Story image

Application security: Extending the reach of your firewall

26 Jul 2016

Apps. Everyone has plenty. On their smart phones. On their laptops. On their workstations. By 2020, market analysts predict that globally each person will own 26 IP-enabled devices including up to 50 billion IoT devices.

That, of course, includes your staff, guests, their families and, unfortunately, cyber-criminals. And each and every one of those apps represents a possible vector for malware infection.

The challenge is clear: you need to be able to control which devices and users can access your corporate network and which apps they can use to make the connection. “Secure access has to extend beyond the traditional firewall,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “Secure access today is about allowing any device, in any location and at any time to have access to pre-determined sets of data, or to perform specific transactions, based on policy and context.”

Automated security policies

“In such a dynamic environment,” he continues, “it is essential that your network and security infrastructure can automatically profile, classify, monitor and block devices and applications the moment they touch the network. And this policy needs to follow this traffic as it moves across, or even in and out of the network. And this is as essential for mid-sized businesses as for large enterprises.”

What has changed is that application traffic is now pervasive. “Just as the number of apps and devices have grown exponentially,” notes Khan, “the volume of application and transactional traffic has taken off as well. While much of this traffic passes through the traditional perimeter, that border is becoming increasingly porous. At the same time, application traffic is flowing laterally across the network. And unless that traffic is rerouted through the firewall, it is largely not being inspected.”

Thousands of apps? Thousands of threats!

Personal devices now run thousands of apps, many of which are prone to infection. Web applications have become routine and are available in the tens of thousands. And cloud-based applications are being used prolifically by organisations - oftentimes without the knowledge of the company - in a trend that has been dubbed ‘Shadow IT’. Increasingly, firewall deployments simply don’t provide enough coverage for today’s web application threat landscape.

Which means that secure access needs to go beyond just traditional perimeter control. In a borderless network, connectivity can happen anywhere, so secure access needs to be pervasive. Networks and data stacks need to be intelligently segmented to contain threats and control access. Security needs to follow data as it moves laterally and horizontally across the network. And security needs to function as an integrated system in order to identify advanced threats hunting across the network for data to hijack or systems to exploit.

Simplicity: the best policy

All of this is a lot to take on, but it has to be done if you want to keep your staff, data and networks secure. “Fortinet doesn’t believe that the answer to an increasingly complex challenge is more complexity,” says Khan. “You can only keep so many balls in the air at the same time before you start dropping them. The best answer to complexity, ironically, is simplicity.”

Fortinet provides an entire suite of application security tools, all designed them to work together as an integrated and collaborative solution. These different, purpose-built technologies share a common operating system framework, share local and global threat intelligence, can be managed and orchestrated through a single management console, and can automatically coordinate a response to an identified threat anywhere across the entire distributed network environment, from IoT to mobile devices to the cloud.

This approach not only dramatically reduces the complexity of managing and orchestrating an effective application security strategy, but also introduces a level of sophisticated visibility and granular control that has never been available before.

So, when considering how to best combat the escalating challenge of protecting your application infrastructure. also consider that sometimes the cure can be worse than the disease. Overwhelming your security and IT staff isn’t really a strategy. An integrated security architecture, however, is.

For further information, please contact:

Andrew Khan, Senior Business Manager
M: 021 819 793

David Hills, Solutions Architect
M: 021 245 0437

Hugo Hutchinson, Business Development Manager
P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager
M: 021 241 6946

TechOne bringing solar lights to students in need
The company is partnering with charity SolarBuddy to bring solar-powered lights to children in energy poverty to alleviate study stress after dark.
Universal Robots aims for A/NZ growth with new hire
Peter Hern takes on the role of leading customer support, sales and partner development for Universal Robots in Australia and New Zealand.
Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.