One of the most critical aspects of virtualized security is the ability to manage the environment. Most virtualized security solutions today need to support rapid deployment and be used to implement virtualization security policies, not just on an inside-vs.-outside basis, but also between organizations or applications within the same infrastructure. It needs to provide compliance and privacy within the organization and be able to migrate within the virtual infrastructure, and protect using the high-availability capabilities of the virtual infrastructure, offering protection continuity even as the infrastructure changes dynamically. It needs to be easily preconfigured and deployed along with the virtual machines that serve multi-component applications, making it easy to protect them and their data by default. Policies should be defined not only at the intersection of physical networks, but also between virtual-only networks within server farms or even on individual servers. Full threat prevention policies must be implemented at the physical perimeter and at the connection point for mobile and personal devices. In short, virtualization security is not a simple task.
Today’s virtualization security solution needs to defend against botnets, Advanced Persistent Threats (APTs), and other attacks, while keeping your organization in control when using Web 2.0 applications. The architecture should consist of different security layers that work cooperatively with one another to dynamically detect, block, and report on malicious traffic while passing benign traffic through as efficiently as possible. It should be able to protect your organization from new, unknown threats – often called zero day threats.
If you’re attending Interop in Las Vegas this May, be sure to swing by booth 751 where we’ll be speaking on everything you need to know about virtualization security. Hope to see you there!
Coined by IDC analyst Charles Kodology in 2003, the term, UTM, or Unified Threat Management applies to multi-function firewalls that combine many security technologies into one easy-to-manage appliance. Today’s UTM appliances typically consolidate firewall and VPN capabilities along with URL filtering, spam blocking, intrusion prevention, gateway antivirus, application control, and a centralized management, monitoring and logging function. Traditionally, these discrete functions were handled by multiple point solutions. The multi-layered security approach of UTM appliances provides broad protection against all kinds of network threats.
So now you’re in the market for a smart UTM system that can deliver broad protection, but what to look for… A UTM appliance can vary significantly from vendor-to-vendor, which can only make an accurate evaluation somewhat cloudy. While UTM security vendors may seem to offer a similar checklist of core technologies and features (firewalling, IPS, etc.), when evaluating vendors, recognize that there is enormous disparity between UTM solutions in the following five critical areas:
1. Quality of the features/capabilities. The most prevalent approach among UTM vendors is to rely primarily on homegrown technologies for their gateway AV, URL filtering, application control (if they have any), anti-spam, and other security services. However, we believe that no single company will ever be able to adequately research and develop the best technology for each discrete security problem. A shortcoming of the homegrown approach to multi-layered security, is that these UTM vendors end up producing a watered down security solution at each layer. We believe this practice contributes to the reluctance of some organizations to even choose a UTM solution for their security. It’s also why we here at WatchGuard use a best-in-class approach to delivering the smartest UTM appliances available; integrating the leading technology provider for each security layer – Websense for URL filtering, Mailshell for anti-spam, and so on.
You’ll also want to be sure that your account for security needs if you’re working in a virtualized environment. As Neil McDonald of Gartner said, “…Unless you put virtualized security controls—virtual sniffers, virtual firewalls, all the same controls you’d use on a physical server, inside that network, you don’t see what’s going on.”
2. Security performance or UTM performance. A high performance packet throughput device, even one with custom ASIC processors, can fail over when a full suite of unified threat management tools are enabled. Many security vendors who freely tout their raw throughput numbers are not so quick to publicize their UTM throughput numbers— the performance of the firewall once all the UTM security services are turned on. Once you activate the UTM security functions—such as those necessary for PCI DSS compliance (AV, IPS, etc.)— the performance evaporates in many competitor firewalls. By the way, our UTM performance is up to 3 times faster than UTM performance from most of the other vendors.
3. Manageability and ease of use. We see it all too often with competitor solutions–poorly integrated management processes needlessly introduce complexity to administration. Improperly configured gear undermines security. Why not just make a security solution that’s as easy as possible for administrators of all skill sets to manage. One that provides state-of-the-art centralized management capabilities and innovative ease-of-use technologies, features that help administrators:
Something to also consider when evaluating the manageability of your UTM is whether there are premium charges for certain functionality that should be provided as standard options. Look for simple, easy-to-use management in your UTM appliance.
4. Flexibility. Security vendors differ conspicuously in the flexibility of the solution they market to customers. For instance, some UTM products can only add security services by physically bolting on software cartridges, or blades. Such an architecture only provides a limited number of slots for which to add in security services, forcing you to tradeoff one security function for another when enabling UTM capabilities. We believe lack of flexibility is a serious shortcoming of many of the competitor firewall solutions on the market. Many UTM/NGFW vendors have taken a short-sighted route of designing a security appliances to tackle only the threats of the current day.
