SlideShare a Scribd company logo

A NEW SET OF NETWORK SECURITY CHALLENGES

•
•
Icomm Technologies
Icomm Technologies

A new IDG survey reveals optimism about the ability of next-generation firewalls to help IT balance productivity and security

Business
1 of 6
Download to read offline
TECH DOSSIER | NEXT GENERATION FIREWALLS A NEW SET OF NETWORK SECURITY CHALLENGES A new IDG survey reveals optimism about the ability of nextgeneration firewalls to help IT balance productivity and security ALSO INSIDE +WHY PROTECTION & PERFORMANCE MATTER + >
> A NEW SET OF NETWORK SECURITY CHALLENGES 2 With two issues becoming increasingly crucial, IT faces conflicting mandates from EMPLOYEES AT WORK, AND PLAY the business. On one hand, employees demand access from devices beyond the > IT is stuck in an untenable position between the firewall—smartphones, tablets, home PCs and laptops. On the other hand, risk man- company and its employees. Companies love to have employees stretch their hours by signing into corporate agement dictates corporate data must remain protected. The overarching challenge: systems from home; employees are used to the idea of balance productivity and security. time-shifting. The survey results show the upshot. Within that mandate, however, lie several other challenges, according to a new survey conducted by IDG Research Services on behalf of Dell. The survey was conducted in October of 2012 and reflects the insight of more than 250 IT professionals at companies with more than 500 employees. It reveals the depth with which network administrators must juggle these competing factors. The issues facing IT go beyond security to encompass network bandwidth as well. For instance, 52 percent of IT professionals report that employees tend to “frequently” or “very frequently” perform tasks unrelated to their work on the Internet or in other applications. Almost 40 percent report that the creation and management of customized access or use policies is difficult, and one-third believe that users working on personal devices are exposed to increased security threats. The latter problem stems from the frequent inability of IT to monitor what happens on a Just as technology has caused these problems, technology may also be the solution. user’s home device. A new generation of firewall technology, designed with current security and network- In many cases, IT can install an agent on specific home ing issues in mind, promises to give IT a way to solve its multisided puzzle. machines to ensure adequate security software is
A NEW SET OF NETWORK SECURITY CHALLENGES installed, as well as VPN software that allows users they visiting LinkedIn to catch up on old friends, or to mitted securely but still be malware. > tional videos that relate to improving their skills? Are through a VPN doesn’t mean it’s safe. It can be trans- 3 YouTube to watch cat videos, or to download educa- to connect securely. But just because traffic comes > identify the next crucial addition to their team? Are they visiting Facebook to play games or to discover what’s Survey respondents aren’t antediluvian about how they being said on social media about the company’s prod- allow users to access corporate data. More than half of ucts? As a result, many respondents report they are not those who indicate the amount of work employees do on regulating the use of Web sites that may or may not be personally owned devices is on the rise also believe this work-related and focusing their resources elsewhere. is a positive trend. The company benefits from 24-hour Given that most firewalls only offer a binary on/off employee access to email, but there still must be some method of allowing Web site access, this seems logical. security policies in place—such as the ability to erase corporate data from a personal device if it’s lost or stolen. 4000% data growth at the edge? Learn how SonicWALL saved U.S. Cellular operational costs while expanding services. There may, of course, be unseen security implications. Many Facebook users have been exposed to malware; these same security issues, 30 percent deemed them Security of personal devices is not the only issue. Given it’s not that Facebook itself is to blame, but its adver- “somewhat” or “extremely” ineffective. For instance, that employees frequently must log on from remote tising may have been compromised. In the light of IT’s even if an enterprise deployed Gigabit Ethernet, earlier locations, two-thirds of IT professionals view as “highly inability to control access, and occasional orders to favor generation firewalls could only deal with much slower important” their ability to provide adequate bandwidth productivity over security, IT may feel it has no choice. speeds—perhaps as low as 50 megabits per second. to ensure employees stay productive, no matter where This slows down all the traffic on the network. they are. Respondents also tend to view their organizaSimilarly, a traditional firewall doesn’t have the ability and as enabling—rather than stifling—for productivity. A NEW TOOL IN THE ARSENAL: NEXT-GENERATION FIREWALLS More often than not, respondents tend to believe their The fact is, though, that IT does have a choice. Firewall application from accessing the firewall, but the appli- organization’s security technologies and policies are technology has advanced sufficiently that the issues cation developers could just as easily route it to port a tactical necessity or a strategic enabler. More than IT faces can now be addressed by next-generation 80, which handles basic Web traffic, or port 84, which 80 percent think such policies positively contribute to firewalls (NGFs). These devices are designed to filter handles Web browsing. NGFs allow IT to filter