Search Sujata's Blogs

Sunday, 9 November 2014

Why Traditional Firewalls And Anti-Virus Cannot Keep Up with Today's Threats - Sujata Computers Pvt Ltd


UNIFIED THREAT MANAGEMENT (UTM)
 
 
In today’s increasingly mobile world, networks change constantly posing new challenges to IT team and to the administration on how to control security and protect the data. New services, access methods, and even devices continue to show up in networks at a frenetic pace.
For years, you must have been told that you need antivirus or some piece of software to protect your computer. These antivirus or software are usually reactive and alert you once they discover something unusual on a particular computer and not in the network. Of course, they are helpful but they do not provide full-proof security to your data and to your network.
 
Users are accessing an increasing number of applications with a wide range of device types, often times to get their job done, yet with little regard to the business or security risks. Meanwhile, datacenter expansion, network segmentation, virtualization and mobility initiatives are forcing you to re-think how to enable access to applications and data, yet protect your network from a new, more sophisticated class of advanced threats that are adept at evading traditional security mechanisms.
 
Below are some challenges that are now concerns for Mid-size and Enterprise Businesses -
  
Challenge #1 : Employees bringing their personal mobile and tablet at work creates data security a concern for IT team
 
Who could have foreseen the impact of WhatsApp, Twitter and Facebook,or iPads and Android smartphones and tablets, only a few years ago? Today, employees expect to use personal smartphones and mobile devices at work also known as Bring Your Own Device (BYOD), making data security a concern for IT teams.
  
Challenge #2 : New applications evade threat detection

Traditional or “first-generation” firewalls rely on scanning of port numbers or protocol that are used by applications to detect the  threat and to prevent any misbehavior or intrusion in the network.

Traditional firewalls cannot detect new applications that are accessed through web browser and do not use specific port number or prototype.
 
Challenge #3 : Multiple Devices or Tools Addressing Incoming Data Security Threats

With the new challenges and threats, there is a need to have multi-level security and to do so, we do not recommend customers to buy different brands of traditional firewall, Data Loss/Leak Prevention (DLP), Intrusion Prevention System (IPS), filtering of websites and data traffic, malware screening at the gateway level and patch management in the network. Different tools create problem of managing them effectively and there can be a problem of compatibility. 

From a performance point of view also it is not recommended as each tool/device performs its own inspection of network data, which means that data is inspected multiple times by multiple devices and that create a time latency in data transfer.

In below image, you can see the flow of the data and the possible ways in which threat can enter into the network.



BOTTOM-LINE :

As a network’s complexity increases, so does the expense required to manage that network.

Every administrator should carefully consider the TCO of add-on security appliances versus an integrated solution like UTM or Next-Gen Firewall before making significant infrastructure solution commitments.

UTM should be flexible in terms of output, should be future-ready and should be powerful enough to support your requirement.

The application, content, and user—the elements that run your business—then become integral components of your enterprise security policy. The result is the ability to align security with key business initiatives.

• Safely enable applications, users and content by classifying all traffic, determining the business use case and assigning policies to allow and protect the relevant applications.

• Prevent threats by eliminating unwanted applications to reduce the threat footprint and applying targeted security polices to block known vulnerability exploits, viruses, spyware, botnets and unknown malware (APTs).

• Embrace mobile computing by ensuring devices are properly configured and that they are protected from threats.

• Protect your datacenters through validation of applications, isolation of data, control over rogue applications and high speed threat prevention.

• Secure cloud-computing environments with increased visibility and control; deploy and maintain security policies at the same pace as your virtual machines.



As we write this, the best UTM solutions for networks include the following core security functions / policies in their arsenals:

·         Network firewalls perform stateful packet inspection.

·         IPS detects and blocks intrusions and certain attacks.

·         Application control provides visibility and control of application behavior and content. 

·         VPN enables secure remote access to networks. 

·         Content filtering halts access to malicious, inappropriate, or questionable websites and online content. 

·         IPv6 support in all network security functions protects networks as they migrate from IPv4 to IPv6.

·         Support for virtualized environments, both virtual domains and virtual appliances.

They also include additional security technologies that organizations can choose to deploy, including

·         Data loss prevention that blocks accidental or intentional loss of confidential, proprietary, or regulated data.

·         Anti-virus/anti-spam protection that prevents malicious payloads or unwanted messages from entering networks.

·         Endpoint control that enforces corporate security policies with remote users and devices.

·         Integrated wireless LAN (WLAN) controller to consolidate all wired and wireless traffic through a single device, to simplify policy creation and enforcement while reducing network complexity.

SOLUTION TO CHALLENGES ABOVE :
 
UTM solution is integration of multiple security features like firewall, application control, intrusion prevention, VPN, reporting and other elements into a single product. There are multiple brands for which Sujata Computers Pvt Ltd has expertise in.  We can recommend you an appropriate brand and model from Fortinet, SonicWall, Check Point, Cyberoam, Juniper, Palo Alto, Sophos and Cisco depending on your use, industry, existing and future infrastructure, budget and skill-set available with your IT team. 

 In short, we recommend UTM that includes following features:
  1. Firewall
  2. Application Control
  3. IPsec and SSL VPN
  4. IPS
  5. Web content filtering
  6. Anti-spam
  7. Data loss/leakage prevention
  8. Anti-virus and anti-spyware protection
  9. IPv6 native support
  10. Traffic shaping and bandwidth control
  11. Detailed reporting

    and if you have no constrain on budget, you should opt for UTM that has independent processors for one-single activity (feature) i.e the more silicon is in UTM the better performance it will deliver.

    We also take up responsibility of maintaining the UTM for its customers and help them implement it. We can sign an annual or long-term service and support contract for UTM and help our customers safeguard their infrastructure.

     
    For More Information, Read:
     

    1. 7 Tips for Establishing a Successful BYOD Policy - http://www.cio.com/article/2395944/consumer-technology/7-tips-for-establishing-a-successful-byod-policy.html
    2. BYOD policy Template - http://www.itmanagerdaily.com/byod-policy-template/ 
    3. https://www.avnotenough.com/

     

    CONTACT SUJATA COMPUTERS PVT LTD (INDIA) FOR UTM

     

    Dinesh Golecha | +91-8888165300 | dinesh.g@sujataindia.com
    Paresh Lodha | +91-7276000222 | paresh.lodha@sujataindia.com
     

    No comments:

    Post a Comment