Network Security Scenario



Similar documents
Deploying Firewalls Throughout Your Organization

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

On and off premises technologies Which is best for you?

Chapter 1 The Principles of Auditing 1

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Securing the Small Business Network. Keeping up with the changing threat landscape

Network Security. Intertech Associates, Inc.

Readiness Assessments: Vital to Secure Mobility

Best Practices for PCI DSS V3.0 Network Security Compliance

Check Point Positions

Chapter 9 Firewalls and Intrusion Prevention Systems

The Hillstone and Trend Micro Joint Solution

Braindumps QA

March

The Cisco ASA 5500 as a Superior Firewall Solution

McAfee - Overview. Anthony Albisser

Acceleration, Optimization, Security and the Data Center: Application Delivery s Next Step

A Gartner Hype Cycle. Gartner IT Security Summit June 2005 Marriott Wardman Park Hotel Washington, District of Columbia

Cisco Small Business ISA500 Series Integrated Security Appliances

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Recommended IP Telephony Architecture

COUNTERSNIPE

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Secure Network Design: Designing a DMZ & VPN

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

BlackRidge Technology Transport Access Control: Overview

ISG50 Application Note Version 1.0 June, 2011

Security Technology: Firewalls and VPNs

Managed Security Services for Data

Cisco Which VPN Solution is Right for You?

IDS or IPS? Pocket E-Guide

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Virus Protection Across The Enterprise

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

74% 96 Action Items. Compliance

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

White Paper. ZyWALL USG Trade-In Program

Nominee: Barracuda Networks

Proven LANDesk Solutions

Achieving PCI-Compliance through Cyberoam

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

10 easy steps to secure your retail network

Putting Web Threat Protection and Content Filtering in the Cloud

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Connecting an Android to a FortiGate with SSL VPN

- Introduction to PIX/ASA Firewalls -

Firewall Defaults and Some Basic Rules

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

The Security Scenario 2005: The Future of Information Security

The Need for Intelligent Network Security: Adapting IPS for today s Threats

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Solution Brief. Secure and Assured Networking for Financial Services

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Firewall and UTM Solutions Guide

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Next Gen Firewall and UTM Buyers Guide

How To Protect A Web Application From Attack From A Trusted Environment

PART D NETWORK SERVICES

CoIP (Cloud over IP): The Future of Hybrid Networking

Cyberoam Perspective BFSI Security Guidelines. Overview

ICT budget and staffing trends in the UK

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Unified Threat Management, Managed Security, and the Cloud Services Model

Firewall Environments. Name

Devising a Server Protection Strategy with Trend Micro

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific Developments in Web Application and Cloud Security

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Securing the Intelligent Network

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

10 Strategies to Optimize IT Spending in an Economic Downturn. Wong Kang Yeong, CISA, CISM, CISSP Regional Security Architect, ASEAN

The Protection Mission a constant endeavor

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Devising a Server Protection Strategy with Trend Micro

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Total Protection for Compliance: Unified IT Policy Auditing

Clean VPN Approach to Secure Remote Access for the SMB

NGFWs will be most effective when working in conjunction with other layers of security controls.

Industrial Firewalls Endpoint Security

Cloud, SDN and the Evolution of

Firewall Security. Presented by: Daminda Perera

Securing an IP SAN. Application Brief

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

Advantages of Managed Security Services

Firewalls and Network Defence

Small and Midsize Business Protection Guide

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

Guideline on Firewall

What would you like to protect?

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Network Security Solution. Arktos Lam

Transcription:

Network Security Scenario Jeffrey Wheatman Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals must be requested via e-mail: vendor.relations@gartner.com. Gartner is a registered trademark of Gartner, Inc. or its affiliates.

Network Security Sea Change Threats don't stay still networks aren't, either Your father's DMZ zone won't work for changing networks moving upward and onward Effectiveness and efficiency - Build security into the network for well-known threats - Rapid evaluation of new approaches for dealing with new threats - "Baking" security into every new network services What if none of the endpoints are managed?

