Just when you think you’ve got your BYOD device management policies nailed down, the game shifts again. Recently, the term BYOX (or BYOA: bring-your-own-anything) has forged itself into IT vernacular to characterize the phenomenon by which employees not only use any device, but also any application, content, or service to accomplish their work. When these activities occur beyond the oversight, or explicit authorization, of the IT department, they are commonly referred to as “shadow IT.”
Shadow IT has been around for quite some time, but BYOX adoption is exploding fast and permeating organizations to the point of no return. In fact, PricewaterCoopers (PwC) estimates 15% – 30% of IT spending now occurs outside the IT department budget. Today’s workforce is imbued with the mindset that, for any task–“there is an app for that.” Illustrating this, Netflix recently found that its employees were using 496 smartphone apps, generally for data storage, communications, and collaboration; while Cisco Systems found that its employees were leveraging hundreds of apps, as well as services for shopping and personal scheduling.
It’s been argued that BYOD can increase employee productivity, and an iPass survey of 1,100 mobile workers suggested that employees who use mobile devices for both work and personal needs put in 240 more hours per year than those who do not. BYOD and BYOX can also result in higher employee satisfaction and greater worker collaboration. All these benefits aside, there still needs to be tools and processes in place for network security management and data security… and there are.
Embrace the benefits of BYOD and BYOX and consider these FIVE network security management protocols:
BYOD, BYOX, shadow IT… these aren’t going away, and will likely only continue to proliferate your organization as more apps, devices, and cloud tools become available. These five network security management protocols can help get you started. For more information and five more tips, download the whitepaper – Illuminate Shadow IT and Securely Manage BYOX.
One of the most critical aspects of virtualized security is the ability to manage the environment. Most virtualized security solutions today need to support rapid deployment and be used to implement virtualization security policies, not just on an inside-vs.-outside basis, but also between organizations or applications within the same infrastructure. It needs to provide compliance and privacy within the organization and be able to migrate within the virtual infrastructure, and protect using the high-availability capabilities of the virtual infrastructure, offering protection continuity even as the infrastructure changes dynamically. It needs to be easily preconfigured and deployed along with the virtual machines that serve multi-component applications, making it easy to protect them and their data by default. Policies should be defined not only at the intersection of physical networks, but also between virtual-only networks within server farms or even on individual servers. Full threat prevention policies must be implemented at the physical perimeter and at the connection point for mobile and personal devices. In short, virtualization security is not a simple task.
Today’s virtualization security solution needs to defend against botnets, Advanced Persistent Threats (APTs), and other attacks, while keeping your organization in control when using Web 2.0 applications. The architecture should consist of different security layers that work cooperatively with one another to dynamically detect, block, and report on malicious traffic while passing benign traffic through as efficiently as possible. It should be able to protect your organization from new, unknown threats – often called zero day threats.
If you’re attending Interop in Las Vegas this May, be sure to swing by booth 751 where we’ll be speaking on everything you need to know about virtualization security. Hope to see you there!
If you own a retail store and accept credit card transactions, then you are undoubtedly aware of the PCI DSS regulatory requirements that you must meet. If you manage a distributed retail environment with multiple store ‘endpoints’ than you are not only aware of the PCI DSS requirements, but likely challenged with what can easily be one of the most complex IT environments for unified security and compliance management.
The distributed retail environment presents a multitude of unique IT challenges that stand apart from a more pedestrian single-store infrastructure; business pressures are forcing retailers to be more agile, more aggressive, and more efficient. To remain competitive, retailers have to invest in IT systems that help retain and nurture customer and brand loyalty, as well as increase sales and, simultaneously, reduce operating costs. No easy task to be sure!
So what does it take to meet the PCI DSS protocol? Simple… you meet these 12 requirements:
Build and maintain a secure network:
Protect cardholder data:
Maintain a vulnerability management program:
Implement strong access and control measures:
Regularly monitor and test networks:
Maintain and information security policy:
Any retailer found to be non-compliant may face substantive financial penalties, regardless of whether or not a breach has occurred. Typically, fines for non-compliance are levied based on the size of the retailer, but in some cases, a credit card provider reserves the right to expel a retailer from its program, thus effectively cutting off acceptance of that vendor’s credit card. Therefore, it is critical that a retailer maintain PCI DSS compliance.
One way to protect yourself and your distributed retail environment is with a UTM system (preferably from WatchGuard). UTM systems provide unparalleled firewall protection to control data traffic in and out of a distributed network. Additionally, UTM systems protect against unauthorized access from the Internet and include integrated IPS to prevent hackers from gaining access to internal resources.
Specifically designed for distributed retail environments, our RapidDeploy solution is a unique cloud-based configuration utility that enables uniform, rapid deployment of UTM security appliances across a distributed environment. This eliminates the need for IT professionals to pre-configure devices or travel to deployment sites for installation, which significantly reduces total cost of ownership, while also reducing the risk of UTM misconfiguration.
