Network security implementation has changed a lot in the last few years, but often the way we approach network security in general hasn’t changed much. This presentation takes a fresh look at network security to make sure you’re getting the most out of your firewall.
The firewall in our UTM appliance is easy to use. With an open, visual layout you can be as broad or as detailed as you need. Find out more here: http://bit.ly/YzzcbE
1. Get the Most From Your Firewall
How your firewall can do more to meet today’s security needs
2. Agenda
Changes in the security environment
Technology
Threats
The way we work
Tools
Introducing Sophos UTM
Real life case studies
2
3. Remember the ’90s?
Think back to the time before the mobile revolution
You didn’t have to worry about all of these:
3
4. The history of firewalls
First generation to next generation
1st generation: 2nd generation: 3rd generation:
Packet filters “Stateful” filters Application level
4
11. What’s changed: Tools
Point Products vs. Unified Threat Management (UTM)
Back in the ’90s: Best of breed individual solutions
or
Compromise on protection for convenience
Sophos today: Best of breed individual solutions
or
Best of breed unified solution
vs.
11
21. Complete security
Everything you need to stay protected
Endpoint Web Email Data Mobile Network
Anti-malware Anti-malware Anti-malware Disk Encryption Anti-malware
Unified Threat Management
Firewall Intrusion Malicious Anti-spam Mobile Control
Secure branch offices
prevention URL Filtering File encryption
WiFi security
Application Producttivity Mobile app
Device Control Data Control Key management
Control Filtering security
Web Application
Endpoint Web Anonymising Proxy Email Device Control Firewall
Access control
Protection blocking encryption
Data Control
Encryption Patch Manager
Content control Email archiving
Encryption
Virtualization for cloud
Data Control HTTPS Scanning
22. Staying ahead of the curve
Staying ahead of the curve
US and Canada
facebook.com/securitybysophos 1-866-866-2802
NASales@sophos.com
Sophos on Google+
UK and Worldwide
linkedin.com/company/sophos
+ 44 1235 55 9933
Sales@sophos.com
twitter.com/Sophos_News
nakedsecurity.sophos.com
22
Notas del editor
This presentation explores they key network security changes that have implications for your firewall. It will focus on the four Ts: - Technology - Threats - The way we work - Tools
Network security implementation has changed a lot in the last few years, but often the way we approach network security in general hasn’t changed much. It’s time to take a fresh look at network security and make sure you’re getting the most out of your firewall.In a recent Sophos survey over one third (34%) of all respondents said they’ve had their firewall for five years or more. If you haven’t reviewed your firewall for a while, there’s a good chance it could be working harder for you.
Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity.We began with packet filterswhich delivered the simplest instructions (rules) for inspecting Internet traffic and deciding what to allow through. But soon we realized that more control was necessary. Which led to the creation of second generation firewalls, called stateful filters. These allowed us to create more detailed rules, but were still focused on the type of Internet traffic.Today understanding traffic flow isn’t enough. It’s also important to know what’s inside that traffic. Which brings us to application level firewalls, also known as next generation firewalls. So as you can see, firewalls are not a static commodity. And if you haven’t updated yours for a while, there’s a good chance it could be doing a lot more for you.
Some of the key technology developments that have implications for network security include: - Wireless: Wireless enables users to connect to your network from roaming locations and from a wide range of devices. Great for productivity, but a threat to the security of your network and data. Both in terms of what might get on and what might come off. - VPN: Remote access: Users increasingly want – and often need – to have full access to the corporate network when working remotely. Virtual private networks have existed for many years but recently VPNs have become more prevalent due to significant cost reductions, increased bandwidth, and security. It’s likely that these IP based VPNs will ultimately find their way into almost every network based communications activity, including inside corporate local area networks - Private cloud: This is where cloud-based infrastructure is operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. - IPv6: IPv6 presents new challenges for both monitoring and traffic management. Tools are immature, and lack feature parity. You can’t depend on NAT, and firewall rules must take all traffic into consideration. BYOD: And the seismic change in consumer technology, with Smartphones and tablets, means users increasingly want to use their own shiny devices for work, devices that you can’t control or that lack standard corporate security features.Adopting new technologies such as these is fast becoming a must-do, not to gain competitive advantage but rather to stay in the game. If you don’t open your arms to them, you’ll get left behind.
What do these technology changes mean for security? Essentially they mean a whole load more for Network Administrators and IT Security Managers to consider. Not only do you need to keep up with security for traditional in-office computers, but you also need to enable users to take advantage of these new technologies without adversely impacting your network or your data.
