Securing the enterprise network

August 16th, 2016, Published in Articles: EE Publishers, Articles: EngineerIT

 

Cybercrime is a real threat to everyone today; no matter the size of your business. It affects everyone who has an identity or a corporate image to protect. It is already a reality in southern Africa with incidents happening on a daily basis.

There is only minimal reporting which we, the public, are aware of by the press and articles being shown in the media. Cybercrime is real and needs to be treated with respect, as you might be the next person or company it affects or, more accurately, like many you may already be a victim but don’t yet know it.

Security solutions for network, endpoint, applications, datacentre, cloud and access have been designed to work together as a security fabric distributed throughout Africa. Investments have been made in the people and technology needed to combat cybercrime on a global basis, and that Fortinet is engaged with many government organisations, large enterprise customers and other vertical customer markets to understand the effects of cybercrime in their day-to-day business operations.

Cybercrime has an impact on all spaces and environments, even down to a person sitting in a public WiFi space or a coffee shop – know as “the borderless networks. Cybersecurity fundamentals remain the same: be aware, protect your data, secure and inspect your communications, and make sure your devices are well protected by passwords, frequent changes to passwords, endpoint protection on your end-user or smart devices and other encryption technologies. It is the same for a user on their home network as it is for a corporate user or government employee; just the level of responsibility for those actions varies slightly.

The latest networking and security technology aimed at keeping customers connected (and offering peace of mind) 24/7/365 is advanced threat protection (ATP). The ATP framework is made up of the following components – a next generation firewall (NGX), a next generation intrusion protection (NGIP) system with FortiGuard cloud services, sandboxing, mail security, web application firewall, management, reporting and threat detection analytics of recorded data. An integrated solution is the game changer.

Computing virtualisation is on the increase in all sectors of the industry to provide scale and price benefits. The benefits are consolidated data clouds and ring fenced solutions offered from a single environment or provider to a multiple of departments, providers of services or customers. The cost associated with a virtualisation solution is compounded by how the solution is built and secured and the performance required from such a system once secured.

Although Fortinet has software for virtualisation and micro segmentation, we still have to consider brute force performance and throughput cost effectively to match the evolution of network speeds, which are on the increase. For this, we need a mixture of virtual machine (VM) and application specific integrated circuit (ASIC) powered hardware. Virtualisation is a real-world solution for efficiency and scale but it comes down to each customers requirement

In order to overcome the challenges and reap the benefits of virtualisation, a security fabric is needed, which connects all the devices from the virtualisation platform to the gateway device to leverage the power of a system to share intelligence, thereby giving customers visibility.

This security fabric shares intelligence and ties it all together to ensure that the system is protected from front to back.

Virtualisation changes the network and server security landscape as all applications are now provided in a single virtual cloud or environment where all types of applications reside: good, useful and bad. This now needs micro segmentation. As explained, network security is a key component to this architecture, whether based on the perimeter to protect it from attacks from the wide area network (WAN) or internet, protecting it from an internal attack, protecting each and every database and application in the virtual environment from co-hosts, or to make the system more agile and efficient. A product developed with VMware to provide security services inside the VM, which bring even stronger security solutions to virtualisation.

Server virtualisation is more secure as all information resides in a single or multiple locations and is serviced through a single connection to the branch offices or internet virtual private network (VPN), which allows control, however, availability is also of key importance. Micro segmentation here is crucial. If this environment is breached for whatever reason, the effects are compounded and business continuity will be adversely affected.

So does virtualisation make traditional security tools obsolete? Well, yes and no. Yes, because traditional security would have been at the perimeter, leaving all the hosts in the virtualised spaces to attack each other at will should they be breached, better known as East-West traffic. And no, as you can still use those traditional security products to protect this environment externally. With the evolution of security virtualisation tools and security you can create cooperative security segmentation in these environments.

As the virtualisation environment grows exponentially in I/O processing, network speeds and throughput will also develop at incremental rates, which is turn will put strain on network security appliances and products. It is a careful balancing act that has to be included when it comes to network planning and budgeting. Choosing the correct placement of these security appliances and software components will be critical.

Contact Lynne McCarthy, Networks Unlimited, Tel 011 202-8400, lynne@nu.co.za

Related Articles

  • A new way of motion control
  • The psychology of colour and how it impacts branding
  • How to compare lighting designs for road and street applications
  • Quantum computing is important for Africa
  • Disparate radio systems threaten public safety