not just by productivity. And it’s not just employees getting more network and Internet traffic based upon the applications IP address, or by port or protocol, but also by looking at work done—it’s also their ability to avoid system down- or traffic types using specific ports. They help IT detect layer 7 data—actual application information. time after they unintentionally access malware, whether application-specific attacks, giving network and security on an unauthorized Web site or through email. administrators the potential to catch more malicious Consider this analogy to explain the difference between activity than traditional firewalls. traditional and next-generation firewalls. A traditional tion’s security technologies and policies as necessary The question of what constitutes an “unauthorized” to filter specific parts of applications. IT could block an firewall is like an airport baggage handler, who makes Web site adds to IT’s conundrum regarding security, IT understands the limitations of traditional firewalls. sure that a piece of luggage (representing data) gets on bandwidth and productivity. Are employees accessing When asked about their effectiveness in addressing the correct plane to the correct destination. A next-
> A NEW SET OF NETWORK SECURITY CHALLENGES 4 > concentrators no longer require a VPN agent on a client research firm Gartner confirms this: it estimates that device, but can instead accommodate VPN through less than 5 percent of Internet connections are secured a browser. This allows for broader support of mobile by NGFs, but by 2014, the rate will jump to 40 percent. clients that use browsers, whether on smartphones, tablets or laptops, from any manufacturer. Even though survey respondents associate certain challenges with the deployment of next-generation firewalls—specifically cost, increased complexity and INCREASED AWARENESS, INCREASED DEPLOYMENT lack of staff resources—issues that face any new Based on the survey results, IT administrators are because they incorporate features—such as VPN and increasingly aware of next-generation firewalls; only 25 intrusion protection—currently handled by multiple percent of respondents were unaware of their capa- devices or not at all. They also feature more robust bilities. When discussing the technology’s features, reporting capabilities than traditional firewalls. It’s easy generation firewall is like the airport security agent who respondents cite NGFs’ most important capabilities for administrators to see which users are accessing opens the luggage, inspects its contents and makes a as intrusion prevention, antimalware/URL filtering and which applications, rather than sifting through logs. decision about whether it allows the contents to travel. basic firewall features. More than half of respondents The decision is even more granular, based on the ability indicate their organizations have either deployed, or The majority of those familiar with next-generation of NGFs to filter content within Web sites and between plan to deploy an NGF in the next few years. Data from firewall capabilities consider the technology effective Learn how the industry leader in sales and lease-ownership market leveraged Dell SonicWALL to assure secure growth. technology. In fact, NGFs reduce cost and complexity destinations; it may allow HR employees and managers addressing a variety of security issues. Faced with to visit LinkedIn, marketing to visit Facebook and techni- multiple security scenarios, a majority of respondents cians to visit YouTube, but not everyone. cited NGFs as more effective than traditional firewall technology. Given respondents also believe remote work By instituting highly granular rules for applications, IT now has the ability to either prioritize or throttle traffic based on business need. It can also allow some functions within applications but not others; for instance, allowing an IM application like Yahoo Messenger, but not allowing attachments to messages. The result: employees that need certain applications still have access to them, but others are not unnecessarily degrading bandwidth and putting data at risk. NGFs also address the BYOD issue, through a capability known as SSL VPN concentrators. Simply put, these A NEXT-GENERATION FIREWALL IS LIKE THE AIRPORT SECURITY AGENT WHO OPENS THE LUGGAGE, INSPECTS ITS CONTENTS AND MAKES A DECISION ABOUT WHETHER IT ALLOWS THE CONTENTS TO TRAVEL. arrangements will only increase in the future, the importance of having the capabilities of NGFs only increases. The key to the value of NGFs is that they have the ability to increase productivity all around. It’s not just the productivity of employees using mobile devices. It’s also the ability of the network to handle more mission-critical activities without bandwidth constraint. And finally, NGFs aid the productivity of IT administrators, who can take advantage of an integrated device that outperforms traditional firewalls in mitigating risks associated with trends on the upswing. n
