Gartner has published their 2011 Magic Quadrant for Enterprise Network Firewalls. Key points outlined in the report include:

• Palo Alto Networks was recognized as a leader.
• According to Gartner, vendors in the leaders quadrant “lead the market in offering new safeguarding features, providing expert capability, rather than treating the firewall as a commodity, and having a good track record of avoiding vulnerabilities in their security products.”
• According to Gartner, “The enterprise network firewall market is undergoing a period of dynamic evolution, as effective next-generation firewalls are now increasingly necessary. Vendors that have addressed advanced targeted threats have seen gains in the market.”

It is often the goal for companies large and small, from large pharmaceuticals to your local insurance broker, to protect your data from outside threats.

But what about the potential threats from the inside? A recent article in Information Week related the story of Jason Cornish a disgruntled employee from the pharmaceutical firm Shionogi. Mr. Cornish was able to access the data center and delete $800,000 worth of documents and files.

The motivation for the attack was one that in today’s environment has become increasingly common: Revenge for layoffs of colleagues and friends.

There are many techniques you can use that can help minimize the security risk of insider attacks. The first and simplest solution is to disable ex-employees’ accounts. This step alone could have saved Shionogi hundreds of thousands in damages as Mr. Cornish had resigned a few months before the attack.

Businesses need to be reminded of the importance of reviewing what users have access to your systems, and that changing passwords and resetting access rights is essential when a member of your staff leaves your employment,” said Graham Cluley, senior technology consultant at Sophos

You must also have in place a disaster recovery plan so that any damage is minimized by your ability to react. Sometimes it is hard to plan for these worst case scenarios but the repercussions of not are far too great to be ignored.

There are three areas of difference – security functions, operations, and performance. The security functional elements correspond to the efficacy of the security controls, and the ability for enterprises to manage risk associated with network traffic. From an operations perspective, the big question is, “where does application policy live, and how hard or complex is it to manage?” The performance difference is simple: can the firewall do what it’s supposed to do at the throughput it’s supposed to do it?   The Ten Things Your Next (Generation) Firewall Must Do are:

1. Identify and control applications on any port.
2. Identify and control circumventor.
3. Decrypt outbound SSL.
4. Provide application function control.
5. Scan for viruses and malware in allowed collaborative applications.
6. Deal with unknown traffic by policy.
7. Identify and control applications sharing the same connection.
8. Enable the same application visibility and control for remote users.
9. Make network security simpler , not more complex with the addition of application control.
10. Deliver the same throughput and performance with application control active

Users continue to adopt new applications and technologies – and the threats carried by them. In some organizations, obstructing the adoption of new technologies can be a career-limiting move. Even when it isn’t, applications are how employees get their jobs done, or maintain productivity in the face of competing personal and professional priorities. Because of this, safe enablement is increasingly the correct policy stance. But to safely enable these applications and technologies, and the business that rides atop them, network security teams need to put in place the appropriate policies governing use, but also controls capable of enforcing them. The ten things listed here are critical capabilities for putting the necessary controls in place – especially in the face of a more varied and rich application and threat landscape. Without the network security infrastructure to cope with that variety and depth, security teams cannot safely enable the necessary applications and manage risk for their enterprises

Securing virtualized cloud systems has traditionally been challenging.  It is crucial to secure not only the virtual servers but the infrastructure in which they reside.  Traditionally external devices such as firewalls, IDS/IPS, access control, monitoring and other systems have been used to combat external threats. These are good at securing the LAN infrastructure and can be an effective barrier even when deployed to protect elements such as virtual switches, virtual I/O  directors (such as Xsigo’s) and SAN infrastructure.  However there’s a greater challenge in securing the virtual host systems themselves. 

Read More