Emphasize on Big Data Visibility for Network Security
By Scott Robertson, Vice President , APAC, WatchGuard
Today’s cyber-attacks and data breaches are more sophisticated than ever. Accidental data loss through employees has made it critical for organizations to look for solutions which can provide real-time visibility to what is happening within their network. Recent data breaches of unprecedented complexity and scale are causing every CISO to re-examine the organization’s network security posture.
The question of how to manage network security in today’s demanding IT infrastructure is one that challenges most CIOs. Typically there are three driving questions behind IT investment “Will this project increase revenue?”, “Will it drive down costs?” or “Can it mitigate any of our risks? One of the fundamental capabilities of a next generation firewall is the ability to identify, manage and report on employee use of applications. This capability provides IT with the tools to be able to manage access to applications both internal and web based. In many organizations access to social networking tools such as Facebook or Twitter is allowed without any control and this arguably impacts employee productivity by distracting their attention every time a new message is received or a posting is made.
So what about risk mitigation? It is interesting to note that organizations assume that the biggest risk of data loss comes from external criminal hackers. Recent research indicates that majority of companies feel that accidental data loss is their highest data protection problem rather than the risk of external criminal hackers. Larger enterprise customers tend to prefer the more complex, sophisticated solution but the mid-sized enterprise customers look for a solution which integrates easy to use DLP capabilities along with other security features.
Data Loss Prevention (DLP) within a corporate email system ensures that the content of outgoing e-mail message is in strict accord with the organization’s confidentiality and regulatory compliance policies. This protects the growing volume of private data that traverses the network to prevent accidental or malicious data leakage in a single solution, without the need for multiple point products. Data loss prevention and privacy tools give the ability to secure the information as needed to maintain policy compliance. It also shares authorized sensitive information securely with business partners outside the company. Most countries are implementing laws to better protect consumer’s data from data leakage when retained in business systems. No one wants to be the next major news headline!
Unlocking Ways to Reap Security in Data Management
Very few NGFW or UTM vendors offer solutions that bundle reporting capabilities that provide visibility into both logs and live network traffic, allowing critical security decision to be made quickly and based on real data.
1. Executive Dashboard – provides insightful views to monitor and analyze network security related to user, application and threat activity.
2. Threat Map – uses IP address geo-location to build a visualization of the dangers in our connected world.
3. FireWatch – an interactive report tool that groups, aggregates and filters firewall traffic in an easy-to-understand form.
4. Standard XTM reports – including compliance reports for PCI and HIPAA, Web reports, Application Control reports, Authentication reports, and more.
The emphasis on big data visibility for network security gives the ability to see and understand how to protect the business, set tight security policy and meet compliance mandates. Just consider the log files of the average user in a day, it can be hundreds if not thousands of lines of data per user, then multiply that by the thousand employees you have in your business and you start to see the challenge that many IT departments face when trying to understand what is going on in their network. There is a need for a visualization tool that aggregates all of the log data and security information and presents it in charts and diagrams that allow for quick interpretation. This provides IT managers and line managers not only the information but the ability to make policy decisions based on that data.
The increasing demand of smart mobile devices like tablets, smartphones and notebooks is driving the BYOD explosion and putting ever-increasing demands on wireless networks. It is now more important than ever to have control over the entire network - both wired and wireless with comprehensive, integrated security policies and increased visibility. At the same time there is a need to secure the virtual environment by shifting from the traditional physical security network to a virtual world. The physical security networks were those traditional networks where the servers and applications were connected with cables. In the virtual world applications and systems reside on the same hardware. This shift requires a new approach to manage security in virtual environments. IT managers need to consider how to segment users and departments and consider virtual firewalling and security solutions coexisting on the hypervisor layer.
When you bring this all together, CIOs are tasked with an ever increasing challenge of how to support business goals and objectives of increasing revenue and managing costs and at the same time mitigate unnecessary exposure to risk. While it may not solve every headache a CIO faces today, a good NGFW or even better a UTM appliance can provide much necessary relief in managing security concerns while also contributing to overall business objectives.