What Security Products are Available to Mitigate Security Threats?
By Philip Mogavero, Vice President of Network Solutions, PCM Inc.
There are a myriad of product solutions to minimize security risk:
Access Control Lists (ACL)
Typically implemented on network devices to determine which users or system process are granted access to a specific device. ACL's are available on most networking devices provided by Cisco, HPE-Aruba and others.
Firewalls create perimeters between trusted and untrusted networks. Firewall's are typically implemented to include a demilitarized zone (DMZ) to allow devices such as web servers which must communicate inside the network and outside the network, Virtual Private Networking (VPN) to allow remote sites to communicate over a secure virtual network traversing the Internet and Secure Socket Layer (SSL) to allow remote endpoint devices to connect securely to corporate sites. Leading solutions in this space include Cisco, Palo Alto, SonicWall, Checkpoint, Fortinet, Sophos, Juniper and more.
Next Generation Firewall (NGFWL)
NGFWL is the next generation of perimeter protection, integrating deep packet inspection (DPI) intrusion prevention system (IPS), encrypted packet inspection and integration with real time threat engines to "blacklist" both known covert signatures and unknown anomalous behavior in real-time. There are several solutions in this area, including Cisco Firepower and Palo Alto Next Generation Firewalls.
Antivirus Protection is software which typically resides on computer endpoints and hosts to prevent signature based attacks from executing. The pool of signatures is consistently updated to attempt to keep pace with operating system and application vulnerabilities and the potential to be exploited. Key solutions are available from Symantec, Kaspersky, Sophos and several others.
Malware Protection is software which typically resides on computer endpoints and hosts to prevent anomalous behavior from executing, along with exploits from compromising these systems leading to remote code execution capabilities which can be extremely damaging. Many of the antivirus solutions provide the ability to contain malware in addition to virus protections. Cisco with their Anti Malware Product (AMP) and Palo Alto with TRAPS have taken this one step further, by connecting and protecting other devices within their security framework such as next generation firewalls, mobile device management and then integrating these devices with real time cloud threat protection engines designed to quickly analyze and triage anomalous behavior to further protect organizations.
Mobile Device Management (MDM)
MDM is software which typically consists of a policy manager, gateway and endpoint security designed to provide identity and secure admission of mobile devices such as tablets and smartphones running Apple IOS and Android operating systems. Solutions are available from Airwatch from VMware, Mobile Iron and Meraki.
Network Admission Control (NAC)
NAC provides layered access based on secure credentials. NAC typically includes a policy manager, enforcement engine and integration into networking and directory credentials to determine who can access what networks and applications within an organization. Given the proliferation of unknown users attempting to gain access to corporate wired and especially wireless networks, NAC provides an excellent way of categorizing access and preventing breach from non-authorized users. Our organization has identified the Identity Service Engine from Cisco and ClearPass from Aruba, along with other services to implement these products. Cisco also offers a solution called StealthWatch which provides ubiquitous visibility to every conversation via Netflow, append users into hostgroups (sales, engineering, etc.) and monitor traffic to notice anomalous change.
Email Security is typically provided via software that sits on a perimeter gateway which offers the ability to minimize digital loss protection (DLP) by preventing critical information from being sent outside an organization, mitigating ransomware by preventing payload execution from unknown applications/hosts and encrypting and archiving data. Several manufactures offer these solutions including Cisco, Forcepoint and others.
Secure Web Content Filtering
Secure Web Content filtering is a solution to control the issue of users who may attempt to connect to sites which are against company policy such as those containing social networking, gaming or adult content. Users can be coerced to connect to such sites that appear to be safe, yet contain malicious payloads that can damage networks. Secure web content filtering prevents users from being their own worst enemy by creating policy and providing protection to keep users from connecting to such sites. Look to solutions from Cisco, Forcepoint and others. Along with these solutions, products such as Cisco Umbrella prevent endpoint systems from accessing known bad web domains whether the users are on or off the corporate network.
Cloud Security Solutions (CSS)
CSS protection is a new set of solutions providing several methods of securing cloud applications and data. Because cloud data lives outside the corporate network, it is not inherently tied to corporate security policy, directories, applications and procedures. By leveraging CSS, security rule sets are extended to popular cloud applications such as Box, Salesforce.com and cloud environments such as Azure, AWS and others. Cloudlock from Cisco and Aperture from Palo Alto are leaders in this area along with others.
Threat Intelligence Clouds
Threat Intelligence Clouds create a sandbox to forward, analyze and mitigate anomalous threats preventing the infection of corporate networks and are typically integrated into NGFWL solutions. When NGFWL or endpoint security systems see anomalous behavior, they immediately quarantine the offending packet and forward it to the threat engine. The threat environment aggregates threat intelligence derived by all supported customers. Threats are evaluated leveraging technology and security analysts to determine if the packet is offensive. If so, signatures and rules are created and forwarded back to the supported security devices to blacklist such packets. This allows for near real-time and continuous security of customer environments. Cisco's Threatgrid/Talos as well as Palo Alto Wildfire provide this solution.
Security Event Consoles
Security Event Consoles are solutions offered by most security vendors to correlate events from their products into a central console. Palo Alto Panorama is an example of such a solution,.
Security Information and Event Management (SIEM)
SIEM solutions correlate security events and logs from a myriad of devices into a central counsel. There are several solutions in this space such as Splunk.
PCM is one of the world's largest IT security reseller's that is constantly evaluating solutions from industry leaders. Our team of security experts offers holistic assessment services to fully understand your security standing. We framework a successful strategy to fulfill your needs while offering professional implementation, monitoring, and management of your environment as it grows and evolves.