UTMs also offer gateway antivirus protection, and with a security subscription it’s updated automatically and seamlessly. And at WatchGuard, our UTM security supports extensive policy controls. This way, distributed retailers can maintain and enforce uniform policies across a variety of geographic locations. With our LiveSecurity service, your UTM security solution provides best practices and related security updates for retailers to ensure they are up to speed on the latest security developments.
Today’s distributed retail environment architecture is one of the most challenging IT environments, rivaling that of banks and financial institutions. While the distributed retail environment offers substantive business advantages, such as increased sales, improved customer loyalty, and operational efficiencies, it also poses significant challenges. With a smart UTM in place, you can spend more time generating sales, and less time worrying about PCI DSS compliance.
In our last blog post – 4 IT Risks and Challenges with BYOD Device Management – we highlighted some things that IT needs to be aware of when it comes to maintaining control of network security in a BYOD environment. We closed with the fact that IT must face the reality that BYOD is here and they need to enforce a BYOD strategy as part of their service to the organization. So what can you do, and where should you start?
Here are 5 BYOD device management strategies you can use to secure your corporate network and prevent data loss:
With the future of computing swaying more and more toward mobile, you’ll face an uphill battle against BYOD adoption, so embrace it. But remember that communicating your BYOD policy, and updating it as needed, is critical.
For more information on BYOD device management and mobile device security solutions, check out our recent whitepaper – BYOD: Bring Your Own Device – or Bring Your Own Danger? You’ll also find 5 more strategies for managing BYOD effectively in your organization.
As we coast into the Nation Retail Federation’s (NRF) big annual show in New York City next week businesses of all types face the daunting task of securing their business network from outside threats. Perhaps it’s fitting that online retailers in particular are concerned with the growing number of advanced persistent threats that are poised to make 2013 a potentially busy year in data loss prevention.
So with the NRF just around the corner, here are three network security roadblocks that threaten the success of online retail organizations of all types:
There are many other roadblocks that can hinder growth and expose data, and we’ll certainly be blogging about them in the days and weeks ahead, but these three are certainly important and worth consideration. For online retailers, customer data security is the foundation for success.
If you’re at the NRF Show in New York, swing by booth # 1681 and say hello. We’d love to see you!
In our last blog – What is UTM Security and is it Right for my Business? – we outlined the importance of a UTM appliance in combating today’s advanced persistent threats (APTs). Well since that blog went live, our own Corey Nachreiner, published a press release that revealed his top security predictions for 2013.
At the tail-end of a busy year for network security workers, Corey had this to say about 2013…
This is a year (2013) where the security stakes reach new heights, attacks become more frequent and unfortunately more damaging as many organizations suffer attacks before taking measures to protect themselves from the bad guys.
Read the release for more detail, but here’s what he thinks might be in store for 2013:
If attacks such as these happen in 2013 as Corey predicts, then losses stemming from them will ultimately continue to rise and take their toll on not only small businesses, but enterprises as well. Organizations that are serious about network security – protecting data, intellectual property (IP), and their reputation – are increasingly demanding best-in-class, multilayered solutions. These solutions centralize security controls in a single device, improving the IT organization’s control and simplifying management of network security.
Be sure to have the latest network security solutions in place as you head into 2013. These predictions are scary!
On October 23rd, at the Gartner Symposium ITxpo in Orlando, Florida, our own Cory Nachreiner will be speaking on virtualization best practices for network security. His session – Securing Networks in a Virtual, Cloudy World: Virtualization Best Practices – will highlight what you need to know about network security in today’s virtualized IT environment.
Neal MacDonald of Gartner Group has estimated that “60 percent of virtualized servers will be less secure than the physical servers they replace.” MacDonald also identified some of the most common security risks for data center virtualization projects:
Traditionally, network security has been designed as a ‘one appliance, one application’ model and designed with physical networking in mind. Firewalls and UTM appliances are leveraged in network designs based on the fundamental notions of:
With virtualization, these fundamental assumptions may not be true:
In his presentation, Cory will touch on what you need to know about securing your virtual network, and showcase our latest network security solutions designed for virtualization infrastructures, including the XTMv and the XCSv. So mark your calendars and be sure to stop on by.
Despite VoIP’s worldwide explosion, most of the network security issues surrounding VoIP technology have not been adequately resolved.
Why do you need VoIP security today? Well “Security and complexity are often inversely proportional,” goes one of the old security axioms from Fred Avolio. In other words, the more complicated a process is, the more it leaves room for mistakes, flaws, and insecurity. That does not bode well for VoIP mainly because basic operations of VoIP require:
In short, implementing VoIP introduces your network to numerous codecs protocols, and transport methods. If complexity does not promote network security, VoIP exposes substantial attack surface for malicious hackers.