> A NEW SET OF NETWORK SECURITY CHALLENGES ADDITIONAL READING: WHY 5 > PROTECTION & PERFORMANCE MATTER By Daniel Ayoub, CISSP, CISA Next-Generation Firewalls combine multi-core architecture with real-time Deep Packet Inspection to fulfill the protection and performance demands of today’s enterprise network Abstract Protection and performance go hand-in-hand for NextGeneration Firewalls (NGFWs). Organizations should not have to sacrifice throughput and productivity for security. Outdated firewalls pose a serious security risk to organizations since they fail to inspect data payload of network packets. Many vendors tout Stateful Packet Inspection (SPI) speeds only, but the real measure of security and performance is deep packet inspection throughput and effectiveness. To address this deficiency, many firewall vendors adopted the malware inspection approach used by traditional desktop anti-virus: buffer downloaded files, then inspect for malware. This method not only introduces significant latency and but also poses significant security risks since temporary memory storage can limit the maximum file size. Independent NSS Lab tests demonstrate that the Dell™ SonicWALL™ SuperMassive™ E10800 NextGeneration Firewall incorporating multi-core architecture and Reassembly-Free Deep Packet Inspection® (RFDPI) overcome these limitations to provide enterprises with both extremely high-levels of protection and performance that they require. Defining Next-Generation Firewall In basic terms, a Next-Generation Firewall (NGFW) leverages deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS), and application intelligence and control. Industry definitions Gartner defines an NGFW as “a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks.”1 At minimum, Gartner states that an NGFW should provide: • Non-disruptive in-line bump-in-the-wire configuration • Standard first-generation firewall capabilities, e.g., network- address translation (NAT), stateful protocol inspection (SPI), virtual private networking (VPN), etc. • Integrated signature based IPS engine • Application awareness, full stack visibility and granular control • Capability to incorporate information from outside the firewall, e.g., directory-based policy, blacklists, white lists, etc. • Upgrade path to include future information feeds and security threats • SSL decryption to enable identifying undesirable encrypted applications The evolution of Next-Generation Firewalls Earlier-generation firewalls First generation firewalls of the 1980s provided packet filtering based upon criteria such as port, protocol and MAC/IP address, and operated at layer 2 and 3 of the OSI model. Second generation firewalls of the 1990s incorporated stateful packet inspection (SPI), which verified that the state of inbound and outbound traffic based upon state tables, and operated at layers 2, 3 and 4 of the OSI model. Third-generation firewalls of the past decade have more processing power and broader capabilities, including deep packet inspection (DPI) of the entire packet payload, intrusion prevention, malware detection, gateway anti-virus, traffic analytics, application control, IPSec and SSL VPN. Unified Threat Management (UTM) represented the next trend in the evolution of the traditional firewall into a product that not only guards against intrusion, but also performs content filtering, data leakage protection, intrusion detection and anti-malware duties typically handled by multiple systems. Next-Generation Firewalls Web 2.0 applications (e.g., Salesforce.com, SharePoint, and Farmville) now run all over TCP port 80 as well as encrypted SSL (TCP port 443). Today’s NGFWs inspect the payload of packets and match signatures for nefarious activities such as known vulnerabilities, exploit attacks, viruses and malware all on the fly. DPI also means that administrators can create very granular permit and deny rules for controlling specific applica- tions and web sites (example: Yahoo instant messenger-chat is allowed but not file transfers). Since the contents of packets are inspected, exporting all sorts of statistical information is also possible, meaning administrators can now easily mine the traffic analytics to perform capacity planning, troubleshoot problems or monitor what individual employees are doing throughout the day. Today’s firewalls operate at layers, 2, 3, 4, 5, 6 and 7 of the OSI model. NGFW feature requirements The following are feature requirements for Next-Generation Firewalls: Legacy features An NGFW includes all standard capabilities found in a firstgeneration firewall; i.e., packet filtering, stateful packet inspection (SPI), network address translation (NAT), and high availability (HA). Integrated IPS Effective intrusion prevention systems require advanced capabilities to combat evasion techniques and enable scanning and inspection of inbound and outbound communications to identify malicious or suspicious communications and protocols. For effective threat protection as well as intrusion prevention, organizations need best-in-class firewall and intrusion prevention, without the complexity of managing separate appliances, GUI’s, and deployments. NGFWs with IPS capabilities deliver enterprise class resistance to evasion, powerful context and content protection capabilities as well as comprehensive threat protection and application control in a single integrated device. Application intelligence and control Application awareness and control includes protocollevel enforcement, full-stack visibility with granular application control, and the ability to identify applications regardless of port, or protocol being utilized. 1 “Defining the Next-Generation Firewall,” Gartner RAS Core Research Note G00171540, John Pescatore, Greg Young, 12 October 2009, R3210 04102010
