Blog

A DIFFERENT PERSPECTIVE ON ENDPOINT PROTECTION

Posted on January 26, 2017 by Advisory Team

Cyber criminals continue their onslaught of attacks with tactical methods constantly changing to evade capture. The statistics tell the story. Eighty-seven percent of IT security professionals surveyed reported their organizations have experienced at least one breach within the past 12 months.1

 

These cybercriminals are successful because they adapt to the changing cyber security landscape.  It’s time for enterprises to take action and make a cyber strategy game change that will turn the tables on cybercrime.  Next generation firewalls could be just the strategy you need to boost your cyber security defense.

 

Traditional Security

Traditional security methods focus on securing the network from unauthorized access, like a fortress wall.  Protection is built using processes and tools like network address translation, access-control lists, stateful firewalls, Intrusion detection/prevention systems, and web application firewalls.2

“Attackers are discovering that finding a weakness to exploit in the wall is becoming more tedious and difficult.  So instead of targeting the wall, cyber attackers are targeting something inside the wall, network users.  Network users are an extension of the network and often times its weakest point… This allows the attacker to gain access inside the network wall, as stated in SANS research.2

 

Shifting the Paradigm

NGFWs shift the paradigm of cyber security. As Fortinet research notes, “ In today’s threat landscape, it is not enough to protect the perimeter, relying on a “trust but verify” approach. The only way to ensure a malicious user isn’t granted access to your network under the cover of “trusted” traffic is to assume a Zero Trust model, in which all network traffic is untrusted.

NGFWs are a critical component of the Zero Trust model, allowing security professionals the flexibility to place protection at the data level and effectively defend against the rapidly changing threats organizations face today.”1

 

What Is a NGFW?

NGFWs combine many of the security controls found in individual point products and embed them into a single solution. These appliances allow security professionals the flexibility to place protection at the data level and effectively defend against the rapidly changing threats organizations face today.3

 

How They Work

In a Zero Trust Network, next-generation firewalls act as “segmentation gateways. ”Unlike traditional firewalls, these powerful appliances can be placed at the center of the network in front of the data they need to protect rather than at the edge of the network, which is a core tenet of Zero Trust. This provides visibility into data access and greatly increases your chances of discovering an intrusion before it escalates into a data breach.3

A prime example of the benefits of segmentation is the Target breach.  It has been traced back to a compromised HVAC vendor remote access credentials (Krebs, 2014). As SANS research notes, adequate internal network segmentation would have prevented an attacker using stolen HVAC vendor credentials from pivoting to Target’s point of sale (POS) system. 2

 

Consider a NGFW

Switching to a Zero Trust approach to cyber security is a commitment. As with any major organizational change it requires gaining internal support across the company, carefully planning and mapping it out, then finally implementing it. 

Next-generation firewalls are a good starting point for implementing a Zero Trust strategy.  According to a recent Forrester survey on global security trends, 50% of midlevel US organizations had implemented NGFWs or had plans to expand their implementation.1

Forrester also notes that before implementing a NGFW, it is important to weigh business and technology considerations, have in-depth insight into your current environment, and fully evaluate and test vendor solutions.

 

An Alternative Option

An alternative option to consider— one that 56% of those who had deployed an NGFW solution would do—outsource the security function.1  DefendEdge is ready to help, working with DefendEdge partner Fortinet, we can help you begin the move to a secure Zero Trust environment.

 

4fortinet.com, “Your Best Defense: Next-Generation Firewalls Enable Zero Trust Security,” November 2015

2 sans.com, “The Edge (of the Network) Is Everywhere, Redefining the Traditional Sense of the Perimeter,” December 2015

3informationsecurity.report, “Forrester Your Best Defense: Next-Generation Firewalls Enable Zero Trust Security,” May 2015

This entry was posted in Blog and tagged Data Breach, Outsource, Intrusion Detection, Systems, Security Breach, Prevention, Fortinet, EndPoint, NexGen, Next Generation Firewall, Zero Trust, DefendEdge, Forrester, Protection, Network Address Translation, Access Control List, Stateful Firewalls, Web Application Firewalls