VoIP and network security have always had that “inversely proportional” relationship. When administrators first tried to implement Session-Initiation Protocol (SIP) and H.323, firewalls typically broke VoIP connections. That was because these protocols initiate a connection on a known, standard port, but then they want to open other ports dynamically, as needed. It took security vendors a while to create special services that could handle the dynamic ports temporarily and close them cleanly after a session terminated. The result is that many firewall security vendors now claim “VoIP Support!” – not because they secure VoIP in any sophisticated way, but simply because they no longer break VoIP. That is clearly not the same as VoIP network security.
In 2007, Cisco made headlines when it published a Security Response admitting that a bug in their Unified IP Phone’s implementation of Real-Time Transport Protocol (RTP) could allow a remote attacker to eavesdrop on VoIP phone calls. Six months later, the security vendor VoIPShield announced that it could document more than 100 security holes in Cisco, Avaya, and Nortel VoIP products. Scary stuff!
Since 2006, attackers have increasingly exploited network security flaws in codecs. By injecting malicious code into files that your computer must decompress to use, attackers found they could execute malware on victim computers using file formats previously considered benign (such as QuickTime .MOV and Windows Media Player .WMP and .WAV files).
Given that attackers like to exploit codec flaws, VoIP provides the kind of technical wilderness that attackers love. VoIP incorporates audio, video, fax, and text, and provides numerous codec options in each of those technologies. Take audio alone: some users demand stereo sound and great audio quality, and thus prefer codecs that result in larger packets. Other, more bandwidth-sensitive, users prefer codecs that create smaller packets using a lower average bitrate, but requiring intensive processing. For reasons such as these, VoIP audio has at least eight codecs in common use.
Thus, to enjoy VoIP functionality, you must accept unregulated IP traffic from strangers, in a format that your computers must execute in order to use, mingled with traditional data packets on your LAN. Clearly, VoIP technology magnifies the risk to any network, many with a firewall security solution in place.
From our perspective, as bad as it is that an attacker might be able to eavesdrop on a call or teleconference, there are even worse problems with VoIP. Because VoIP runs mingled with your IP network, its most serious threat is that any hole in VoIP provides a stepping-stone to all your network data. So all that said you need to choose your firewall security solution carefully!
PCPro recently reviewed our XTM 330 Network Security Appliance and we’re pleased to say that they’ve put it on their “Recommended A-List.”
The XTM 330 network security appliance provides a suite of flexible, integrated management tools designed to help small and mid-sized businesses stay in control of their network. It includes the Pro version of Fireware XTM operating system, which includes VLAN support, multi-WAN load balancing, and dynamic routing. Add in real-time monitoring and deep reporting at no additional cost and the XTM 330 is terrific value!
In the words of PCPro…
WatchGuard already lays claim to a sizable chunk of the SMB network security market, but with its latest multifunction appliance it wants even more. In this exclusive review we look at the new XTM 330, which offers impressive performance and strong features for a surprisingly low price.
To see video testimonials and see how our XTM network security appliances stack up to the competition, check out our YouTube Channel.
You’re not the Pentagon. Or Microsoft. Or NASA, Wells Fargo, AOL Time Warner, or Daimler Chrysler. You’re not even headquarters for a burger franchise.
No, you’re just part of a small- or medium-sized enterprise (SME), perhaps even a home-based business with enough employees to count on one hand. You may not even be thinking about network security. After all, there are a gajillion companies in the world larger and more affluent than yours, so they’d be more logical targets for a hacker, right? After all, what does your network have that any e-punk would want? Well, here are five reasons hackers want into your network, besides data…
The first step in a hack attack is to test for vulnerability. This is usually done with a “scanner,” a commonly available application that queries thousands of arbitrary Internet addresses, hunting for any network with open ports through which a hacker can easily enter. Imagine a burglar sneaking down your street at 3:00 AM, trying every front door, looking for one that’s unlocked. If you get robbed, it’s not personal. You just made it easy — you didn’t lock your door.
First among these are your CPU cycles, the processing horsepower in each computer on your network. With 15 PCs and a high-speed Net connection, Corporate Health Systems came to WatchGuard Technologies for help after persistent hacks had enslaved the company’s network for one purpose: to help the hacker win an encryption-cracking contest.
A WatchGuard network security appliance instantly solved Corporate Health Systems’ hacking problem. Just the same, being roped unknowingly into such “distributed computing” applications poses a serious risk to any company, in part because most such attacks keep a low enough profile as to be unnoticeable.
If a hacker can learn your name and e-mail address — not a particularly hard feat — he’s at liberty to change his mail, news, and chat settings to impersonate you. He might send death threats to an ex-boss under your name. He might raid your contacts list and then pretend to be you while asking vendors for information about your order history, including the account numbers used to pay invoices. If the masked hacker slanders your competitors in a newsgroup, you could be faced with trying to clear yourself in court.
Be sure to take advantage of network security solutions and protect yourself and network. There’s too much at risk in today’s business environment to ignore hackers.