Flexibility should also extend to ownership. Through firmware updates and software upgrades, UTM customers should be able to boost security services, subscriptions, and capabilities on the fly, without ever having to swap out hardware—further extending the life of the appliance. UTM appliances should also have a high degree of network systems interoperability. This way, regardless of the network topology mix (Cisco, Juniper or other), your UTM appliances will provide maximum interoperability.
5. Reporting and Visibility. Network visibility and security go hand-in-hand—and when it comes to achieving regulatory compliance (PCI DSS, HIPAA, CIPA, etc.), auditability is required. So, why would a security vendor not include visibility and reporting tools? Yet, many vendors charge extra for these capabilities, often requiring purchase of a separate product just for reporting.
Network security poses one of the most preponderant challenges confronting organizations today. Spyware, spam, viruses, Trojans, web exploits, and blended threats evolve and spread with alarming speed and regularity. Moreover, the emergence of new business enablement technologies exposes new attack surfaces. We see it with the growth in IP networks and proliferation of web 2.0 applications, devices (BYOD), and web technologies in the workplace. We see it with increasing reliance on cloud-based infrastructures (SAAS, PAAS, IAAS). Along with the exciting potential to cultivate work efficiencies and business opportunities, these technologies also generate more potential headaches for IT administrators.
Boosting your network security solutions with a UTM appliance is smart! Ensuring these five UTM appliance traits are part of your UTM appliance selection is even smarter. Also be sure to check out our whitepaper – Defining, Evaluating, and Designing Best-In-Class Network Security.
If you own a retail store and accept credit card transactions, then you are undoubtedly aware of the PCI DSS regulatory requirements that you must meet. If you manage a distributed retail environment with multiple store ‘endpoints’ than you are not only aware of the PCI DSS requirements, but likely challenged with what can easily be one of the most complex IT environments for unified security and compliance management.
The distributed retail environment presents a multitude of unique IT challenges that stand apart from a more pedestrian single-store infrastructure; business pressures are forcing retailers to be more agile, more aggressive, and more efficient. To remain competitive, retailers have to invest in IT systems that help retain and nurture customer and brand loyalty, as well as increase sales and, simultaneously, reduce operating costs. No easy task to be sure!
So what does it take to meet the PCI DSS protocol? Simple… you meet these 12 requirements:
Build and maintain a secure network:
Protect cardholder data:
Maintain a vulnerability management program:
Implement strong access and control measures:
Regularly monitor and test networks:
Maintain and information security policy:
Any retailer found to be non-compliant may face substantive financial penalties, regardless of whether or not a breach has occurred. Typically, fines for non-compliance are levied based on the size of the retailer, but in some cases, a credit card provider reserves the right to expel a retailer from its program, thus effectively cutting off acceptance of that vendor’s credit card. Therefore, it is critical that a retailer maintain PCI DSS compliance.
One way to protect yourself and your distributed retail environment is with a UTM system (preferably from WatchGuard). UTM systems provide unparalleled firewall protection to control data traffic in and out of a distributed network. Additionally, UTM systems protect against unauthorized access from the Internet and include integrated IPS to prevent hackers from gaining access to internal resources.
Specifically designed for distributed retail environments, our RapidDeploy solution is a unique cloud-based configuration utility that enables uniform, rapid deployment of UTM security appliances across a distributed environment. This eliminates the need for IT professionals to pre-configure devices or travel to deployment sites for installation, which significantly reduces total cost of ownership, while also reducing the risk of UTM misconfiguration.
UTMs also offer gateway antivirus protection, and with a security subscription it’s updated automatically and seamlessly. And at WatchGuard, our UTM security supports extensive policy controls. This way, distributed retailers can maintain and enforce uniform policies across a variety of geographic locations. With our LiveSecurity service, your UTM security solution provides best practices and related security updates for retailers to ensure they are up to speed on the latest security developments.
Today’s distributed retail environment architecture is one of the most challenging IT environments, rivaling that of banks and financial institutions. While the distributed retail environment offers substantive business advantages, such as increased sales, improved customer loyalty, and operational efficiencies, it also poses significant challenges. With a smart UTM in place, you can spend more time generating sales, and less time worrying about PCI DSS compliance.
In our last blog post – 4 IT Risks and Challenges with BYOD Device Management – we highlighted some things that IT needs to be aware of when it comes to maintaining control of network security in a BYOD environment. We closed with the fact that IT must face the reality that BYOD is here and they need to enforce a BYOD strategy as part of their service to the organization. So what can you do, and where should you start?