Todaynearly all modern threats are web-based.SQL injection, phishing, spam and malware distribution have all migrated to the web. The web is available to everyone and cyber criminals prey upon unpatched users, programming flaws and poor human judgment to deliver their attacks.Considering that 21% of organizations we surveyed have had an outage due to a malware infection in the last year it is no wonder that two in five have concerns about the increasing sophistication of threats for their network security.
While traditional methods provide some protection against worms and automated protocol attacks, the reality is that trying to use 20th century tools against 21st century threats compromises your ability to defend your networks, and, more importantly, your data.When it comes to network security, it’s no longer just about the direction of traffic or which port numbers it is traversing. Rather it’s about the intent of the payload. The device you use to connect and the medium you connect over matter just as much as any other factor. The threat landscape has changed, but there’s no reason to panic. We just need to make sure we have the right security solutions for today’s and tomorrow’s threats.
Over the last 20 years they way we work has changed significantly. Road warriors in the cafe, car or customer site need the same IT functionality and access to data as in the office. Over recent years the boundaries between personal and professional have become ever more blurred. And it’s different from generation to generation. For those who are new to the workforce, stopping access to personal devices and social media sites in the workplace seems outrageous. For them multi-tasking between work and social activities is as natural as breathing. And of course consumer devices – smartphones, tablet PCs – are now commonplace in the workplace.
Users expect to securely access any necessary data from anywhere, on every device. This demands a shift in thinking. Protection of sensitive information must be done based upon the need to secure that data, not on where it is located.Breaches will happen, so no matter where information resides it must be protected. We need to find a way to allow authorized access to information anywhere it might be needed in a world fraught with threats.
Network security tools have changed significantly over the last 20 years. Back then the choice was between best of breed point products, which gave the best protection but required more management. Or a UTM solution that required customers to compromise on protection in return for the easier management.Things have changed with Sophos UTM, the first unified product on the market that doesn’t require compromise. It gives you an all-in-one easy to manage solution utilizing the latest technologies backed by SophosLabs.However you want to manage your network security, point solutions or unified protection, we can help.
Let’s take a quick look at the UTM and the optional modules you can add to enhance your security.Firewall: At the heart of the solution is the firewall.The duties of a firewall include more than just being a traffic cop. Sophos UTM not only analyzes traffic, but provides secure VPN functionality and audit logging to keep a close eye on what’s transiting your network.Network Security: Network security is an important component in a comprehensive defense. Sophos Network Security providessecure access while watching for known malicious behavior which is an essential starting point to limiting the risks to your traffic. While the Branch Office functionality enables you to securely connect remote sites to headquarters simply, quickly and cheaply.Web Security: The vast majority of threats enter modern networks through web exploits and social engineering. Sophos Web Security lets you filter websites by category or by only looking for malicious content. This limits access to dangerous content and is one of the most effective techniques at reducing risk.Mail Security: Email security is considered old hat to many IT professionals, but it’s a lot more sophisticated than one might think. Sophos Mail Security gives you the best protection against phishing, targeted attacks while making it simple to encrypt and send secure emails.Web Application Security: This module filters the inputs and attacks targeting your websites can help defend against some of the most public data leakage incidents making the news. Web filtering is a two-way street – both keeping what should stay in, in, and what needs to stay out, out.Wireless Security: the Wireless Security module lets you consistently configure your wireless networks across the enterprise with the ability to segregate guests, mobile devices and managed PCs control access to sensitive informationEndpoint Management: use the Sophos UTM as the one place to manage and report on all your security tools with integrated management of your Sophos Anti-Virus clients.
SophosUTM is a 21st century solution, designed to enable you to take advantage of today’s – and tomorrow’s – technologies and working practices. You can add modules as and when you need them – whether you need to enable secure wireless networks, securely connect branch offices, or enable road warriors to connect in securely.With regards the changing threat landscape, the truth is there is no silver bullet to stopping modern threats. Different techniques like anti-virus, web filtering, application control and web application firewalls are all effective at combating different attack vectors. A comprehensive solution is necessary to provide an effective defense. And Sophos UTM gives you just that, all managed through one easy-to-use console.And our threat protection is backed up by SophosLabs. Our global threat centers research threats from their origin and deploy protection from those threats based upon the most successful methods available to prevent exploitation. Working as a single unit, SophosLabs are able to inform our products to identify malicious content, regardless of technology or origin.Of course, you may not want to take advantage of every security option initially, but the Sophos UTM is designed to grow with your needs. The next generation of technologies to shore up our defenses is unknown, but the design of the Sophos UTM allows you to add functionality to your existing investment without the need for additional hardware or complicated rip and replace projects.