LATEST INTELLIGENCE
PROTECTING YOUR NETWORK
FROM THE INSIDE-OUT
Internal Segmentation Firewall (ISFW)
F
or the last decade organisations have been trying
to protect their networks by building defences
across the borders of their network. This includes
the Internet edge, perimeter, endpoint, and data centre
(including the DMZ). This ‘outside-in’ approach has been
based on the concept that companies can control clearly
defined points of entry and secure their valuable assets.
The strategy was to build a border defence as strong as
possible and assume nothing got past the firewall.
As organisations grow and embrace the latest IT
technology such as mobility and cloud the traditional
network boundaries are becoming increasingly complex to
control and secure. There are now many different ways into
an enterprise network.
Not long ago, firewall vendors marked the ports on their
appliances ‘External’ (Untrusted) and ‘Internal’ (Trusted).
However, advanced threats use this to their advantage
because, once inside, the network is very flat and open. The
inside of the network usually consists of non-security aware
devices such as switches, routers and even bridges. So once
you gain access to the network as a hacker, contractor
or even rogue employee, then you get free access to
the entire enterprise network including all the valuable
assets. The solution is a new class of firewall – Internal
Segmentation Firewall (ISFW), that sits at strategic points
of the internal network. It may sit in front of specific
servers that contain valuable intellectual property or a set
of user devices or web applications sitting in the cloud.
Once in place, the ISFW must provide instant ‘visibility’
to traffic traversing into and out of that specific network
asset. This visibility is needed instantly, without months
of network planning and deployment.
Most importantly the ISFW must also provide
‘protection’ because detection is only a part of the
solution. Sifting through logs and alerts can take
weeks or months; the ISFW needs to deliver proactive
segmentation and real-time protection based on the
latest security updates.
Finally, the ISFW must be flexible enough to be placed
anywhere within the internal network and integrate with
other parts of the enterprise security solution under a
single pane of management glass.
Other security solutions can also provide additional
visibility and protection. This includes the email gateway,
web gateway, border firewalls, cloud firewalls and
endpoints. Further, Internal Segmentation Firewalls
need to scale from low to high throughputs allowing
deployment across the global network.
Download white papers free from www.intelligentcio.com/africa/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
15