> A NEW SET OF NETWORK SECURITY CHALLENGES ADDITIONAL READING: WHY 6 PROTECTION & PERFORMANCE MATTER continued Extra-firewall input User-ID awareness enables administrators to enforce application policies based on AD user/group (without having to trace IP address to user ID), adding insight into usage and traffic. wall vendors incorporated traditional malware protection and methods that were used on file servers and PCs. The technique was a band-aid fix to add malware protection on an SPI firewall, as it had two significant flaws: latency and complexity. Adaptability Another important capability of NGFWs is the dynamic adaptation to changing threats. Dell SonicWALL constantly updates their devices with new signatures to stop threats and stay on top of the evolving malware landscape. The first flaw was the introduction of latency while the file is buffered with file size limitations. Firewall vendors have worked around this issue by sending keep-alive packets to prevent this, yet the overall effect is the introduction of latency. The use of memory to buffer files for inspection causes not only additional latency but also a space issue which is addressed by limiting the overall file size to a preset amount (generally 100MB). The use of the Internet is growing and sharing of larger files is increasing; hybrid SPI/malware detection technology does not scale. Payload scanning and performance All of the above requirements demand full payload scanning at optimal throughput rates in order to avoid having to sacrifice security for performance. Performance In order to achieve the highest return on investment (ROI) for bandwidth services and optimize an organization’s productivity level, while still ensuring maximum security, IT needs to make sure that traffic is thoroughly scanned with minimal latency for optimal throughput. To meet these requirements, multigigabit throughput rates have become standard for NGFWs. Dell SonicWALL NGFW solutions can improve performance significantly by applying patented Dell SonicWALL RFDPI2 technology to enable DPI without buffering and packet reassembly. From a hardware perspective, Dell SonicWALL NGFWs can also maximize throughput by incorporating parallel processing over advanced multi-core architecture. Why you need a Next-Generation Firewall The SPI generation of firewalls addressed security in a world where malware was not a major issue and web pages were just documents to be read. Ports, IP addresses, and protocols were the key factors to be managed. But as the Internet evolved, the ability to deliver dynamic content from the server and client browsers introduced a wealth of applications we now call Web 2.0. SPI does not inspect the data portion of the packet and hackers effectively exploit this fact. To address the new threats, SPI fire- The second flaw was that traditional point solutions were difficult to deploy, manage and update, increasing operating complexity and overhead costs. Sophisticated malicious attacks penetrate traditional stateful packet inspection products. These solutions simply do not provide sufficient, timely and unified protection against increasingly complex threats. To overcome these flaws, Dell SonicWALL offers the most effective, highest-performance NGFW solutions available today. Recently, NSS Labs conducted independent testing of the Dell SonicWALL’s Next-Generation Firewall at their labs facility in Austin, Texas. Dell SonicWALL’s SuperMassive E10800 running SonicOS 6.0 is the highest overall protection Next-Generation Firewall to earn the NSS Labs “Recommend” rating. This proven SonicOS architecture is at the core of every Dell SonicWALL firewall. The results of those tests are explored further at the end of this paper. What the enterprise requires Organizations are suffering from application chaos. Network communications no longer rely simply on store-and-forward applications like email, but have expanded to include real-time collaboration tools, Web 2.0 applications, instant messenger (IM) and peer-topeer applications, Voice over IP (VoIP), streaming media and teleconferencing, each presenting conduits for potential attack. Many organizations cannot differentiate applications in use on their networks or legitimate business purposes from those that are potentially wasteful or dangerous. Today, organizations need to deliver critical business solutions, while also contending with employee use of wasteful and often dangerous web-based applications. Critical applications need bandwidth prioritization while social media and gaming applications need to be throttled or completely blocked. Moreover, organizations can face fines, penalties and loss of business if they are in noncompliance with security mandates and regulations. Protection and performance In today’s enterprise organizations, protection and performance go hand-in-hand. Organizations can no longer tolerate the reduced security provided by legacy SPI firewalls, nor can they tolerate the network bottlenecks associated with the some NGFWs. Any delays in firewall or network performance can degrade quality in latency-sensitive and collaborative applications, which in turn can negatively affect service levels and productivity. To make matters worse, some IT organizations even disable functionality in their network security solutions to avoid slowdowns in network performance. Scanning and controlling all content Organizations large and small, in both the public and private sector, face new threats from vulnerabilities in commonly-used applications. Malware lurks in social networks. Meanwhile, workers use business and home office computers for online blogging, socializing, messaging, videos, music, games, shopping and email. Application intelligence and control Applications such as streaming video, peer-to-peer (P2P), and hosted or cloud-based applications expose organizations to potential infiltration, data leakage and downtime. In addition to introducing security threats, these applications drain bandwidth and productivity, and compete with mission-critical applications for precious bandwidth. Importantly, enterprises need tools to guarantee bandwidth for critical business relevant applications and need application intelligence and control to protect both inbound and outbound flows of traffic, while ensuring the velocity and security to provide a productive work environment. Read the full article