Defense in Depth and the 'NxN' DMZ Complex applications require a more-complex yet well-structured DMZ "Death spiral "of increasing rules or access control lists Increased connection methods Protecting assets from the internal network Mobility of endpoints DMZ and data center protection Virtualization and acceleration

There Will Always Be a Perimeter Neither "all network" nor "all host" safeguards are feasible The edge changes and gets more complex but doesn't go away Coordinated safeguard approach rather than a single safeguard Unmanaged endpoints will only increase

Flavors of Network Protection Persistence of buying centers Changes in threats Changes in business demands UTM for SMB In the cloud(s) for large enterprises Niche markets for threat-specific protection: - Web application firewall - Database firewall - XML firewall, and so on Perimeter stays separate - Rapid response - Separate control plane Secure Message Gateway (E-mail servers) Secure Web Gateway (ADC/WOC) Next-Generation Firewall (Network gear) WOC = WAN optimization controller

Embedding Network Security in Endpoints Network group can always talk to an NIC Fourth firewall tier in the NIC Silicon-based firewalls are inexpensive and widely available Firewall provides a panic button IPS can provide hardware acceleration and close-to-host network deep inspection

IPS Primarily at the Edge and in Blocking Mode IPS moves beyond threat signatures Endpoint and "extra IPS" intelligence A big market Forecast >$1 billion in 2007 Deployments march inward at critical points Signatures In Blocking Mode IDS High Fidelity Tuned Maximum 0% 20% 30% 40% Process Endpoint Intelligence Capability

The Need for a Separate Security Control Plane Guidance Decision not accident Hybrids can be worst of both approaches A security decision Foundation design principle Can always change back Infrastructure vendor products can be used for a control plane, but this is not the default Asset Dynamic Move Packets Vulnerabilities Costly Block Packets Secure Configuration Kernalized and Evaluated Infrastructure Security Costly

Web Application Firewalls Can openers: Great idea, but you only need one Market pressure has led to good standardization Use of Web application firewall evaluation criteria for selection against criteria Market divided: In-the-ADC or stand-alone In-the-ADC has enterprise advantage but is not leading in features True competition is with code/application scanners PCI will drive some increase

Content Monitoring and Filtering/Data Loss Prevention E-Mail Surfing Web Mail FTP Data in Motion (Network) PCI IP Sensitive Data Description Data at Rest EPHI NPPI Servers Desktops Laptops SAN NAS USB Key Endpoint Cut and Paste Print

Network Security Market Dynamics New threats and technology will continue to emerge - Network security add-ons will be first reaction point - Embedded network and host security later - Acquisitions and failures follow Still much room for innovation - Detecting and blocking arbitrary malware - Content-aware network security - Dealing with encryption - Securing Web 2.0

Network and Host Security Will Communicate but Not Become One Benefits - Buying center - Some efficiencies and early warning - Signature enablement Problems - Conflicting blocking policies - Operations and business knowledge across network/host boundary is limited

Encryption of MPLS and Internal Links Remains Niche Encryption can "blind" WOCs, IPSs, NBA, firewalls High cost and disruption Drop-in appliance approach is most common approach Overlay approach from Cisco GET VPN Longhorn brings IPsec, but authentication only Quantum cryptography will remain niche until at least 2011

In the Cloud Non-CPE Moved easily into the cloud: - Distributed denial of service - E-mail spam/antivirus -Firewall More problematic: -IPS -CMF - Anti-phishing New pricing/availability Carrier/ISP Enterprise

Recommendations Maintain that separate network security control plane but take advantage of embedded network security capabilities where possible Move beyond just default IPS blocking - - Integration of endpoint intelligence and network behavior analysis (NBA) - - Try out innovative new solutions - - Content-aware security (CMF/DLP) Look to aligning refresh cycles based on where point products are converging

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information