Skip to main Content
Default

Next Generation Security

What do we mean by Next Generation Security (NGS)?

NGS is about having an all-encompassing security posture that protects and controls data being shared in networks without boundaries.

Why is NGS needed?

The concept of using multiple appliances and systems to protect your infrastructure is approaching 20 years old. Firewalls are configured to recognise IP traffic sourced from, or destined for, known IP addresses or ports. The rapid increase in browser functionality and active content means that fully-featured, interactive applications - manifesting as traditional web content - are now the norm. This traffic cannot be controlled by traditional port-based firewalling.

Traditional firewalls block IP traffic, not applications.

What is the problem?

Traditional firewalls give limited visibility and practically no control over the embedded applications their users are running. Malicious code running in a browser, or sensitive information leaked via social media are invisible to traditional security. Data is flowing out and applications are flooding in with no alerts, no logging, and no policy checks. The advent of Software as a Service (SaaS) / Cloud, federated systems, social networking and smart mobile devices has blurred the boundaries between trusted and untrusted sources of applications and data. The complexity of managing this traffic is an immense challenge.

Who is on your network and what device are they using?

Increasingly, the devices being used to access the corporate data and networks may be the private property of the employee, guest or contractor; over which the business has limited or no control. As little as two years ago maintaining secure communications channels in this environment, protecting against malware and making sure that sensitive data is stored properly on such devices would have been impossible.

What is the firewall solution?

Next generation firewalls bring true application awareness combined with all the long established benefits of traditional TCP/IP stateful firewalling and commodity services such as IPSEC VPN termination, high speed and high port density. Next generation firewalls can open Ethernet payloads and positively identify content, not just the IP port that it happens to be using or the source IP address it originated from. This allows for the most granular control of traffic possible. And it doesnt matter which TCP/IP port the application is using application aware firewalls know precisely what type of traffic they are forwarding, regardless of how it may appear in the well-known or registered port lists.

For example, you can allow your users to access Facebook from the corporate LAN, but not to run embedded games. You can even prevent status updates or any mention of your corporate name in postings or Twitter updates.

Inspect the data, not the flow.

What is the Network Access Control solution (NAC)

With the advent of intelligent NAC, secure connectivity, independent of device and location, has become a reality. NAC allows for the creation of policies which assess the security stature of each endpoint, the privilege level of the user and the environment in which they are connected before making a decision about precisely what level of access to grant, and to which systems. It is no longer necessary to statically configure one size fits all policies per user or application. Switch ports do not need to be manually added to VLANs and context can be taken into account. Modern secure networks have more intelligence, based on how each corporation works, and consequently fewer static barriers between systems.

Heightened security has led to increased flexibility.

The Data Integration approach

  • Control applications, not  just TCP/IP or UDP traffic
  • Centre security on the user, the service, and the context of both
  • Identify the location of the user and the device which they are using to access services permit it but control it
  • Allow the traditional boundaries to be removed, safely
  • Report on what is relevant, not amass gigabytes of false positive data

How do we deliver this?

  • Initial consultation security snapshot/posture, security solution design
  • Proof of Concept
  • Vendor solution based on industry leading appliances and Intelligent management systems
  • Professional services- implementation / training
  • DI Watch - 24/7/365 support and maintenance

More information

For more detailed information about our services and to obtain single or multi-year contract pricing please contact your Data Integration account manager on +44 (0)20 8875 6500 or email info@dataintegration.com.

Get your free copy of Gartner report on Next Generation Firewalls.

Download Data Integration Next Generation Security (1,891KB, pdf)