by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October 2014
As cyber threats evolve, do firewalls still have a role? THE FIREWALL, almost from the beginning, has been the keystone device for any organization’s cybersecu- rity program, and in many cases it still is. However, with the evolution of threats now aimed at organizations, the traditional firewall can no longer handle the most sophis- ticated attacks. But next-generation firewalls can. Or at least they pro- vide the basis for a more complete enterprise cyberse- curity plan. By including things such as application and deep packet inspection (DPI), they combine the capabili- ties of existing stateful firewalls with those of intrusion- detection and -prevention devices, and add capabilities such as malware filtering and Secure Sockets Layer (SSL) inspection. The traditional firewall was not designed to look beyond IP addresses, ports and protocols, said Jeff Falcon, a senior solutions architect at CDW, which gives them a very limited ability to provide security for applica- tion classification and control. That’s a key need today, as organizations need to know who is using certain applications and the data they can access. A widely accepted description of next-generation fire- walls by Gartner Research defines a range of minimum capabilities they need to have: • Non-disruptive, in-line configuration. • Standard legacy firewall capabilities, such as network- address translation, stateful protocol inspection and virtual- private networking. • Integrated signature-based intrusion prevention system engine. • Application awareness, full stack visibility and granular control. • Ability to incorporate intelligence from outside the firewall, such as directory-based policy, blacklists and white lists. • Upgrade path to include future information feeds and security threats. • SSL decryption to enable identifying undesirable en- crypted applications. With next-generation firewalls, “an organization may now begin to shift from a static ‘on-off’ switch for ports, protocols and known URLs to more of a dimmer switch strategy for safely on-boarding applications,” Falcon wrote in a recent blog post. Most next-generation firewalls are also designed to help organizations maximize the cloud, support malware analy- sis and sophisticated sandboxing techniques, and enable true IPS capabilities in a single architecture, he said. Application awareness is one of the more significant differences between next-generation firewalls and their ancestors. With that, IT administrators can get visibility into network traffic based on such things as information on actual users rather than just IP addresses, in addition to details on potential threats associated with certain applications. Allied with DPI and intrusion detection, security can be based on patterns of activity rather than just blocking certain ports, which can obstruct necessary traffic along with that which might contain malware and other threats. Administrators can detect how certain applications behave and build knowledge of threats based on that, which is the signature of today’s more sophisticated, targeted attacks. They can also build up information about how and when certain applications are used, giving them a better idea of when to allow the use of various non-essential applications and what they need to throttle back when the network is needed for more critical applications. • GET THE FULL REPORT ONLINE AT: GCN.com/CDWGCybersecurity Get More Online... Mobile Strategies Report Articles: DLP remains high on the list of cybersecurity priorities Attitudes about cloud security continue to evolve Mobility requires diligence about malware APTs: Changing the security mind-set SPONSORED REPORT: SNAPSHOT CYBERSECURITY
November and December 2014