever they try to transfer specific files and documents that conflict with policy. The introduction of real-time visualization makes implementing and regulating such specific rules much easier. Visualization of network traffic Page 3 of 10

Value behind Enterprise makes it easier to create effective rules that perform as intended based on real-time information and observations, such as bandwidth utilization or sites visited by a user. Rules can be applied to specific applications rather than trying to rely on generic port or protocols and the business impact of rule changes can be reported back via live graphs. Application-aware s: Can they do it all? These next-generation capabilities of enterprise s work alongside the standard gateway antivirus, antispyware and intrusion prevention features of standard s or UTM appliances. It takes a lot of processing power to be able to deliver this level of insight and control, evaluating traffic payloads in real-time as they enter and exit the network. It takes a lot of processing power to be able to deliver this level of insight and control, evaluating traffic payloads in real-time as they enter and exit the network. Even though these s run on multi-core processors, it's important to ensure they will be able to handle your current and future network traffic loads. For high-volume networks, it still pays to install s that specialize in different layers. Network s can filter large amounts of traffic, catching the port-scanning, denial-of-service and other low-level network attacks, leaving the s to control acceptable use of today's complex Web applications. This way, the right balance between performance and in-depth analysis can be achieved from an organization's infrastructure. About the author: Michael Cobb, CISSP-ISSAP, CLAS is a renowned security author with more than 15 years of experience in the IT industry. He is the founder and managing director of Cobweb Applications, a consultancy that provides data security services delivering ISO 27001 solutions. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Cobb serves as SearchSecurity.com's contributing expert for application and platform security topics, and has been a featured guest instructor for several of SearchSecurity.com's Security School lessons. Page 4 of 10

Value behind Enterprise Demand among Users, By: Rachel Shuster, Associate Editor A large majority of users are seeking next-generation s that go beyond port and protocol identification and offer up granular application awareness, according to a recent survey conducted by TechTarget. According to the study consisting of 221 respondents, 69% said they would seek next-gen s that went deeper than port and protocol identification; 57% would seek a product that enforces policy based on application traffic; 49% wanted a product that incorporates user identity access and management; and 43% are interested in s that can enforce varying policies on specific features or content within an application. Another 55% said they would seek s with intrusion prevention and user identity access capabilities. This highlights a continuing trend in users seeking an all-in-one security appliance. Next-gen s may be attractive, but are all users ready? If users are ready to take on advanced next-gen s, are channel partners ready to sell and support them? Joel Snyder, senior partner with consultant firm Opus One, sees the nextgeneration trend growing but is a little surprised that respondents are that aware of this niche.. It s not something that many people have experience with because there s only a couple of them out in the market right now. That says there s either a flaw in the survey, or that people are desperate for better security solutions to [solve] the problems they have on their network today. For larger enterprises, it's most likely the latter. These network managers are beginning to realize they need s so they can apply a comprehensive policy for outbound connections, said Snyder. But for smaller companies it could be a different story. Page 5 of 10

Value behind Enterprise For enterprise managers yes, they can make that jump, he said. For small business managers, they probably don t understand the difference between a next-generation and a normal UTM. For inbound, server-protected s, a traditional coupled with an internal/external IPS is probably more appropriate than next-gen. [Enterprise] network engineers or managers are going to have to find a channel partner that can help them utilize these next-gen features, or they are going to have to learn how to utilize them themselves. Next-gen s: How deep does ness go? Next-gen s may not seem necessary to some, but others want to believe they'll need to get even more complex features over time. Of course a next-generation has to have intrusion prevention. An IPS is what many s have traditionally been, but in the face of modern malware attacks especially over social media Web 2.0 sites, these have proved to be ineffective in stopping serious intrusions into the network, said Steven Gilmer, systems administrator at UC Irvine Extension. A nextgeneration has to have a deep encrypted packet filtering, proxy avoidance detection, block peer-to-peer and look at active content. The nextgeneration is way past application and user identification. It s what do you do after that? What are you going to do to stop the malware that's encrypted once you identify that app? The rise in enterprise use of public Internet, social media and mobile devices has catapulted the next-generation demand, Gilmer said. Websites are being hacked regularly. You think you re safe in going to a website where the packets are encrypted, but the bad guys have hacked the site and their malware is inside of that encrypted packet, and that goes straight into your network. The next-generation is trying to deal with that, but the bad guys are keeping up, he said. Next-generation demands mean more work for partners So what does this all mean for channel partners? It will mean the need to gain stronger and more in-depth technological background in s and Page 6 of 10

Value behind Enterprise their capabilities. Previously, partners sold standard s that did not have many bells and whistles. Now they'll have to answer a new level of questions and handle more complex implementations. Next-gen s, and especially IPS, are more sophisticated and require more policy definition than a normal, Snyder said. What channel partners might need to do is both educate and help with templates for intrusion prevention and application identification [on] parts of the. You want a consultant to come in who knows your industry. It s not so much about the training of the product, but the configuration of the product. Documentation and videos from the vendors greatly help end users on become educated with next-gen appliances, Gilmer said. On Virtual Graffiti s website, where Gilmer purchased his next-gen, there are several icons that you can click on where you can see specs and documentation, as well as videos produced by the vendor that educate the end user on next-generation s. Also at Virtual Graffiti, they have vendors put on class seminars, so their engineers and salesmen are schooled. Good support services with welleducated vendors are really important for end users, Gilmer added. Andrew Plato, president of Anitian Enterprise Security, and his team provide these educational services in addition to implementation specifically tailored to user needs. We don t pitch a product, we pitch an answer. Our focus is trying to find a technology that meets users needs while coming in under budget. We are training our staff on that, not just selling boxes and pushing them on people, Plato said. Some partners are fine with selling ports and protocols, but once security factors like intrusion prevention and application control come into play, that takes a higher skill set that partners may not have, Plato said. There is a pressure on a lot of VARs to have security-trained people, and that s not always that easy to get, Plato said. Page 7 of 10

Value behind Enterprise The future of next-generation s: Will they replace other network products? The term next-generation may soon be obsolete as the additional demands of s become more common. Additionally, since networks are growing in capabilities, users may want to utilize a that can not only keep up with growth, but perhaps take the place of another solution or two, decreasing products and clutter on the network. It s an inevitable evolutionary step. Next-generation will not be its own product category. As the next-generation technology of application identification becomes better understood and is better able to fit into the performance of the devices we have, this will just be a default feature. Soon there will be no such thing as a non-next-generation, Snyder said. Plato also sees a future in which consolidating products on the network will save time and cost in the enterprise. Now, one piece of equipment can do the work of what previously took three, four or five to do. It can provide a broader platform of capabilities. Because of that, that s driving down cost. If you can collapse multiple applications or services onto one platform, you are going to save more money and get more out of less, he said. Page 8 of 10

Value behind Enterprise Guided by its vision of Dynamic Security for the Global Network, SonicWALL develops advanced intelligent network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications and protect networks from intrusions and malware attacks through award-winning hardware, software and virtual appliance-based solutions. SonicWALL offers a massively scalable architecture to address the rapid increase in bandwidth speeds and escalating volume, frequency and sophistication of Internet threats. Moreover, SonicWALL drives the cost and complexity out of building and running secure infrastructures, thus enabling greater productivity and IT efficiencies. Page 9 of 10

Value behind Enterprise Free resources for technology professionals TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. What makes TechTarget unique? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets. Related TechTarget Websites Page 10 of 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback