What firewalls can’t fix – and what to do about it

Back in the early days of the Internet, firewalls were invented to keep out the bad guys — similar to an electric fence around a building compound. But times have changed.

Evolution of network threats

Firewalls have evolved and become much more sophisticated. So, too, have hackers and malware. Organizations have more complex networks, ubiquitous Wi-Fi, mobile workers, cloud apps and bring-your-own-device policies. Enter the Internet of Things — where almost any inanimate object can have an IP address — and cyber-security is getting awfully difficult to manage these days.

A next-gen firewall should be part of every organization’s cyber-security arsenal, providing a basic line of defence by allowing or blocking access to the corporate network. NG firewalls are not the be-all-end-all, since hackers have found ‘back doors’ into even highly secure networks.

Using IT vulnerabilities or social engineering attacks, the bad guys are able to slip past the firewall and hover around, gathering data, and in some cases exit and enter at will. Most breaches aren’t noticed for weeks or months at a time — and that’s a lot of data gathering.

“Forget the gate and drawbridge idea, there are now hundreds of potential entrances to the castle because businesses are connected to customers, suppliers, and employees over the internet. Not only that, but it’s as if everyone who comes in and out of the castle has a key to unlock all the doors as well.”

Matthew Wall, BBC News

Social Engineering attacks

Social engineering attacks — which manipulate users into handing over sensitive data or clicking on malicious links — are becoming more commonplace, in part because they’re so effective. They’re also becoming increasingly sophisticated.[pullquote cite=”Saryu Nayyar, InformationWeek”] “One new employee, one new contractor, one new business associate. That’s all it takes to own a target. Keystroke loggers and botnet malware will do the rest.”[/pullquote]

User training is helpful (and necessary), but it’s not 100 percent effective. “When a threat actor launches an attack that is planned to take months or years to carry out, all they have to do is spam and wait,” writes Saryu Nayyar in an article for InformationWeek’s Dark Reading.

She argues that security awareness alone won’t stop hackers. As all it takes is one individual falling victim.

Outdated Applications

Hackers can exploit vulnerabilities in software or applications (particularly older versions that haven’t been patched). Or, they can target BYOD devices that aren’t properly managed. They can even target air-gapped computers — ones that are physically isolated from unsecured networks — that are often used in military, financial and critical infrastructure networks.

Indeed, a recent Wired article points out that researchers in Israel were able to steal data from air-gapped computers. “To steal data from them an attacker generally needs physical access to the system — using either removable media like a USB flash drive or a firewire cable connecting the air-gapped system to another computer,” writes reporter Kim Zetter in Wired. “But attackers can also use near-physical access using one of the covert methods the Ben-Gurion researchers and others have devised in the past.”

Detect and resolve intrusions

It’s not all doom and gloom, though. Many industry pundits say the focus shouldn’t be on keeping hackers out. Instead, it makes more sense to stay informed of new threats, analyze vulnerabilities, recognize when a breach has occurred and stop it before any real damage is done.

In addition to a firewall and anti-malware, organizations should consider anti-exploit tools that can recognize when an attack is launched — so they can stop it before malware is installed. When it comes to backdoor attacks, network monitoring is key; network admins are flagged when something is ‘off.’

For many organizations, especially smaller ones, this is a tall order. It requires skilled expertise — hence, time and money — which they probably don’t have in-house.

[x_line]
[prompt type=”left” title=”Secure your network today!” message=”Are you interested in a Security Event Management (SEM) solution that actively monitors and actions live threats on your network? See how you can achieve enterprise-grade security at a fraction of the price. Check out our Secure I.T.™ page for more details!” button_text=”View our SEM solution” href=”http://www.jolera.com/secureit”]
[x_line]

It can be difficult for companies to find talent to secure each of their vulnerable areas, writes Sharon Florentine in an article for CIO.com. That’s where a managed security solution provider comes in. “An MSSP can cover all the security bases for a company: firewalls, intrusion detection and intrusion prevention solutions, security event and incident management, managed vulnerability and identity management solutions — even first-level incident response.”

