Enterprises, governments and service providers are struggling to secure their networks against a growing number of sophisticated attacks. A multitude of security functions such as IPS, DLP, AV, URL filtering, strung across corporate networks and on endpoints (including mobile devices) is the traditional approach. But in practice, this isn’t an integrated strategy – this is a conga line of security deployments that are nearly impossible to manage, unable to communicate with each other and, let’s be honest, creating a growing number of security holes as a result of complexity.
Let’s look at why this is so and why other consolidative approaches, such as unified threat management (UTM), aren’t solving the core problem.
The security holes mentioned above are a direct result of disparate security technologies not communicating with each other, multiple security rule bases, lots of manual management, and other management challenges.
These conga lines form from reactive security thinking. Stop me if you’ve heard any of these before:
- “The most common ports used in our company are the following – let’s block the other ports with a firewall.”
- “Web-based attacks are most frequent – we should deploy a proxy.”
- “The company next door had a data breach – we need a DLP solution.”
Security deployed this way is not only incredibly difficult to manage and maintain with multiple security rule-bases, but also creates enormous strains on network resources because every individual deployment conducts its analysis without sharing information with another. It is very hard to reconcile policies to find security holes that may be present in the network – but it’s these holes that are leaving organizations open to attack.
What we commonly think of as “unified threat management,” or UTM, doesn’t solve the problem because UTM is really conga line in disguise. While offering streamlined deployment within a single piece of hardware, the basic concept of the technology conga line still holds true with the same inefficient in-series analysis of traffic, with individual defenses activated based on needs but without interacting with each other.
Truth be told, today’s and tomorrow’s cybersecurity starts with complete application control regardless of port. Cybercriminals are utilizing applications as the vehicles to infiltrate networks, and once on the network, common applications such as netbios, ftp, webdav are used to steal your data. They also employ port-hopping capabilities, leaving standard, port-based controls found in traditional firewalls useless.
Palo Alto Networks Security Platform provides powerful security by identifying all applications, regardless of port, checking all content contained, and connecting these applications to users by names. These capabilities provide valuable context that can be used to exert more granular control over the network and prevent threat activity.
We determine the application irrespective of port, the content within the application, whether it is malicious or not and the user in a single pass, eliminating the need for the conga-line approach to security, whether UTM or not. Technologies can learn from each other due to the close integration, enabling more powerful, granular control over the entire network.
The fact that all of this can be done with a single security rule base further reduces policy complexity and the risk for errors (holes) in that security rule base. Palo Alto Networks allows you to strike an appropriate balance between blocking all traffic and allowing all traffic with firewall policies that use business-relevant elements, described above, as a more meaningful way to control network access and grow your business. You can build firewall policies that are based on application/application feature, users and groups, and content, as opposed to port, protocol and IP address.
Learn more about Palo Alto Networks next-generation security platform and our single pass architecture here.
[Palo Alto Networks Blog]