Next Generation Security (NGS)
There is a new generation of threats. Is your infrastructure protected with Next Generation Security?
We can provide a security and governance solutions that address:
- Application visibility and control (Web 2.0 issues). You should have security and privacy safeguards that are fit-for-purpose in the age of Facebook, Twitter, LinkedIn and other social networks. They should also be able to securely enable WebEx, Instant Messaging, remote diagnostics and other technologies that bypass traditional communication protocols.
- Endpoint protection and data leak prevention. As laptops, smartphones, tablets and other devices become an everyday business tool, they are now accessing potentially sensitive information that needs to be protected wherever it is distributed to.
- Regulation and compliance (Governance). Most businesses are affected by regulation to some extent. The need to maintain compliance is essential to protect information and avoid financial penalties or reputational damage.
- Malware attack. The Internet is replacing email as the primary channel for distribution and communication. Malware that is script-based can evade traditional / common antivirus and anti-malware software because of its inherent signature-based weaknessNext Generation Security
Next Generation Security is about having an all-encompassing security posture that protects and controls data being shared in networks without boundaries.
The concept of using multiple appliances and systems to protect your infrastructure is approaching 20 years old. Firewalls are configured to recognise IP traffic sourced from, or destined for, known IP addresses or ports. The rapid increase in browser functionality and active content means that fully-featured, interactive applications - manifesting as traditional web content - are now the norm. This traffic cannot be controlled by traditional port-based firewalling.
Traditional firewalls block IP traffic, not applications.
What is the problem?
Traditional firewalls give limited visibility and practically no control over the embedded applications their users are running. Malicious code running in a browser, or sensitive information leaked via social media are invisible to traditional security. Data is flowing out and applications are flooding in with no alerts, no logging, and no policy checks.
The advent of Software as a Service (SaaS) / Cloud, federated systems, social networking and smart mobile devices has blurred the boundaries between trusted and untrusted sources of applications and data. The complexity of managing this traffic is an immense challenge.
Who is on your network and what device are they using?
Increasingly, the devices being used to access the corporate data and networks may be the private property of the employee, guest or contractor; over which the business has limited or no control. As little as two years ago maintaining secure communications channels in this environment, protecting against malware and making sure that sensitive data is stored properly on such devices would have been impossible.
What is the firewall solution?
Next generation firewalls bring true application awareness combined with all the long established benefits of traditional TCP/IP stateful firewalling and commodity services such as IPSEC VPN termination, high speed and high port density.
Solution Overview
Next generation firewalls can open Ethernet payloads and positively identify content, not just the IP port that it happens to be using or the source IP address it originated from. This allows for the most granular control of traffic possible. And it doesn't matter which TCP/IP port the application is using — application-aware firewalls know precisely what type of traffic they are forwarding, regardless of how it may appear in the well-known or registered port lists.
For example, you can allow your users to access Facebook from the corporate LAN, but not to run embedded games. You can even prevent status updates or any mention of your corporate name in postings or Twitter updates.
Inspect the data, not the flow.
What is the Network Access Control solution (NAC)?
With the advent of intelligent NAC, secure connectivity, independent of devrce and location, has become a reality. NAC allows for the creation of policies which assess the security stature of each endpoint, the privilege level of the user and the environment in which they are connected before making a decision about precisely what level of access to grant, and to which systems.
It is no longer necessary to statically configure "one size fits all" policies per user or application. Switch ports do not need to be manually added to VLANs and context can be taken into account. Modern secure networks have more intelligence, based on how each corporation works, and consequently fewer static barriers between systems.
Heightened security has led to increased flexibility.
The Data Integration approach
- Control applications, not just TCP/IP or UDP traffic
- Centre security on the user, the service, and the context of both
- Identify the location of the user and the device which they are using to access services — permit it but control it
- Allow the traditional boundaries to be removed, safely
- Report on what is relevant, not amass gigabytes of false positive data
How do we deliver this?
- Initial consultation — security snapshot/posture, security solution design
- Proof of Concept
- Vendor solution based on industry leading appliances and intelligent management systems
- Professional services-implementation/training
- DI Watch - 24/7/365 support and maintenance
For more detailed information about our services and to obtain single or multi-year contract pricing, please contact your Data Integration account manager on +44(0)20 8875 6500 or use our contact page.
Download the NGS whitepaper (2.00MB PDF)
Next Generation Security Infographic (1MB PDF)