Here are 5 BYOD device management strategies you can use to secure your corporate network and prevent data loss:
With the future of computing swaying more and more toward mobile, you’ll face an uphill battle against BYOD adoption, so embrace it. But remember that communicating your BYOD policy, and updating it as needed, is critical.
For more information on BYOD device management and mobile device security solutions, check out our recent whitepaper – BYOD: Bring Your Own Device – or Bring Your Own Danger? You’ll also find 5 more strategies for managing BYOD effectively in your organization.
Make no mistake about it – BYOD is here to stay. A 2011 IDC survey stated that 40 percent of devices used to access business applications are consumer-owned, up 30 percent from 2010 while Gartner published a report that by 2014, 80 percent of professionals will use at least two personal devices to access corporate systems and data. So BYOD is the new workplace reality. In the end, there are multiple reasons – from cost reductions to increased employee efficiencies – that support corporate adoption. IT must, however, take into account the risks and challenges associated with BYOD device management.
In many ways, BYOD started at the top. Senior executives who wanted to work from home and abroad were among the first to demand that IT enable access to corporate resources from their personal devices. Because these C-level exceptions were relatively infrequent, IT could manage risks associated with the requests.
The trickle down from this exception quickly escalated, and many organizations have been caught off guard without a BYOD policy in place. And, because consumer devices are so diverse in capability, form factor and function, IT departments can be frustrated with efforts to develop a scalable and manageable plan on how to allow or deny specific consumer devices into the organization.
Unquestionably, BYOD challenges long-standing IT controls to minimize and mitigate risk. And, as businesses explore how to adopt BYOD, the risks associated with it must be examined. Here are 4 risks and challenges inherent in BYOD device management.
1. Data loss. Data loss can vary, and the consequences can be extreme. For example, a recent study by the onemon Institute estimated that a data breach could cost a company about $200 per compromised record, based upon a variety of factors including the cost of lost business because of an incident; legal fees; disclosure expenses related to customer contact and public response; consulting help; and remediation expenses, such as new security technology and training. Additional costs can also hamper the bottom line… as an example, a retailer that experiences a data breach may have to pay for credit monitoring services for customers, payment of legal settlements, and PCI DSS information controls for up to 5 years.
2. Viruses entering the corporate network via consumer devices as well as intrusion attacks. Granted, the industry is at a nascent stage of targeted intrusion attacks via mobile devices, but the expectation is that hackers will be able to break out of device browser “sandboxes” and get access to other device functions. This could easily lead to directory harvest attacks or new types of BYOD-driven botnets.
We think Man-in-the-Browser (MitB) attacks will escalate. Traditional malware tends to infect the OS – typically, as an executable program that modifies various boot parameters so it runs every time a computing device is turned on. In contrast, MitB or browser zombies, arrive as malicious browser extensions, plugins, helper objects, or pieces of JavaScript. They do not infect the whole system; instead they take complete control of a device browser and run whenever the user surfs the web.
3. Policy enforcement. With so many devices available to the consumer, IT departments are simply ill equipped to create device-by-device BYOD device management policies. Due to the wide range of devices, it is critical for IT to be able to identify each device connecting to the corporate network, and be able to authenticate both the device and person using it.
4. Insufficient insight into what’s happening in their network. Without being able to see what is going on in the corporate network, IT is hindered in its ability to protect business and information assets. That lack of insight (both in terms of logging and reporting) supports the adage that “you can’t protect what you don’t know.”
There are a myriad of challenges that IT faces in order to deal with BYOD device management. Some of these are risk-management challenges; others are empowerment and usage challenges. Nonetheless, IT must expect to adopt and enforce a BYOD strategy as part of its services to the organization.
As we coast into the Nation Retail Federation’s (NRF) big annual show in New York City next week businesses of all types face the daunting task of securing their business network from outside threats. Perhaps it’s fitting that online retailers in particular are concerned with the growing number of advanced persistent threats that are poised to make 2013 a potentially busy year in data loss prevention.
So with the NRF just around the corner, here are three network security roadblocks that threaten the success of online retail organizations of all types:
There are many other roadblocks that can hinder growth and expose data, and we’ll certainly be blogging about them in the days and weeks ahead, but these three are certainly important and worth consideration. For online retailers, customer data security is the foundation for success.
If you’re at the NRF Show in New York, swing by booth # 1681 and say hello. We’d love to see you!
