Posts Tagged ‘Firewall’

Fine-tuning Network Security

Posted: November 20, 2012, 4:10 pm

By JP Blaho

Network SecurityThe way workers conduct business is rapidly changing, and as a result, there are new demands on network security.

To start, users increasingly are relying on Internet-based software applications to conduct business. Software-as-a-Service (SaaS) use is up, resulting in an 18 percent increase in worldwide revenues from last year to this year. Facebook use more than tripled (in terms of percent of corporate network bandwidth consumed) and Twitter use on company networks grew 700 percent year-to-year from 2010 to 2011, according to one study. And browser-based file-sharing is now found on 92 percent of company networks.

Further, there is a blurring between work and personal life. The 24/7 nature of business and the increased connectivity and availability to business applications via the web has blurred the distinction between work and personal life. With little distinction, workers frequently use company-issued desktops, laptops, smartphones, and other devices for personal use and vice versa.

Add to that the consumerization of IT, which has taken hold in most companies. Employees, accustom to the simplicity and usefulness of their own smartphones and tablets, are using these devices for work. Increasingly, companies are even sanctioning such activities through formal Bring-Your-Own-Device (BYOD) initiatives. To put the BYOD movement into perspective, consider that one industry study found that 44 percent of firms had a BYOD policy in place in early 2012 and 94 percent plan to implement BYOD by 2013.

These trends make it difficult for IT to weed out the good network traffic from the bad. For example, is a worker’s Facebook use for business or is it of a personal nature that might put the company at risk? Similarly, does a spreadsheet being shared contain information needed in an authorized transaction with a business partner or is it a collection of customer credit card numbers, accessed by an unauthorized employee, and being shipped to an accomplice for identity theft and fraud?

Traditional firewalls and network edge protection solutions such as Intrusion Detection and Protection Systems (IDS/IPS) have not been much help with these matters. They simply have not had the granularity to be able to segment traffic based on the application and the user.

However, with the introduction of newer UTM solutions and Next Generation Firewalls, network and user awareness has take a huge leap forward in being able to secure at the user level, as opposed to the port or the group level.

Such solutions help organizations in a couple of ways. First, they offer the granularity needed in today’s business environment. With a traditional solution, IT would be able to block everyone’s access to a social networking site or file sharing service such as Dropbox. However, business needs today may dictate that certain users have access to some of these sites or service. For instance, as social networking becomes a critical business tool, the marketing department would certainly need access. Similarly, a creative agency within the company might need access to a file sharing service to send advertising material out for review and approval.

The newer security solutions allow IT to designate which users or groups of users have access to specific Internet applications and services. The solutions also allow control at a more granular level. For instance, IT might let users access a chat function of a service, but not file sharing.

Most importantly, the newer solutions offer the flexibility to match the dynamic nature of today’s business environment. Specifically, using the newer security applications, organizations can quickly react to the needs of the users, proving selective access to needed sites and services, while still securing the network.

Tags: , , , , , , , ,

Posted in Cloud

Add a Comment

Enterprise-level Security at a Small Business Budget

Posted: August 3, 2012, 6:23 pm

By JP Blaho

Cloud Security

As companies embrace the fact that every business is a contender on the Internet, and every company is subject to the same types of vulnerabilities and attacks, they must all realize their network security postures must be advanced and robust.  This means that a company of six employees must have network security protections which mirror those of an organization of 6,000 employees.  As cost-prohibitive as it sounds, there are ways that non-enterprise-level businesses can implement a security strategy that is comprehensive and effective in protecting themselves from attack just as successfully as enterprise customers.

One such solution is called Unified Threat Management (UTM).  Essentially a UTM is a single platform architecture shared by multiple security applications such as firewall, intrusion detection/intrusion prevention (IDS/IPS), and URL filtering.  The single most important advantage of adopting a UTM is the lower cost to purchase and manage this solution.  Instead of having to acquire multiple discreet security solutions, you only purchase one (licensing varies based on vendor and security applications needed).  Most UTM vendors also offer a centralized interface, so that you can manage all the different applications, create policies and enforce rules from a single location.  A UTM is not the panacea for network attacks or addressing compliance requirements, but it does combine multiple security applications in a footprint that is affordable and robust enough to build some level of confidence in your network.

Knowing that there are solutions out there to help companies of all sizes remain protected can be a relief, but a certain amount of knowledge around network security is required to ensure that you are maximizing your security posture against your IT investment.  For most mid-market organizations, this level of expertise does not exist and the amount of money needed to hire a security expert is not in the budget.  Managed Security Service Providers (MSSPs) are a preferred alternative in these situations.  MSSPs not only manage the security solutions for you, they also can install, configure, maintain, and update the platform at a price that is well within most budgets.  These offerings are usually offered as a monthly subscription service over a two, three and five year agreement.  Most MSSPs are security certified, and will have intimate knowledge on the security application that they will be managing for you.  Not only do you have this security expert as an extension of your company, but you also have this security support 24 hours a day, seven days a week.  And like the cybercriminals, these certified security specialists focus all their time on network security, but instead protect from attacks.

If your organization is looking to improve on its security posture, UTM solutions provide a comprehensive suite of security applications to build a stronger security infrastructure.  If you are constrained due to resources or expertise, a managed service around UTM would provide you with a robust security platform, and the certified security expertise to manage it for you.

Security is not a checkbox for addressing compliance.  Selecting default within the security applications does not provide you with the levels of security needed to protect yourself from the cybercrimes.  It is the combination of strong security applications and expert knowledge on security that protect you and your network.  A Managed UTM offering can help get you to that level of security confidence.

Tags: , , , , , ,

Posted in Availability Services, Cloud security, IaaS, IT and the Cloud

Add a Comment