We’re facing a generation gap when it comes to combatting today’s attacks. Adversaries are using next-generation attack methods while many organizations are using first-generation defenses. And the situation is likely to get worse before it gets better. Designed for another time, most first-generation network security devices can’t keep pace with challenges like:
Technology disruption – Mobile devices, software as a service, virtualization and cloud computing are necessities as organizations look to ways to enhance productivity, save costs and speed deployment. Most security tools deployed today don’t provide adequate visibility to factor in dynamic network topology, behavior and traffic into security policy definition and enforcement decisions.
Performance demands – In the age of multi-gigabit network connections at the perimeter and within the core data center, security devices need to inspect and enforce policies at these same speeds across all network subsections. This simply isn’t possible with traditional network security device architectures.
So how do you deal with this generation gap? New security approaches are emerging to address today’s fluid IT environment, sophisticated threats and increasing network speeds. Given that many first-generation devices have been deployed for over a decade and simply can’t adapt to this new reality, the time is right to revisit your security strategy and bridge the gap with a new approach to security.
As you talk to vendors about their latest network security technologies, below are key criteria to look for along with specific questions to ask to help you make more informed decisions and, ultimately, better defend your modern IT environment against modern attacks.
Visibility – You need to be able to accurately identify the applications active in your environment (regardless of protocol) and see the myriad of connecting hosts, infrastructure and users. With this visibility you can apply the context of network and user behavior to determine the intent of any given connection and whether it should be blocked. Key questions to ask your vendor include:
• How do you track and monitor for changes in my IT environment?
• Do you provide site reputation intelligence?
• Can you monitor network activity based on user, device and application?
Threat effectiveness – You need to ensure your network security technology can protect against both known and emerging threats while maintaining effectiveness under load during peak utilization.
Questions to ask to make sure you’re covered include:
• What means do you use to detect threats?
• Can you detect and block based on content such as certain file types?
• Can you compare baseline network behavior against actual to identify anomalous activity?
Granular controls – You want your network security devices to enable safe access, not encourage employees to go around your defenses. This requires fine-grained security policies with the ability to customize detection and response for both applications and web sites. A few questions to ask your vendor include:
• How do you address policies across various security elements and how do you handle policy exceptions?
• How flexibly do you handle access control options and application functionality?
• Do you support custom rule development?
Automation – For most IT security organizations, resources aren’t increasing to keep pace with advanced adversaries. You need tools to automate the provisioning and tuning of security policies and apply those policies consistently across the enterprise. A few key questions to ask your vendor include:
• How can you help me sift through thousands of security events each day and focus on what matters most?
• How can you minimize the time I now put into optimizing and tuning policies across the environment?
• Can you help me rapidly zero-in on users tied to events and respond to anomalous behavior?
Advanced malware protection – With increasingly sophisticated malware attacks, it’s becoming more difficult to reliably detect malware on the network and remediate it if it does successfully get through. Cloud-based malware intelligence and the ability to coordinate defenses across the environment are now essential. Key questions to ask your vendor include:
• How do you gather intelligence on emerging threats?
• How does your malware analysis automatically update detection capabilities across all control points?
• How do you perform continuous analysis and retrospective security in the event of malware that is dormant during entry and later exhibits malicious behavior?
Performance, scalability and flexibility – To analyze and apply complex policies at high speeds, performance and the ability to scale to multi-gigabit networks is critical. Flexibility to support your deployment model today and the capability to easily change in the future gives you investment protection. Ask your vendor:
• Do you have 3rd-party validated performance results you can share?
• What security capabilities can I deploy on the same device?
• What type of availability, connection speeds and connectivity options do you offer?
Management and extensibility – To be practical, any updated approach to network security must enable centralized IT security management across the entire enterprise and seamlessly support additional capabilities. Key questions to ask your vendor include:
• Can I manage multiple policies across enforcement points?
• What reporting capabilities do you offer to support security, incident response and compliance?
• How do you integrate with complementary 3rd-party solutions?
It’s only a matter of time before your organization faces a breach. The good news is that network security technologies are evolving so you no longer have to be hampered by first-generation approaches. Armed with the right questions you can be confident that you’re making the best decisions to protect your organization and mitigate risk in this challenging era.