Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Effective Network Security Requires a Next-Generation Mindset

Threats have evolved. Most security technologies have not. Companies need to look at new, innovative security solutions to effectively combat increasingly sophisticated threats in today’s dynamically changing IT environments.

Threats have evolved. Most security technologies have not. Companies need to look at new, innovative security solutions to effectively combat increasingly sophisticated threats in today’s dynamically changing IT environments.

Analysts have branded these new solutions as “Next-Generation.” However, some solutions claiming to be “next-generation” integrate various security components, all of which may not be truly advanced. For example, most next-generation firewalls (NGFWs) include signature-only IDS or first-generation IPS, not Next-Generation IPS (NGIPS). Unaided by any form of contextual awareness or platform-level integration, these solutions can’t optimize enforcement decisions.

Evaluating Network Security SolutionsA Gartner paper released on October 7, 2011, entitled, “Defining Next-Generation Network Intrusion Prevention” points to this, stating: “Next-generation network IPS will be incorporated within a next-generation firewall, but most next-generation firewall products currently include first-generation IPS capabilities…Mainstream enterprises over time will refresh existing next-generation firewall deployments with future versions with next-generation network IPS capabilities.”

As vendors and customers alike refresh existing systems, they must recognize that simply upgrading to advanced functionality isn’t enough—it must be incorporated without sacrificing performance or quality.

When evaluating security technology, look under the hood to make sure you’re getting a solution built with a next-generation mindset. Solutions that uphold these four tenets to effective security innovation will help ensure protection and performance:

1 – Complex threats require greater visibility.

You can’t protect what you can’t see. Network security solutions that are configured to standard “default” policies are blind to changes on the network. As new systems and applications emerge, most security systems won’t even notice, let alone respond. Network behavior—such as unexpected connections and sessions, an important sign of a possible breach—passes unnoticed. For thorough protection, security organizations need to fully understand their networks and the frequent changes occurring within. This requires asset mapping, contextual awareness, cross-source correlation, and total network visibility – and, importantly, the ability to continually analyze and respond to change as it occurs. Only in this manner will we eliminate blind spots that provide attackers the opportunity they seek.

2 – Control shouldn’t require compromise.

When the category of NGFW first emerged, vendors added application control to the access control capabilities provided by traditional firewalls and then bolted-on first-generation IPS. This isn’t enough to provide the level of threat protection organizations need today. While a low-latency firewall is a core component of any NGFW, many security professionals agree that threat prevention is paramount for NGFW solutions. A new Ponemon Institute study of NGFW implementations in organizations across 15 different industries showed:

Advertisement. Scroll to continue reading.

• Threat prevention ranked as the most important feature of their NGFW for data protection

• Firewall ranked as least important feature for data protection

• Most organizations deploy NGFW to “augment” (not replace) existing firewall infrastructure

Confidence is waning in these cobbled together solutions that fail to provide the level of control needed for effective protection. Blanket policies alone (e.g. block all social media site access for all users) will likely meet strong resistance and/or lead to excessive false positives that become the bane of security and user organizations alike. A solution that provides fine-grained controls and allows detection and response customization is required.

3 – Automate security for agility.

Threats evolve too rapidly for manually tuned defenses to keep pace. IT consumerization, device mobilization, virtualization and cloud-based computing create a fluid, boundless world to secure. Customers need the agility to stay protected despite the rapid changes and complexity; security automation is the key to keeping pace and discerning what really matters.

New risks can be acted on quickly by tuning security defenses automatically—this can entail auto-applying additional signatures, auto-blocking unknown applications or users, auto-triggering authentication or remediation workflow, etc. Automated event analysis and assessment can also reduce actionable events, concentrating security staff remediation efforts on items of greatest importance. By automatically assessing changes and in turn tuning security policy, organizations can adapt responsively to ensure they maintain their security posture and stay protected.

4 – Maintain flexibility and openness.

Ensuring your solution is based on a progressive security architecture is critical to future success. Additional security functions may be required to meet new threats – if the engine has sufficient power, the desired functionality can be layered on without under cutting the system as a whole. Solutions built to be future proof have the flexibility and performance at the engine level to grow and scale with your needs and address new security requirements as they emerge.

The Ponemon study referenced earlier found that 62 percent of current NGFW users surveyed suffer performance degradation when a first-generation IPS is deployed as part of the NGFW device. This underscores the importance of ensuring that when current integrated security solutions refresh to include the latest advanced security capabilities, for example NGFWs adding NGIPS, they do so without sacrificing performance.

Integrated security solutions can evolve to deliver protection and performance by maintaining a commitment to total network visibility, control without compromise, intelligent security automation and a flexible architecture. By using these four tenets as a guidepost you’ll have a clearer understanding of whether a security solution is next-generation through and through, ensuring optimal defenses today and into the future.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.