Recommended

Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingHelmer Villarreal
 
Firewall fundamentals
Firewall fundamentalsFirewall fundamentals
Firewall fundamentalsThang Man
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks Icomm Technologies
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost StuctureIcomm Technologies
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attackIcomm Technologies
 

Recommended

Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingHelmer Villarreal
 
Firewall fundamentals
Firewall fundamentalsFirewall fundamentals
Firewall fundamentalsThang Man
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks Icomm Technologies
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost StuctureIcomm Technologies
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attackIcomm Technologies
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster RecoveryIcomm Technologies
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster RecoveryIcomm Technologies
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveIcomm Technologies
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.Icomm Technologies
 
Swivel Secure and Office 365
Swivel Secure and Office 365Swivel Secure and Office 365
Swivel Secure and Office 365Icomm Technologies
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Icomm Technologies
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudIcomm Technologies
 
Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in TelecommutingIcomm Technologies
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012Icomm Technologies
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it Icomm Technologies
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deckIcomm Technologies
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm Technologies
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm Technologies
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architectureIcomm Technologies
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machinesIcomm Technologies
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesIcomm Technologies
 
Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Icomm Technologies
 
Icomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew successIcomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew successIcomm Technologies
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 

More Related Content

More from Icomm Technologies

The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveIcomm Technologies
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.Icomm Technologies
 
Swivel Secure and Office 365
Swivel Secure and Office 365Swivel Secure and Office 365
Swivel Secure and Office 365Icomm Technologies
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Icomm Technologies
 
Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in TelecommutingIcomm Technologies
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012Icomm Technologies
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it Icomm Technologies
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deckIcomm Technologies
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm Technologies
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm Technologies
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architectureIcomm Technologies
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machinesIcomm Technologies
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesIcomm Technologies
 
Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Icomm Technologies
 
Icomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew successIcomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew successIcomm Technologies
 

More from Icomm Technologies (20)

Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.
 
Swivel Secure and Office 365
Swivel Secure and Office 365Swivel Secure and Office 365
Swivel Secure and Office 365
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in Telecommuting
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate Networks
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deck
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paper
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overview
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architecture
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machines
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
 
Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.
 
Icomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew successIcomm enables Aston Manor to brew success
Icomm enables Aston Manor to brew success
 

Recently uploaded

Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Anamikakaur10
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Sheetaleventcompany
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...lizamodels9
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 

Recently uploaded (20)

Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 

A NEW SET OF NETWORK SECURITY CHALLENGES

  • 1. TECH DOSSIER | NEXT GENERATION FIREWALLS A NEW SET OF NETWORK SECURITY CHALLENGES A new IDG survey reveals optimism about the ability of nextgeneration firewalls to help IT balance productivity and security ALSO INSIDE +WHY PROTECTION & PERFORMANCE MATTER + >
  • 2. > A NEW SET OF NETWORK SECURITY CHALLENGES 2 With two issues becoming increasingly crucial, IT faces conflicting mandates from EMPLOYEES AT WORK, AND PLAY the business. On one hand, employees demand access from devices beyond the > IT is stuck in an untenable position between the firewall—smartphones, tablets, home PCs and laptops. On the other hand, risk man- company and its employees. Companies love to have employees stretch their hours by signing into corporate agement dictates corporate data must remain protected. The overarching challenge: systems from home; employees are used to the idea of balance productivity and security. time-shifting. The survey results show the upshot. Within that mandate, however, lie several other challenges, according to a new survey conducted by IDG Research Services on behalf of Dell. The survey was conducted in October of 2012 and reflects the insight of more than 250 IT professionals at companies with more than 500 employees. It reveals the depth with which network administrators must juggle these competing factors. The issues facing IT go beyond security to encompass network bandwidth as well. For instance, 52 percent of IT professionals report that employees tend to “frequently” or “very frequently” perform tasks unrelated to their work on the Internet or in other applications. Almost 40 percent report that the creation and management of customized access or use policies is difficult, and one-third believe that users working on personal devices are exposed to increased security threats. The latter problem stems from the frequent inability of IT to monitor what happens on a Just as technology has caused these problems, technology may also be the solution. user’s home device. A new generation of firewall technology, designed with current security and network- In many cases, IT can install an agent on specific home ing issues in mind, promises to give IT a way to solve its multisided puzzle. machines to ensure adequate security software is
  • 3. A NEW SET OF NETWORK SECURITY CHALLENGES installed, as well as VPN software that allows users they visiting LinkedIn to catch up on old friends, or to mitted securely but still be malware. > tional videos that relate to improving their skills? Are through a VPN doesn’t mean it’s safe. It can be trans- 3 YouTube to watch cat videos, or to download educa- to connect securely. But just because traffic comes > identify the next crucial addition to their team? Are they visiting Facebook to play games or to discover what’s Survey respondents aren’t antediluvian about how they being said on social media about the company’s prod- allow users to access corporate data. More than half of ucts? As a result, many respondents report they are not those who indicate the amount of work employees do on regulating the use of Web sites that may or may not be personally owned devices is on the rise also believe this work-related and focusing their resources elsewhere. is a positive trend. The company benefits from 24-hour Given that most firewalls only offer a binary on/off employee access to email, but there still must be some method of allowing Web site access, this seems logical. security policies in place—such as the ability to erase corporate data from a personal device if it’s lost or stolen. 4000% data growth at the edge? Learn how SonicWALL saved U.S. Cellular operational costs while expanding services. There may, of course, be unseen security implications. Many Facebook users have been exposed to malware; these same security issues, 30 percent deemed them Security of personal devices is not the only issue. Given it’s not that Facebook itself is to blame, but its adver- “somewhat” or “extremely” ineffective. For instance, that employees frequently must log on from remote tising may have been compromised. In the light of IT’s even if an enterprise deployed Gigabit Ethernet, earlier locations, two-thirds of IT professionals view as “highly inability to control access, and occasional orders to favor generation firewalls could only deal with much slower important” their ability to provide adequate bandwidth productivity over security, IT may feel it has no choice. speeds—perhaps as low as 50 megabits per second. to ensure employees stay productive, no matter where This slows down all the traffic on the network. they are. Respondents also tend to view their organizaSimilarly, a traditional firewall doesn’t have the ability and as enabling—rather than stifling—for productivity. A NEW TOOL IN THE ARSENAL: NEXT-GENERATION FIREWALLS More often than not, respondents tend to believe their The fact is, though, that IT does have a choice. Firewall application from accessing the firewall, but the appli- organization’s security technologies and policies are technology has advanced sufficiently that the issues cation developers could just as easily route it to port a tactical necessity or a strategic enabler. More than IT faces can now be addressed by next-generation 80, which handles basic Web traffic, or port 84, which 80 percent think such policies positively contribute to firewalls (NGFs). These devices are designed to filter handles Web browsing. NGFs allow IT to filter not just by productivity. And it’s not just employees getting more network and Internet traffic based upon the applications IP address, or by port or protocol, but also by looking at work done—it’s also their ability to avoid system down- or traffic types using specific ports. They help IT detect layer 7 data—actual application information. time after they unintentionally access malware, whether application-specific attacks, giving network and security on an unauthorized Web site or through email. administrators the potential to catch more malicious Consider this analogy to explain the difference between activity than traditional firewalls. traditional and next-generation firewalls. A traditional tion’s security technologies and policies as necessary The question of what constitutes an “unauthorized” to filter specific parts of applications. IT could block an firewall is like an airport baggage handler, who makes Web site adds to IT’s conundrum regarding security, IT understands the limitations of traditional firewalls. sure that a piece of luggage (representing data) gets on bandwidth and productivity. Are employees accessing When asked about their effectiveness in addressing the correct plane to the correct destination. A next-
