Cyber-crime is big business – the average cost of a breach is between $3.8 and $4M in 2016 – and as the stakes rise, digital threats are adapting and evolving to find new ways into your datacenter. Legacy network security systems that only filter by port information at the network perimeter can no longer provide adequate protection.
Attack methods are changing on several fronts:
- Evasive applications that hop between ports are becoming common, so if your firewall screens traffic by port number alone you are open to a lot of risk.
- Traffic is often encrypted, making it difficult to tell if traffic is benign or malicious.
- SaaS applications are on the rise, increasing 46% from 2012 to 2015, and they are often used without sanction by the IT department.
- Your users are targeted through phishing schemes and seemingly innocuous emails are constantly sent that hide malicious content.
Once someone has breached your perimeter, they can install malware and move through your virtualized environment to find sensitive data. If your firewall is only located between the web and your internal network as a routing point, it will not be able to detect this threat rummaging through your data center – you may not even realize that you have unwelcome guests!
Thankfully, firewall technology has made advances to keep up with these threats and Edge Solutions has partnered with several next generation firewall providers to help keep you safe.
So what is a next generation firewall (NGFW)? An NGFW is able to inspect traffic beyond IP address and port number – it can scan all the way up to application level data! This means that if you have a malicious application attempting to hide itself as web traffic, you will be able to identify the application signature and stop it before it can break into your network.
Using this higher level of visibility and intelligence, an NGFW can implement additional services. Streams can be analyzed for viruses and attack patterns. DNS filters can be put in place to ensure that users don’t wander into unsafe territory and to keep data from being extricated to remote sites. Certificates can be installed to provide decryption services and lower the amount of “unknown” traffic. In some cases, vendors can even provide a cloud-based sandbox environment to test any unknown files for threats, providing zero-day threat resilience.
This technology can be deployed across your network – at the perimeter, the branch office, mobile endpoints, the data center, and even within your virtualized environment to provide microsegmentation – and it is often managed easily through a single software application.
If you’re interested in learning more about moving to a true next generation firewall or if you’d like a complementary personalized threat assessment of your network traffic, please contact us today!