Application security: Extending the reach of your firewall
FYI, this story is more than a year old
Apps. Everyone has plenty. On their smart phones. On their laptops. On their workstations. By 2020, market analysts predict that globally each person will own 26 IP-enabled devices including up to 50 billion IoT devices.
That, of course, includes your staff, guests, their families and, unfortunately, cyber-criminals. And each and every one of those apps represents a possible vector for malware infection.
The challenge is clear: you need to be able to control which devices and users can access your corporate network and which apps they can use to make the connection. “Secure access has to extend beyond the traditional firewall,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “Secure access today is about allowing any device, in any location and at any time to have access to pre-determined sets of data, or to perform specific transactions, based on policy and context.”
Automated security policies
“In such a dynamic environment,” he continues, “it is essential that your network and security infrastructure can automatically profile, classify, monitor and block devices and applications the moment they touch the network. And this policy needs to follow this traffic as it moves across, or even in and out of the network. And this is as essential for mid-sized businesses as for large enterprises.”
What has changed is that application traffic is now pervasive. “Just as the number of apps and devices have grown exponentially,” notes Khan, “the volume of application and transactional traffic has taken off as well. While much of this traffic passes through the traditional perimeter, that border is becoming increasingly porous. At the same time, application traffic is flowing laterally across the network. And unless that traffic is rerouted through the firewall, it is largely not being inspected.”
Thousands of apps? Thousands of threats!
Personal devices now run thousands of apps, many of which are prone to infection. Web applications have become routine and are available in the tens of thousands. And cloud-based applications are being used prolifically by organisations - oftentimes without the knowledge of the company - in a trend that has been dubbed ‘Shadow IT’. Increasingly, firewall deployments simply don’t provide enough coverage for today’s web application threat landscape.
Which means that secure access needs to go beyond just traditional perimeter control. In a borderless network, connectivity can happen anywhere, so secure access needs to be pervasive. Networks and data stacks need to be intelligently segmented to contain threats and control access. Security needs to follow data as it moves laterally and horizontally across the network. And security needs to function as an integrated system in order to identify advanced threats hunting across the network for data to hijack or systems to exploit.
Simplicity: the best policy
All of this is a lot to take on, but it has to be done if you want to keep your staff, data and networks secure. “Fortinet doesn’t believe that the answer to an increasingly complex challenge is more complexity,” says Khan. “You can only keep so many balls in the air at the same time before you start dropping them. The best answer to complexity, ironically, is simplicity.”
Fortinet provides an entire suite of application security tools, all designed them to work together as an integrated and collaborative solution. These different, purpose-built technologies share a common operating system framework, share local and global threat intelligence, can be managed and orchestrated through a single management console, and can automatically coordinate a response to an identified threat anywhere across the entire distributed network environment, from IoT to mobile devices to the cloud.
This approach not only dramatically reduces the complexity of managing and orchestrating an effective application security strategy, but also introduces a level of sophisticated visibility and granular control that has never been available before.
So, when considering how to best combat the escalating challenge of protecting your application infrastructure. also consider that sometimes the cure can be worse than the disease. Overwhelming your security and IT staff isn’t really a strategy. An integrated security architecture, however, is.
For further information, please contact:
Andrew Khan, Senior Business Manager Email: firstname.lastname@example.org M: 021 819 793
David Hills, Solutions Architect Email: email@example.com M: 021 245 0437
Hugo Hutchinson, Business Development Manager Email: firstname.lastname@example.org P: 09-414-0261 | M: 021-245-8276
Marc Brunzel, Business Development Manager Email: email@example.com M: 021 241 6946