Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    Solving new information security threats with Next Generation Firewall

    As well as the myriad of existing information security threats, many more are emerging from across the world. So on top of old threats, we also have new information security threats to be concerned about. Unfortunately, existing technologies can’t always cope with these new threats. In recent years, cybercrime has evolved and the level of sophistication of internet-based threats has increased dramatically. We believe that next generation security is the solution and below, we talk you through how it works.
    More and more frequently, hackers are preying on the vulnerabilities exposed through legitimate traffic and genuine users. Hackers are now aiming attacks at weaknesses found at the application layer in order to do some damage. Traditionally firewalls have a shortcoming in that they are network port-based, which means they have very little understanding of traffic at higher layers. They basically can’t “inspect” legitimate application traffic to see whether it is being used for normal purposes, or for an attack.
    However, new firewalls have gone up a gear in response to new threats. Known as Next Generation Firewalls, or NGFWs, these address shortcomings of previous firewalls, by providing additional functionality. This means the NGFWs can look deeper into the data that is carried by an application. This way, it can seek out known exploits, vulnerabilities and malware and find out if it is being used for an attack.
    Not only are NGFWs ready for sophisticated attacks, they are also very easy to use. NGFWs, such as those from Fortinet, are an integrated security platform. They operate at wire speed providing features like signature based intrusion prevention system. This feature uses “signatures” that match attack patterns. Other features include SSL (Secure Sockets Layer) inspection, application awareness and control. NGFWs also include traditional “stateful” inspection that characterises traditional firewalls and keeps track of the state of network connections.
    Top drivers for moving to a NGFW
    Research from 2014 showed the main reasons for moving to NGFW were increased use of social media, BYOD and more use of public cloud services such as Dropbox.
    There is a whole host of reasons to move to NGFW. Almost a quarter of organisations made the move to deal with sophisticated threat environments, such as APTs (Advanced Persistent Threats). Other reasons included consolidation of security functions, higher incidence of data breaches and security attacks.
    For organisations that are still using traditional firewalls and don’t plan to change, fear not. As an alternative solution they could add further point security solutions, for example, IPS (Intrusion Prevention System), URL filtering, antivirus of antimalware to their current firewall. Ideally they should look to replace their existing solutions with NGFW. From our team’s experience, the security and ease of use of an integrated NGFW platform outweighs the complexity and cost of multiple security platforms.
    This isn’t the end….
    Because it is such an interesting and evolving landscape, we will have more blogs for you on the topic of next generation security. Stay tuned and sign up to our newsletter to make sure you don’t miss out. Don’t forget to follow us on Twitter and LinkedIn.

    Insights

    State of the CIO – The good, the bad…

    Business and tech don’t see eye to eye, CIOs are fighting a turf war with other C-level executives and there is also an ongoing battle for tech talent. Happily, information security is a bigger priority for CEOs in 2015. So says results from the CIO.com survey involving hundreds of CIOs from various industries. Here are some of the main points:

    • On the positive side, 68% of CIOs said they have mutually shared measurable goals with other C-level executives
    • More than 75% of CIOs say they expect to collaborate on a business initiative with CFOs, COOs or CMOs
    • However, 33% of CIOs believe other departments see the IT department as an obstacle to their goals
    • 37% of business decisions-makers say the CIO is being sidelined in their company
    • 56% of CIOs expect to experience IT skills shortages in the next 12 months
    • In 2014, security was No. 8 on the CEO’s top priorities list. However, in 2015 it jumps to the 4th spot
    • However, CIOs in the retail industry are less likely to give security top priority than CIOs in some other industries
    • 23% of CIOs say that increasing cyber security will be the most significant reason for IT investments this year
    • 18% of CIOs in the retail, wholesale and distribution industries see security the same way

    You can download the full report from CIO.com here.

    Insights

    Ward Solutions predicts growth in BYOX and managed security…

    It’s 2015 and we’ve got our crystal balls out to make predictions for information security in the next 12 months.

    • More spend on BYOX
      We predict there will be an increase in spending on BYOX or mobile security in 2015 due to the volume and variety of mobile devices used by staff. The use of mobile devices continues to grow and there is added pressure on companies to accommodate this within their security policies. Appropriate security technologies and guidelines need to be put in place to enforce mobile security controls.
    • Growth of managed security services
      We predict that more companies will seek managed security services this year. In 2014, we saw our managed security services offerings grow by more than 25%. Organisations are increasingly looking to dedicated managed security service providers to outsource security services due to the cost and difficulty of managing security internally.
    • Increase in internal security incidents
      We forecast an increase in internal security incidents, either intentional or accidental from employees, or trusted third parties, resulting in more focus on insider threat programmes for companies.
    • Theft of privacy information
      Hacking is an increasing threat as very public incidents with Sony and Target have reminded us. This year, we expect theft of private information and data on devices to be one of the biggest issues facing consumers. Research shows that 92% of users store private information on their devices and loss or theft of this data would pose serious consequences. Ransomware infections which attempt to extort money from internet uses are expected to be a major concern for consumers in 2015. Last year, extremely sophisticated phishing and spear phishing targeted individuals and resulted in stolen passwords, credit card details and fraudulent eBanking activities.
    • Security for outsourced functions
      In many cases where organisations outsource functions, proper security measures do not exist. It is critical that the security policies and processes surrounding outsourced functions are in place in order to avoid breaches and data leaks.
    • More “cloud first” strategies
      When it comes to cloud, we anticipate that more businesses will adopt “cloud first” strategies in 2015 due to their cost effectiveness and agility. However, a better understanding of security issues and challenges associated with cloud computing is needed to ensure successful outcomes.
    • Move to hybrid cloud
      More companies will move to hybrid cloud, where some services are moved to cloud and others are kept on-premise. It is cost effective and a low barrier to entry to cloud computing. It also means more sensitive information can be kept on-premise while less sensitive information can be kept in the cloud.

    Subscribe to our newsletter now to stay current with all things information security in 2015.