By: Rob Hilton Sr. Solutions Architect & Lucas Melcon, Account Executive
Securing your data and infrastructure has been a top priority for many companies and one of the greatest challenges is to deploy a solution that is easy to use, secure and cost effective. Recently, a client came to us with the need to consolidate their firewall application with minimal downtime and overall expense. They had three different firewall products installed from varying manufacturers, three different subscriptions, management platforms, and support agreements and sales teams. This was becoming a very large headache for the client. If a device or application had a problem it took hours of downtime to debug the problem due to the inherent complexity of their solution and they were frustrated because they had deadlines for other projects that were not being met.
As we worked with the client to identify the best solution for their needs we realized, let’s share this knowledge with our community because they are most likely asking themselves the same questions! Below are some key considerations and questions to keep in mind when assessing your security practice.
- Understanding Next Generation Firewall (NGFW) vs. Unified Threat Management (UTM) vs. Intrusion Prevention system (IPS) / Intrusion Detection System (IDS)
- NGFW and UTM are both firewalls with advanced security features including application and user awareness and IPS/IDS functionality. Standalone IPS/IDS solutions attempt to assess and either prevent or detect malware, spyware, and hacking attempts.
- Traditional firewalls prevent or allow traffic based on address and TCP/UDP port at Layer 4. NGFWs and UTMs CAN provide that functionality, but also have functionality layered into them. This added function can prevent or allow traffic based on application or use, either in addition to IP and TCP/UDP rather than opposed to.
- Determining layer features for improved Firewall performance
- Adding more layers and features to a firewall can affect the throughput and therefore sizing of devices, therefore we advise and assist our clients with performing a sizing exercise to determine the most critical features needed for their environments. Common Next Gen features include: Application awareness, URL filtering, deep packet inspection (DPI), virus scanning, and threat prevention.
- Different devices handle traffic in different ways, so understanding sizing and bandwidth calculation is a necessary process when evaluating devices. Network devices behave radically differently based on the type of traffic being filtered, the features enabled, and the protocols and types of traffic being handled.
- Certain NGFWs evaluate a packet only one time and perform security decisions based on a single pass, and others send the packet through a sequence of policies that each evaluate the traffic based on their own set of criteria. The best choice for a specific environment will be based on the type of environment and the critical data that’s being protected.
- Selecting the best-fit security solution for your environment
- Security assessments and detailed conversations about networks and infrastructures are key to a proper solution design and a tightly-integrated security suite. Not every environment is the same, and threats can come from all areas of the stack and target a multitude of different areas in your environment. Evaluating layers from the physical to the application and understanding that threats can be evasive and mobile can create a confusing evaluation landscape. Security needs to adapt more quickly than the threat landscape.
- There is no simple guide to “choosing the best-fit solution”, there are many factors and questions you need to assess within your network before making a selection of security products. You should be asking yourself, “What is most important to my business?” 1) Saving money, 2) Saving time or 3) Ease of management. For example: If you have antivirus capabilities on your firewall, then you don’t need another separate antivirus application. Antivirus protection becomes one added layer/feature you can add to your firewall for easier management.
Security is not a technology conversation, it’s an evaluation of what data needs to be protected and how that data could be breached and stolen. It’s looking at every aspect of the network and what path and/or information threats need to traverse in order to reach that data. 70% of attacks are targeted at an end user device inside the network, and a successful infiltration can result in a radically different approach to securing protected data. Companies need to assume that infiltrations can possibly come from inside their own network, and may not necessarily be the result of malice, but instead result from human error.
We have created a YouTube video that goes into more detail about key things to consider when assessing your security practice. We hope you enjoy watching it and we look forward to hearing your thoughts about this topic below in our comments section. Thanks for reading and watching!