  • 4. > A NEW SET OF NETWORK SECURITY CHALLENGES 4 > concentrators no longer require a VPN agent on a client research firm Gartner confirms this: it estimates that device, but can instead accommodate VPN through less than 5 percent of Internet connections are secured a browser. This allows for broader support of mobile by NGFs, but by 2014, the rate will jump to 40 percent. clients that use browsers, whether on smartphones, tablets or laptops, from any manufacturer. Even though survey respondents associate certain challenges with the deployment of next-generation firewalls—specifically cost, increased complexity and INCREASED AWARENESS, INCREASED DEPLOYMENT lack of staff resources—issues that face any new Based on the survey results, IT administrators are because they incorporate features—such as VPN and increasingly aware of next-generation firewalls; only 25 intrusion protection—currently handled by multiple percent of respondents were unaware of their capa- devices or not at all. They also feature more robust bilities. When discussing the technology’s features, reporting capabilities than traditional firewalls. It’s easy generation firewall is like the airport security agent who respondents cite NGFs’ most important capabilities for administrators to see which users are accessing opens the luggage, inspects its contents and makes a as intrusion prevention, antimalware/URL filtering and which applications, rather than sifting through logs. decision about whether it allows the contents to travel. basic firewall features. More than half of respondents The decision is even more granular, based on the ability indicate their organizations have either deployed, or The majority of those familiar with next-generation of NGFs to filter content within Web sites and between plan to deploy an NGF in the next few years. Data from firewall capabilities consider the technology effective Learn how the industry leader in sales and lease-ownership market leveraged Dell SonicWALL to assure secure growth. technology. In fact, NGFs reduce cost and complexity destinations; it may allow HR employees and managers addressing a variety of security issues. Faced with to visit LinkedIn, marketing to visit Facebook and techni- multiple security scenarios, a majority of respondents cians to visit YouTube, but not everyone. cited NGFs as more effective than traditional firewall technology. Given respondents also believe remote work By instituting highly granular rules for applications, IT now has the ability to either prioritize or throttle traffic based on business need. It can also allow some functions within applications but not others; for instance, allowing an IM application like Yahoo Messenger, but not allowing attachments to messages. The result: employees that need certain applications still have access to them, but others are not unnecessarily degrading bandwidth and putting data at risk. NGFs also address the BYOD issue, through a capability known as SSL VPN concentrators. Simply put, these A NEXT-GENERATION FIREWALL IS LIKE THE AIRPORT SECURITY AGENT WHO OPENS THE LUGGAGE, INSPECTS ITS CONTENTS AND MAKES A DECISION ABOUT WHETHER IT ALLOWS THE CONTENTS TO TRAVEL. arrangements will only increase in the future, the importance of having the capabilities of NGFs only increases. The key to the value of NGFs is that they have the ability to increase productivity all around. It’s not just the productivity of employees using mobile devices. It’s also the ability of the network to handle more mission-critical activities without bandwidth constraint. And finally, NGFs aid the productivity of IT administrators, who can take advantage of an integrated device that outperforms traditional firewalls in mitigating risks associated with trends on the upswing. n
  • 5. > A NEW SET OF NETWORK SECURITY CHALLENGES ADDITIONAL READING: WHY 5 > PROTECTION & PERFORMANCE MATTER By Daniel Ayoub, CISSP, CISA Next-Generation Firewalls combine multi-core architecture with real-time Deep Packet Inspection to fulfill the protection and performance demands of today’s enterprise network Abstract Protection and performance go hand-in-hand for NextGeneration Firewalls (NGFWs). Organizations should not have to sacrifice throughput and productivity for security. Outdated firewalls pose a serious security risk to organizations since they fail to inspect data payload of network packets. Many vendors tout Stateful Packet Inspection (SPI) speeds only, but the real measure of security and performance is deep packet inspection throughput and effectiveness. To address this deficiency, many firewall vendors adopted the malware inspection approach used by traditional desktop anti-virus: buffer downloaded files, then inspect for malware. This method not only introduces significant latency and but also poses significant security risks since temporary memory storage can limit the maximum file size. Independent NSS Lab tests demonstrate that the Dell™ SonicWALL™ SuperMassive™ E10800 NextGeneration Firewall incorporating multi-core architecture and Reassembly-Free Deep Packet InspectionÂŽ (RFDPI) overcome these limitations to provide enterprises with both extremely high-levels of protection and performance that they require. Defining Next-Generation Firewall In basic terms, a Next-Generation Firewall (NGFW) leverages deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS), and application intelligence and control. Industry definitions Gartner defines an NGFW as “a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks.”1 At minimum, Gartner states that an NGFW should provide: • Non-disruptive in-line bump-in-the-wire configuration • Standard first-generation firewall capabilities, e.g., network- address translation (NAT), stateful protocol inspection (SPI), virtual private networking (VPN), etc. • Integrated signature based IPS engine • Application awareness, full stack visibility and granular control • Capability to incorporate information from outside the firewall, e.g., directory-based policy, blacklists, white lists, etc. • Upgrade path to include future information feeds and security threats • SSL decryption to enable identifying undesirable encrypted applications The evolution of Next-Generation Firewalls Earlier-generation firewalls First generation firewalls of the 1980s provided packet filtering based upon criteria such as port, protocol and MAC/IP address, and operated at layer 2 and 3 of the OSI model. Second generation firewalls of the 1990s incorporated stateful packet inspection (SPI), which verified that the state of inbound and outbound traffic based upon state tables, and operated at layers 2, 3 and 4 of the OSI model. Third-generation firewalls of the past decade have more processing power and broader capabilities, including deep packet inspection (DPI) of the entire packet payload, intrusion prevention, malware detection, gateway anti-virus, traffic analytics, application control, IPSec and SSL VPN. Unified Threat Management (UTM) represented the next trend in the evolution of the traditional firewall into a product that not only guards against intrusion, but also performs content filtering, data leakage protection, intrusion detection and anti-malware duties typically handled by multiple systems. Next-Generation Firewalls Web 2.0 applications (e.g., Salesforce.com, SharePoint, and Farmville) now run all over TCP port 80 as well as encrypted SSL (TCP port 443). Today’s NGFWs inspect the payload of packets and match signatures for nefarious activities such as known vulnerabilities, exploit attacks, viruses and malware all on the fly. DPI also means that administrators can create very granular permit and deny rules for controlling specific applica- tions and web sites (example: Yahoo instant messenger-chat is allowed but not file transfers). Since the contents of packets are inspected, exporting all sorts of statistical information is also possible, meaning administrators can now easily mine the traffic analytics to perform capacity planning, troubleshoot problems or monitor what individual employees are doing throughout the day. Today’s firewalls operate at layers, 2, 3, 4, 5, 6 and 7 of the OSI model. NGFW feature requirements The following are feature requirements for Next-Generation Firewalls: Legacy features An NGFW includes all standard capabilities found in a firstgeneration firewall; i.e., packet filtering, stateful packet inspection (SPI), network address translation (NAT), and high availability (HA). Integrated IPS Effective intrusion prevention systems require advanced capabilities to combat evasion techniques and enable scanning and inspection of inbound and outbound communications to identify malicious or suspicious communications and protocols. For effective threat protection as well as intrusion prevention, organizations need best-in-class firewall and intrusion prevention, without the complexity of managing separate appliances, GUI’s, and deployments. NGFWs with IPS capabilities deliver enterprise class resistance to evasion, powerful context and content protection capabilities as well as comprehensive threat protection and application control in a single integrated device. Application intelligence and control Application awareness and control includes protocollevel enforcement, full-stack visibility with granular application control, and the ability to identify applications regardless of port, or protocol being utilized. 