As the way organisations use the internet continues to evolve, their security infrastructure must adapt, says Andrew Philpott.
The explosive growth of the internet has changed the very nature of business communication. As enterprises invest ever-increasing time and resources into ensuring network availability and performance, the opportunity for catastrophic failures due to security holes becomes more prevalent.
The changing face of enterprise security
Initially, hackers were interested in notoriety. Today the motivation is profit. The result is attacks that stay out of the news but not out of the data stream: while it took 20 minutes for an unprotected computer attached to the internet to be infected in 2004, in 2007 it takes just 60 seconds.
Internet-enabled applications and corporate intranets and extranets are now mission-critical business processes, while the bad guys have become more sophisticated. Blended attacks like spam and phishing have grown rapidly, while insertion of malware on internal networks and the conversion of corporate desktops into zombie computers give intruders unfettered access to the most critical elements of your infrastructure.
Given the rapid changes in corporate IT environments, security on the gateway must have:
- Proactive anticipation of threats to catch them before they cause damage
- Integration across devices and protocols to provide broad protection
- Bi-directional inspection of incoming and outgoing traffic
- Real-time global intelligence with mutual sharing of security intelligence
- Multi-layered defence that incorporates multiple security techniques
Current approaches to gateway security
The core problem for organisations today is that most existing gateway security approaches suffer from one or more of the following shortcomings:
- Protection only against a known universe of problems, which is ineffective against evolving and blended threats
- Disparate point products for various protocols - With the growth of various technologies for communication over the web, companies have been forced to deploy standalone products that perform limited functions
- Protection is limited to the data stream and lower-level protocol
Imperatives for enterprise gateway security
A comprehensive enterprise gateway security infrastructure should have:
- Appliance-based delivery
- Application and content awareness - The gateway needs a deep knowledge of the underlying communication, an understanding of its context and the ability to interpret the content
- Centralised policy, management and reporting
- Bi-directional protection - The security gateway needs to scrutinise inbound traffic in order to block bad traffic while simultaneously performing deep inspection of outbound content to protect against leaks of confidential information or intellectual property
- Proactive protection - With the rapid increase in polymorphic threats, the ability to know immediately what could be dangerous is imperative
- User management and education
- Performance - As traffic volumes increase, the gateways must be able to keep up and scale for performance
- Resiliency - Security gateways should not introduce points of failures to the mission at hand.