Improve

As we approach Thanksgiving in the U.S., the one thing I look forward to the most — aside from turkey and spending time with my family — is football. As I watch the games, the security geek in me can’t help but notice some parallels between football and network security, particularly firewalls and intrusion prevention.

Network Security Playbook

During a passing play, for example, the tailback needs to protect the quarterback from any defender who breaks through the offensive line. That is critical to the success of the specific play and the quarterback’s long-term health. A firewall is like that offensive line. Even the latest next-generation firewalls (NGFW) occasionally allow threats to break through. Your organization needs a game plan for blocking those attacks that get past the firewall.

That’s why it makes sense to deploy a next-generation intrusion prevention system (IPS) behind your NGFW. By complementing the protection provided by a NGFW, the IPS can stop attacks that firewalls miss, such as those launched from within the enterprise, zero-day attacks, mutated threats, obfuscated exploits and attacks embedded in encrypted channels.

Why not use the built-in IPS capability found in most NGFWs? That’s certainly an option, if you take into the account the additional performance overhead needed to power the IPS feature and size the NGFW properly for your network. But even so, don’t forget about the internal segments of your network that need protection as well.

This an ideal use case for a standalone IPS, since it is a level 2 network device that just sits as a bump in the wire. There is no re-architecting needed to deploy it. You might also consider the fact that 55 percent of security professionals think that a standalone IPS is more effective that one built into a NGFW.

Read More About Firewalls and Securing Your Network

Teamwork Makes the Network

It is also important to remember that the IPS needs to be a good teammate to all the other security solutions you have already deployed, especially since it is capable of stopping threats at the point of attack. For example, your IPS should provide an out-of-the-box integration with your organization’s SIEM so that an attacker can be quarantined when an offense is detected.

Automating containment of threats reduces the spread of malware, halts an attacker’s subsequent lateral movement and stops additional data exfiltration. It’s important to choose an IPS that provides a web server application program interface (WSAPI) so that it can be integrated with the organization’s existing security products.

IBM Security Network Protection (XGS) is a next-generation intrusion prevention system that has a long track record of protecting against both known and unknown threats, often months or years before specific vulnerabilities are disclosed. Read our free solution brief, “A Firewall Is Just the Beginning When Securing Your Network,” to learn how you can significantly improve network security by deploying IBM XGS with your NGFW.


Security Intelligence

Twitter, Dropbox, Uber and several other major tech companies have joined forces and launched the Vendor Security Alliance (VSA), a coalition whose goal is to improve Internet security.

The VSA aims to help organizations streamline their evaluation processes for vendors through a standard questionnaire designed to assess security and compliance practices.

Companies will be provided a yearly questionnaire that will help them determine if a vendor has all the appropriate security controls in place.

The first questionnaire, created by security experts and compliance officers, will be made available for free on October 1. It will measure vendors’ cybersecurity risk level, including procedures, policies, privacy, data security and vulnerability management.

“Once complete, that questionnaire is evaluated, audited, and scored by an independent third party auditor working alongside the VSA,” explained Ken Baylor, head of compliance at Uber. “Points will be granted for sound practices and taken away for practices that could increase security risks. Vendors can then use that score when seeking to offer their services to any business in the VSA, without the need for further audits.”

“The VSA will also enable companies to save time and money through the use of a standardized cybersecurity evaluation with real-time answers. The current way of evaluating cybersecurity risks and approving vendors can take several months – the new VSA process cuts the process down to minutes,” Baylor added.

The founding companies of the VSA are Uber, Docker, Dropbox, Palantir, Twitter, Square, Atlassian, GoDaddy and AirBnb. Executives from each of these organizations form the VSA’s board of directors.

A vendor security assessment questionnaire (VSAQ) is also available from Google. The search giant announced earlier this year that it had decided to open source its VSAQ framework, which the company has been using to evaluate the security and privacy posture of its third-party vendors.

Related Reading: Businesses Doubtful That Vendors Would Disclose a Breach

Related Reading: The Three W's of Re-evaluating Your Network Security Vendor

Related Reading: Facebook, Partners Unveil Alliance on Cybersecurity

view counter

Previous Columns by Eduard Kovacs:

Tags:


SecurityWeek RSS Feed