1 “Defining the Next-Generation Firewall,” Gartner RAS Core Research Note G00171540, John Pescatore, Greg Young, 12 October 2009, R3210 04102010
  • 6. > A NEW SET OF NETWORK SECURITY CHALLENGES ADDITIONAL READING: WHY 6 PROTECTION & PERFORMANCE MATTER continued Extra-firewall input User-ID awareness enables administrators to enforce application policies based on AD user/group (without having to trace IP address to user ID), adding insight into usage and traffic. wall vendors incorporated traditional malware protection and methods that were used on file servers and PCs. The technique was a band-aid fix to add malware protection on an SPI firewall, as it had two significant flaws: latency and complexity. Adaptability Another important capability of NGFWs is the dynamic adaptation to changing threats. Dell SonicWALL constantly updates their devices with new signatures to stop threats and stay on top of the evolving malware landscape. The first flaw was the introduction of latency while the file is buffered with file size limitations. Firewall vendors have worked around this issue by sending keep-alive packets to prevent this, yet the overall effect is the introduction of latency. The use of memory to buffer files for inspection causes not only additional latency but also a space issue which is addressed by limiting the overall file size to a preset amount (generally 100MB). The use of the Internet is growing and sharing of larger files is increasing; hybrid SPI/malware detection technology does not scale. Payload scanning and performance All of the above requirements demand full payload scanning at optimal throughput rates in order to avoid having to sacrifice security for performance. Performance In order to achieve the highest return on investment (ROI) for bandwidth services and optimize an organization’s productivity level, while still ensuring maximum security, IT needs to make sure that traffic is thoroughly scanned with minimal latency for optimal throughput. To meet these requirements, multigigabit throughput rates have become standard for NGFWs. Dell SonicWALL NGFW solutions can improve performance significantly by applying patented Dell SonicWALL RFDPI2 technology to enable DPI without buffering and packet reassembly. From a hardware perspective, Dell SonicWALL NGFWs can also maximize throughput by incorporating parallel processing over advanced multi-core architecture. Why you need a Next-Generation Firewall The SPI generation of firewalls addressed security in a world where malware was not a major issue and web pages were just documents to be read. Ports, IP addresses, and protocols were the key factors to be managed. But as the Internet evolved, the ability to deliver dynamic content from the server and client browsers introduced a wealth of applications we now call Web 2.0. SPI does not inspect the data portion of the packet and hackers effectively exploit this fact. To address the new threats, SPI fire- The second flaw was that traditional point solutions were difficult to deploy, manage and update, increasing operating complexity and overhead costs. Sophisticated malicious attacks penetrate traditional stateful packet inspection products. These solutions simply do not provide sufficient, timely and unified protection against increasingly complex threats. To overcome these flaws, Dell SonicWALL offers the most effective, highest-performance NGFW solutions available today. Recently, NSS Labs conducted independent testing of the Dell SonicWALL’s Next-Generation Firewall at their labs facility in Austin, Texas. Dell SonicWALL’s SuperMassive E10800 running SonicOS 6.0 is the highest overall protection Next-Generation Firewall to earn the NSS Labs “Recommend” rating. This proven SonicOS architecture is at the core of every Dell SonicWALL firewall. The results of those tests are explored further at the end of this paper. What the enterprise requires Organizations are suffering from application chaos. Network communications no longer rely simply on store-and-forward applications like email, but have expanded to include real-time collaboration tools, Web 2.0 applications, instant messenger (IM) and peer-topeer applications, Voice over IP (VoIP), streaming media and teleconferencing, each presenting conduits for potential attack. Many organizations cannot differentiate applications in use on their networks or legitimate business purposes from those that are potentially wasteful or dangerous. Today, organizations need to deliver critical business solutions, while also contending with employee use of wasteful and often dangerous web-based applications. Critical applications need bandwidth prioritization while social media and gaming applications need to be throttled or completely blocked. Moreover, organizations can face fines, penalties and loss of business if they are in noncompliance with security mandates and regulations. Protection and performance In today’s enterprise organizations, protection and performance go hand-in-hand. Organizations can no longer tolerate the reduced security provided by legacy SPI firewalls, nor can they tolerate the network bottlenecks associated with the some NGFWs. Any delays in firewall or network performance can degrade quality in latency-sensitive and collaborative applications, which in turn can negatively affect service levels and productivity. To make matters worse, some IT organizations even disable functionality in their network security solutions to avoid slowdowns in network performance. Scanning and controlling all content Organizations large and small, in both the public and private sector, face new threats from vulnerabilities in commonly-used applications. Malware lurks in social networks. Meanwhile, workers use business and home office computers for online blogging, socializing, messaging, videos, music, games, shopping and email. Application intelligence and control Applications such as streaming video, peer-to-peer (P2P), and hosted or cloud-based applications expose organizations to potential infiltration, data leakage and downtime. In addition to introducing security threats, these applications drain bandwidth and productivity, and compete with mission-critical applications for precious bandwidth. Importantly, enterprises need tools to guarantee bandwidth for critical business relevant applications and need application intelligence and control to protect both inbound and outbound flows of traffic, while ensuring the velocity and security to provide a productive work environment. Read the full article