Story image

Application security: Extending the reach of your firewall

26 Jul 16

Apps. Everyone has plenty. On their smart phones. On their laptops. On their workstations. By 2020, market analysts predict that globally each person will own 26 IP-enabled devices including up to 50 billion IoT devices.

That, of course, includes your staff, guests, their families and, unfortunately, cyber-criminals. And each and every one of those apps represents a possible vector for malware infection.

The challenge is clear: you need to be able to control which devices and users can access your corporate network and which apps they can use to make the connection. “Secure access has to extend beyond the traditional firewall,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “Secure access today is about allowing any device, in any location and at any time to have access to pre-determined sets of data, or to perform specific transactions, based on policy and context.”

Automated security policies

“In such a dynamic environment,” he continues, “it is essential that your network and security infrastructure can automatically profile, classify, monitor and block devices and applications the moment they touch the network. And this policy needs to follow this traffic as it moves across, or even in and out of the network. And this is as essential for mid-sized businesses as for large enterprises.”

What has changed is that application traffic is now pervasive. “Just as the number of apps and devices have grown exponentially,” notes Khan, “the volume of application and transactional traffic has taken off as well. While much of this traffic passes through the traditional perimeter, that border is becoming increasingly porous. At the same time, application traffic is flowing laterally across the network. And unless that traffic is rerouted through the firewall, it is largely not being inspected.”

Thousands of apps? Thousands of threats!

Personal devices now run thousands of apps, many of which are prone to infection. Web applications have become routine and are available in the tens of thousands. And cloud-based applications are being used prolifically by organisations - oftentimes without the knowledge of the company - in a trend that has been dubbed ‘Shadow IT’. Increasingly, firewall deployments simply don’t provide enough coverage for today’s web application threat landscape.

Which means that secure access needs to go beyond just traditional perimeter control. In a borderless network, connectivity can happen anywhere, so secure access needs to be pervasive. Networks and data stacks need to be intelligently segmented to contain threats and control access. Security needs to follow data as it moves laterally and horizontally across the network. And security needs to function as an integrated system in order to identify advanced threats hunting across the network for data to hijack or systems to exploit.

Simplicity: the best policy

All of this is a lot to take on, but it has to be done if you want to keep your staff, data and networks secure. “Fortinet doesn’t believe that the answer to an increasingly complex challenge is more complexity,” says Khan. “You can only keep so many balls in the air at the same time before you start dropping them. The best answer to complexity, ironically, is simplicity.”

Fortinet provides an entire suite of application security tools, all designed them to work together as an integrated and collaborative solution. These different, purpose-built technologies share a common operating system framework, share local and global threat intelligence, can be managed and orchestrated through a single management console, and can automatically coordinate a response to an identified threat anywhere across the entire distributed network environment, from IoT to mobile devices to the cloud.

This approach not only dramatically reduces the complexity of managing and orchestrating an effective application security strategy, but also introduces a level of sophisticated visibility and granular control that has never been available before.

So, when considering how to best combat the escalating challenge of protecting your application infrastructure. also consider that sometimes the cure can be worse than the disease. Overwhelming your security and IT staff isn’t really a strategy. An integrated security architecture, however, is.

For further information, please contact:

Andrew Khan, Senior Business Manager
Email: andrew.khan@ingrammicro.com
M: 021 819 793

David Hills, Solutions Architect
Email: david.hills@ingrammicro.com
M: 021 245 0437

Hugo Hutchinson, Business Development Manager
Email: hugo.hutchinson@ingrammicro.com
P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager
Email: marc.brunzel@ingrammicro.com 
M: 021 241 6946

Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
Mobile Infrastructure market sees fastest growth since 2014
The report from Dell’Oro shows that while the vendor rankings for the top three vendors remained unchanged with Huawei, Ericsson, and Nokia leading.
HPE unveils AI-driven operations for ProLiant, Synergy and Apollo servers
With global learning and predictive analytics capabilities based on real-world operational data, HPE InfoSight supposedly drives down operating costs.
Deloitte bolsters AWS offerings with CloudinIT
“By joining forces we can help even more organisations adopt cloud technologies and put their customers at the heart of their digital agendas.”
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
Enterprises to begin closing their data centres
Dan Hushon predicts next year companies will begin bidding farewell (if they haven't already) to their onsite data centres.
Citrix acquires micro app platform Sapho
Sapho’s micro applications improve employee productivity by consolidating access to tools, activities and tasks in a simple and unified work feed.
HPE expands AI-driven operations
HPE InfoSight extends select predictive analytics and recommendation capabilities to HPE servers, enabling smarter, self-monitoring infrastructure.