INTELLIGENT ENTERPRISE SECURITY
Advances in hacking techniques
3
Traditionally , organisations deploy firewalls at the perimeter of the network for protection . Edge firewalls label all external traffic including Internet traffic as untrusted , while designating all intranetwork traffic as trusted , and handle them in two distinct ways . There are no grey areas , no ambiguity .
Unfortunately the world is not black and white anymore .
With the rise of attacks originating from weak segments of the network , the line delineating trusted and untrusted traffic has blurred . Merely deploying firewalls at the edge of the network is no longer adequate - organisations need to re-architecture their network such that internal firewalling can restrict malware flow between different segments of the organisation .
According to research firm Forrester , enterprises have built strong perimeters . Today well-organised cybercriminals have recruited insiders and developed new attack methods that bypass current security protections . Security and risk professionals must now make security ubiquitous throughout the network , not just at the perimeter .
Forrester advocates the zero trust security model , where the network is securely segmented , and all traffic is inspected and logged . With such a model , the information flow between an engineer and a marketing colleague seated next to each other , will no longer proceed unchecked .
Since these two employees are assigned different network segments and an internal segmentation firewall is in place , proper policies will be applied and logs will be generated for any traffic traversing between the two departments .
Internal segmentation firewall comprises two kinds of technologies : Policy-based segmentation that
1 identifies a user ’ s parameters , and
dynamically and consistently enforces a security policy controlling the user ’ s access to enterprises resources
An internal segmentation firewall provides multiple touch points within a network in order to provide security between existing network boundaries
Firewall segmentation that divides up
2 the internal network to enable traffic analysis , logging and full security control
An internal segmentation firewall does not replace the edge firewall . Instead , an internal segmentation firewall provides multiple touch points within a network in order to provide security between existing network boundaries . Or it can create entirely new segments inside of existing network boundaries . It also improves visibility by letting IT management see all layers of the network in one pane of glass .
Depending on the level of security needed between each network segment , the types of protection enabled will vary . Once a firewall is deployed into each segment of an enterprise network , its policy , logging and various modern detection features can help identify and quarantine users that have been compromised .
Also , firewalls would make it much harder for hackers to do reconnaissance and discovery even if they have started to make their way inside the company network .
Internal segmentation firewalls should work in synchronisation with one another , leveraging threat intelligence and being complemented by advanced persistent threat detection solutions . These include sandboxing and endpoint security solutions , so that actions can be taken to identify compromises and quarantine them as soon as they are discovered .
Traditional enterprise objections to putting a firewall in front of each network segment have been around performance and price . Because intra-network traffic volume can be many times that of Internet traffic volume , not many firewalls have the capability to handle the workloads without significant latency . Those that can handle it , when deployed in large numbers to cover each network segment within the enterprise , can make the cost prohibitive for many organisations .
Today however attainable solutions exist . Modern firewalls that leverage custom ASIC chips can be fast enough to handle internal firewalling and be cost effective at the same time .
Some may recall that per-port security was all the rage a few years ago , until implementation hurdles put an end to that promise . Current internal segmentation firewall technology is a step towards reviving that promise . As technologies in switching and access port security evolves and performance improves , we will be able to combine them with internal segmentation firewall to reach that goal .
The concept of internal segmentation firewalling has put the network security industry on the cusp of an exciting era . Firms that want to take their operations and their business , one step ahead of the competition should take advantage of it .
Michael Xie is Founder , President and Chief Technology Officer at Fortinet
43