By Marc Solomon
Threats have evolved. Most security technologies have not. Companies need to look at new, innovative security solutions to effectively combat increasingly sophisticated threats in today’s dynamically changing IT environments.
Analysts have branded these new solutions as “Next-Generation.” However, some solutions claiming to be “next-generation” integrate various security components, all of which may not be truly advanced. For example, most next-generation firewalls (NGFWs) include signature-only IDS or first-generation IPS, not Next-Generation IPS (NGIPS). Unaided by any form of contextual awareness or platform-level integration, these solutions can’t optimize enforcement decisions.
A Gartner paper released on October 7, 2011, entitled, “Defining Next-Generation Network Intrusion Prevention” points to this, stating: “Next-generation network IPS will be incorporated within a next-generation firewall, but most next-generation firewall products currently include first-generation IPS capabilities…Mainstream enterprises over time will refresh existing next-generation firewall deployments with future versions with next-generation network IPS capabilities.”
As vendors and customers alike refresh existing systems, they must recognize that simply upgrading to advanced functionality isn’t enough—it must be incorporated without sacrificing performance or quality.
When evaluating security technology, look under the hood to make sure you’re getting a solution built with a next-generation mindset. Solutions that uphold these four tenets to effective security innovation will help ensure protection and performance:
1 – Complex threats require greater visibility.
You can’t protect what you can’t see. Network security solutions that are configured to standard “default” policies are blind to changes on the network. As new systems and applications emerge, most security systems won’t even notice, let alone respond. Network behavior—such as unexpected connections and sessions, an important sign of a possible breach—passes unnoticed. For thorough protection, security organizations need to fully understand their networks and the frequent changes occurring within. This requires asset mapping, contextual awareness, cross-source correlation, and total network visibility – and, importantly, the ability to continually analyze and respond to change as it occurs. Only in this manner will we eliminate blind spots that provide attackers the opportunity they seek.
2 – Control shouldn’t require compromise.
When the category of NGFW first emerged, vendors added application control to the access control capabilities provided by traditional firewalls and then bolted-on first-generation IPS. This isn’t enough to provide the level of threat protection organizations need today. While a low-latency firewall is a core component of any NGFW, many security professionals agree that threat prevention is paramount for NGFW solutions. A new Ponemon Institute study of NGFW implementations in organizations across 15 different industries showed:
• Threat prevention ranked as the most important feature of their NGFW for data protection
• Firewall ranked as least important feature for data protection
• Most organizations deploy NGFW to “augment” (not replace) existing firewall infrastructure
Confidence is waning in these cobbled together solutions that fail to provide the level of control needed for effective protection. Blanket policies alone (e.g. block all social media site access for all users) will likely meet strong resistance and/or lead to excessive false positives that become the bane of security and user organizations alike. A solution that provides fine-grained controls and allows detection and response customization is required.
3 – Automate security for agility.
Threats evolve too rapidly for manually tuned defenses to keep pace. IT consumerization, device mobilization, virtualization and cloud-based computing create a fluid, boundless world to secure. Customers need the agility to stay protected despite the rapid changes and complexity; security automation is the key to keeping pace and discerning what really matters.
New risks can be acted on quickly by tuning security defenses automatically—this can entail auto-applying additional signatures, auto-blocking unknown applications or users, auto-triggering authentication or remediation workflow, etc. Automated event analysis and assessment can also reduce actionable events, concentrating security staff remediation efforts on items of greatest importance. By automatically assessing changes and in turn tuning security policy, organizations can adapt responsively to ensure they maintain their security posture and stay protected.
4 – Maintain flexibility and openness.
Ensuring your solution is based on a progressive security architecture is critical to future success. Additional security functions may be required to meet new threats – if the engine has sufficient power, the desired functionality can be layered on without under cutting the system as a whole. Solutions built to be future proof have the flexibility and performance at the engine level to grow and scale with your needs and address new security requirements as they emerge.
The Ponemon study referenced earlier found that 62 percent of current NGFW users surveyed suffer performance degradation when a first-generation IPS is deployed as part of the NGFW device. This underscores the importance of ensuring that when current integrated security solutions refresh to include the latest advanced security capabilities, for example NGFWs adding NGIPS, they do so without sacrificing performance.
Integrated security solutions can evolve to deliver protection and performance by maintaining a commitment to total network visibility, control without compromise, intelligent security automation and a flexible architecture. By using these four tenets as a guidepost you’ll have a clearer understanding of whether a security solution is next-generation through and through, ensuring optimal defenses today and into the future.