[bctt tweet=”A next-gen firewall is a must. But relying on that firewall will leave you with gaps — er, back doors.” username=”jolera”] At some point, an intruder is going to find a back door into your network; the key is knowing when it happens, so you can take action before it’s too late.

[x_line]
[content_band bg_pattern=”https://www.jolera.com/wp-content/uploads/2016/05/crossword.png” border=”all” inner_container=”true”] [custom_headline style=”margin-top: 0;” level=”h4″ looks_like=”h3″]About Jolera[/custom_headline] Jolera is a Toronto-based technology hybrid aggregate service provider focused on network architecture and IT solution service and delivery. Jolera is dedicated to innovating the cloud and managed service market space with disruptive solutions for customers, the channel, and the tech and telecom industries around the world.
[x_button shape=”square” size=”regular” float=”none” target=”blank” info=”none” info_place=”top” info_trigger=”hover” class=”mtm” href=”http://www.jolera.com/about”]About Jolera Inc.[/x_button][/content_band]

SECaaS Introduction

Maximize Appliance Utilization

At Jolera we are heavily invested in pushing our carefully chosen security appliances to their full potential. This month we worked extensively with our system engineers and Managed Services team to thoroughly review our Managed Security as a Service (SECaaS) offering.  We believe our efforts have now resulted in a service that provides unparalleled security on a budget. The focus of this service is to provide our channel partners with a cost-effective solution they can trust and improve their time in the market.

Purpose of Firewalls

Firewalls are devices that sit at the edge of every IT infrastructure, protecting it from any sort of malicious activity.  Firewalls are a necessary part of every IT infrastructure. They assure that both the network and its users are secure. The firewalls do this by ensuring that only trusted data packets are allowed to enter into the environment.

 Next Generation Firewalls

Jolera manages and supports all types of NG firewalls that are available in the market today. The latest breed of firewalls are called the Next Generation (NG) firewalls. These firewalls provide deep packet inspection at a layer 7 level in the OSI model.  Layer 7 is also known as the application layer, this is the layer at which the data that has crossed across your network (through the cables, routers and switches) to your computer and is being read by the software on your computer. However even before the data gets within your network, the NG firewall inspects the data by pretending to be a computer software/application, and tests to see if the data is safe or malicious. Only after the inspection is successfully completed does the firewall allow this data into the network it is protecting.

This inspection process could be visualized as a series of labeled cargo containers being transmitted over the network.  In the past firewalls would only look at the container labels, read the labels and pass on the boxes. The NG firewalls open the containers and examine the contents before passing it along into the network, hence the term deep packet inspection.

Utilizing the SECaaS “Human Layer”

Firewalls are always communicating how they are interacting with incoming traffic and display this information using “log files”. The log files are always being populated and can get pretty big and complicated, but they contain valuable analytical data. Logs are kept of all the different type of traffic going through the firewall – both inbound and outbound. This is the granular level at which we attach our SECaaS offering to ensure proper management of your firewall. This is also the point at which our Human Layer intervention comes into play. By constantly monitoring what the firewall is doing, based on the log files; our Network Operations Center (NOC) team technicians perform maintenance and remediation of a given IT infrastructure. This service may also be referred to as performing Live Security Event Management.

Preconfiguration vs. Live Security Event Management

Cost

An out of the box firewall comes configured with basic, default configurations which are not customized for a unique  IT infrastructure. Most firewalls come with a configuration console that can only be managed by a seasoned security expert. Obtaining such expertise and working to perfect the firewall setup configuration based on your unique IT infrastructure needs can be a challenge and costly. Jolera’s SECaaS offering provides you with Live Security Event Management on a monthly subscription base, allowing you to fill security holes as they happen – in real time.

With our Live Security Event Management, specializing in zero-day threats – clients pay per use, rather than paying a large amount upfront, and hoping that you covered all your bases.  We use analytics and statistics to determine facts, and take remediation actions – all in real time.

Consistency

Once the configuration is completed by a security expert – that is it. Another individual within the company is required to monitor and maintain the device for software and firmware upgrades, to make sure the device is online all the time, and to create new policies for new types of vulnerabilities. With Live Security Event Management you can rest assured that all of the security vulnerabilities are being monitored, maintained and patched – 24/7/365.