In our last blog – What is UTM Security and is it Right for my Business? – we outlined the importance of a UTM appliance in combating today’s advanced persistent threats (APTs). Well since that blog went live, our own Corey Nachreiner, published a press release that revealed his top security predictions for 2013.
At the tail-end of a busy year for network security workers, Corey had this to say about 2013…
This is a year (2013) where the security stakes reach new heights, attacks become more frequent and unfortunately more damaging as many organizations suffer attacks before taking measures to protect themselves from the bad guys.
Read the release for more detail, but here’s what he thinks might be in store for 2013:
If attacks such as these happen in 2013 as Corey predicts, then losses stemming from them will ultimately continue to rise and take their toll on not only small businesses, but enterprises as well. Organizations that are serious about network security – protecting data, intellectual property (IP), and their reputation – are increasingly demanding best-in-class, multilayered solutions. These solutions centralize security controls in a single device, improving the IT organization’s control and simplifying management of network security.
Be sure to have the latest network security solutions in place as you head into 2013. These predictions are scary!
UTM is simply an abbreviation for Unified Threat Management, and it’s a core offering of ours for our SMB and Enterprise customers. UTM security is the evolution of the traditional firewall into an all-encompassing network security solution able to perform multiple functions within one single appliance:
So why is UTM security so important these days? Any technology publication, on any given day, highlights security breaches that affect businesses in significant ways. Network downtime… can cripple any business from small to large. In fact, the security challenges are only getting more complex and challenging. Just recently, CIO.com highlighted research from Georgia Tech Information Security Center that forecasted some of the biggest security challenges awaiting businesses in 2013. A comprehensive UTM security solution can play a role in thwarting these threats.
Add to this, advanced persistent threats (APTs) are becoming increasingly sophisticated, and the need for comprehensive network security solutions is evident. Our own Cory Nachreiner recently blogged on just this topic, but to summarize…
So… what to do? While no single network security solution can ‘solve’ threats across the board, a single UTM security appliance simplifies management of a company’s network security strategy, with just one device taking the place of multiple layers of hardware and software.
Some key advantages (beyond the obvious) of UTM security that can translate into almost any organization…
As network security threats become more sophisticated, and APTs continue to become prevalent, protect your SMB or enterprise with a UTM security solution. It’s a key part of a comprehensive, holistic security solution.
The growth in IP networks and proliferation of new applications, devices, and web technologies in the workplace creates more potential vulnerabilities for IT networks. As we trend toward additional applications running in the cloud, even more network traffic will pass beyond the trusted LAN and outside your firewall solution. Assault vectors shift, and new threats spring up hourly from spyware, spam, viruses, Trojans, web exploits, and blended threats.
Organizations that are serious about network security solutions – protecting data, intellectual property (IP), and their reputation – are increasingly demanding best-in-class, multilayered solutions. These solutions centralize security controls in a single device, improving the IT organization’s control and simplifying management of network security.
With network growth showing no signs of abating, organizations need a network security device that has the capacity to drive security and inspection activities quickly and reliably. Many multilayer network security solutions share similar feature lists, but not all of them can be considered best-in-class.
The following are four key questions an organization should ask as it evaluates any multilayer network security solution:
Today’s briskly evolving multi-faceted threat landscape means having a simple packet-filtering firewall isn’t enough. Organizations are increasingly demanding a multilayered approach to network security services—one in which various security layers and services work cooperatively to dynamically detect, block, and report on malicious traffic while passing benign traffic through as efficiently as possible.
Network security threats aren’t going to go away; in fact they’re only going to get more numerous and complicated, so be sure to ask the right questions before selecting a security solution.
In our last blog – Network Security with Virtualization Best Practices – we promoted Cory Nachreiner’s upcoming session at the Gartner Symposium ITxpo in Orlando at the end of this month. We’d be remiss if we didn’t also share Dave Taylor’s session at the same show – The Dirty Secret of Security Breaches. That session is on October 23rd at 7pm.
Is the biggest security risk today Advanced Persistent Threats? Data leakage? No. Experts maintain that 95% of security breaches are due to firewall misconfiguration. Dave’s session will show you how easy it is to use advances in manageability and usability to put pinpoint control in the palm of your hand with our Next-Generation Firewalls.
Think security breaches can’t happen to you? Are you willing to take that risk? Before you answer, here are the largest data security breaches this century (we’re only 12 years in) that may change your mind, and while not all of them are related to a misconfigured firewall, they will open your eyes:
If you have a Next-Generation Firewall, chances are there’s something of value behind it you need to protect. We hope to see you at Dave’s session to learn more about the right way to configure your network security appliance.