Social Network For Security Executives: Network, Learn & Collaborate
Businesses and organizations are fielding more & more next-generation Information Security technologies to reduce their risks as businesses leverage cloud capabilities and from advanced persistent threats. Unfortunately, we see our customers falling into a common Information Technology and general acquisition trap: Significantly underestimating the complexity, cost, and time to complete the Next Generation Firewall (NGFW) fielding.
Purchasing a NGFW is the easy part.
In our experience dealing with Department of Defense programs, we saw this all the time with all types of new technologies being fielded.
At the heart of the problem are two root causes:
Digging deeper into the first problem is actually simple: 1st generation firewalls are unaware of the actual traffic being processing by their rules. 1st generation firewalls basically ask “Can Packet A from Server X be allowed to go to Server Y using this Port?” This simple paradigm doesn’t require much to implement and even less to maintain.
NGFWs are aware of the traffic being processed at a far higher level.[1] NGFWs ask “Is the traffic from Server X allowed to communicate to Server Y if Server X is using an approved application signature, from an approved Source, to an approved Destination, from the set of authorized users, and doesn’t contain malware?”
More complex? Yes. More secure? Definitely.
Because the vast majority of organizations do not know their authorized communications down to the details a NGFW needs, they listen to the sales guy… “Hey, we have a learning mode that will solve it for you…” The learning mode will help—up to about 60% and only for the obvious big things…
These are the challenges that many firms don’t realize when they commit to implementing a NGFW. All the unknowns equal increased time to research, design, and implement.
Failure to do this work will result in having an ineffective firewall or worse yet, your organization unknowingly approves unauthorized traffic (e.g., malware/hackers) to be in your network.
The point of this article is let everyone know implementing a NGFW will take committed resources in addition to the NGFW admin. To be successful before and after the NGFW is in-place, the resources should:
To give an example, for our Large-enterprise class customer with a very large complex footprint, we identified millions of unique communication traffic patterns. These patterns were then grouped into hundreds of thousands of rules with common policy names. Once loaded into the firewall, the separate rules aggregated into 1-2 thousand distinct policies.
Waaaaaaaaaay on the other end of the spectrum is Peak InfoSec. Our footprint is minuscule in comparison, which led to a couple thousand distinct patterns, and six policies.
At Peak InfoSec we strongly encourage all of our clients to pursue NGFW solutions and to:
Once committed, follow the process above and commit time/resources. The last catch is while the workload significantly drops once your organization has the rules built and approved, applications and their signatures change as vendors release new versions. Make sure you plan for ongoing lifecycle revisions to your policies.
[1] Technically, 1st generation firewalls process rules up Layer 4 in the OSI model. NGFWs process up to Layer 7
Post Author: Matthew Titcombe, CEO and Senior Information Security Consultant, Peak InfoSec
This post was initially posted here & has been reproduced with permission.
Started by Priyanka Aash on Wednesday. 0 Replies 0 Likes
What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue
Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies 0 Likes
Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue
Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies 0 Likes
(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue
Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies 1 Like
(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue
# Manageengine Adaudit Plus -vs- Netwrix Auditor
# Rapid7 Nexpose -vs- Tenable Network Security Nessus
# Algosec Firewall Analyzer -vs- Tufin Orchestration Suite
# Hp Arcsight Siem Solutionarcsight Express -vs- Splunk Enterprise Splunk Cloud Splunk Light
# Cisco Meraki Mx Appliances -vs- Fortinet Fortigate
# Cloud Access Security Broker
# Distributed Denial of Service
# Network Advanced Threat Protection
Follow us
© 2021 Created by CISO Platform.
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service
You need to be a member of CISO Platform to join the discussion!
Join CISO Platform