Everything is in real-time, protecting you against threats as they happen, keeping you one step ahead of the threats at all times. This is possible due to our 24/7/365 Network Operations Center constantly monitoring, maintaining and patching your firewall.

Dynamic

A preconfiguration is based on plans, theories and expectations – it stops at the preventative stage. Live Security Event Management adds another layer of protection as it is dynamic – it constantly evolves against the threats. Viruses constantly evolve, allowing new vulnerabilities to appear; sometimes so vast that when not acted upon in real time, no amount of planning and pre-configurations can stop them from causing serious harm. By having a team of trained security experts these vulnerabilities can be identified ahead of time, and acted upon in real-time.

You don’t see the damage an intrusion has done until somebody is unable to do their work, in a typical IT infrastructure. Usually it is somebody calling in at a help desk line saying their credentials don’t work, something very minor. But upon deeper inspection these minor events turn out to be something as critical as a cryptolocker or a ransomware, which for any organization can be disastrous.

Reseller Options

Jolera’s SECaaS is a part of our Secure-I.T. product offering. VARs and channel partners are encouraged to recommend both services as a bundle to their clients to ensure complete security. More information about our security product and service can be found on the Secure-I.T.™ products page.

How much did you say?

Target reimburses $39 million to MasterCard Inc.

On Dec 2, 2015,  Target Corporation in the US announced it had agreed to reimburse MasterCard Inc. and other U.S. financial institutions a total of about $39 million to settle claims brought against the retailer in connection with its massive 2013 data breach.

This settlement comes on the heels of a $67 million agreement Target struck in August with Visa Inc. on behalf of banks and other firms that issue credit and debit cards.  Combined Visa and Master Card implications at Target are around $ 106 M.  While the final numbers will likely be buried somewhere in an annual report a year or two down the road,   total Target loss estimates vary widely. We can all agree however that you have to sell a lot of bread to recover this kind of bread.

Target’s data breach exposed 40 million credit and debit cards to fraud during the 2013 holiday season. The Minneapolis-based company’s breach ranks among the most high-profile data incidents to hit retailers in recent years.

Other costly breaches at other well-known merchants include Home Depot Inc.,   luxury retailer Neiman Marcus Group, and  P.F. Chang’s China Bistro chain.  Dollar figures from the web are not terribly accurate as civil suits continue to wend their way through the US courts.  Liability and class actions suits can take years to finalize.

Our earlier posts on Cybersecurity generated many positive responses and asked that we provide some sort of mechanism for our readers to measure what they are facing.  We all certainly are not Target Stores with annual sales of $ 72.6B USD. So how does the Small to Medium sized business get a handle on the cost of a data breach?  Jolera has found the Ponemon Institute’s Canadian Data Breach  Study May 2015  most informative.  This report was sponsored by IBM but produced independently by the Ponemon Institute.   Verizon’s  2015 Data Breach Report  contains much useful information as well.

We can distill much of the information and there are many inexpensive fixes you can do tomorrow to shore up your defenses.

40% of the Solution is Not Rocket Science 

Some of the suggestions are things your sensible mother would have mentioned had you asked the question.  Lock the machine when you leave your workstation, make sure no one is looking over your shoulder, use passwords whenever feasible to protect data.  The Ponemon Institute has categorized some security measures which are easily managed and can have a significant impact on your security posture.   Admittedly some of the solutions require a discipline and internal surveillance which may impose a “cost” however there are relatively inexpensive quick wins which will you get some distance down the road.

 

40% of the solutions fall into the quick fix category, they are no-brainers.

So now you are probably doing some mental gymnastics weighing the cost of implementing and monitoring some of these solutions at your place.  The IBM has a blunt tool to help you estimate the cost of a major data breach at your business.  The numbers can be scary and, of course, there is always the hurdle of getting the C-Suite on-side when dealing with intangibles.

Let me suggest a possibility.  Get the Jolera team to lend a hand.  We have over 100 high-tech minds,  and 10,000s of hours of practical hands-on experience to place at your disposition.  Together we can be formidable.  No matter how complex your IT questions we can help you take decisive action and achieve those “elusive” results.