LATEST INTELLIGENCE
free access to the entire enterprise network
including all the valuable assets.
The solution is a new class of firewall –
Internal Segmentation Firewall (ISFW),
that sits at strategic points of the internal
network. It may sit in front of specific
servers that contain valuable intellectual
property or a set of user devices or web
applications sitting in the cloud.
External
Scan for vulnerabilities
Design phishing emails
Customize malware, etc.
1
Most importantly the ISFW must also
provide “protection” because detection is
only a part of the solution. Sifting through
logs and alerts can take weeks or months;
the ISFW needs to deliver proactive
segmentation and real-time protection
based on the latest security updates.
Finally, the ISFW must be flexible enough
to be placed anywhere within the internal
network and integrate with other parts
of the enterprise security solution under
a single pane of management glass.
Other security solutions can also provide
additional visibility and protection. This
includes the email gateway, web gateway,
border firewalls, cloud firewalls and
endpoints. Further, Internal Segmentation
Firewalls need to scale from low to high
throughputs allowing deployment across
the global network.
Advanced Threats Take
Advantage of the “Flat Internal”
Network
Cybercriminals are creating customized
attacks to evade traditional defenses, and
once inside, to avoid detection and enable
egress of valuable data. Once inside the
network there are few systems in place to
Social Engineering
Zero Days Exploits
Malicious URLs
Malicious Apps, more
Infection
Threat Vector
Threat Production
+ Recon
Once in place, the ISFW must provide
instant “visibility” to traffic traversing
into and out of that specific network
asset. This visibility is needed instantly,
without months of network planning and
deployment.
Internal
APP
4
ExtractionC
Package &
Encrypt Stage
Disposal
2
URL
ommunication
3
Hide, Spread,
Disarm, Access,
Contact Botnet C&C,
Update
Figure 1
detect or better still protect against APTs.
It can be seen from the threat life cycle in
Figure 1 that once the perimeter border
is penetrated, the majority of the activity
takes place inside the boundary of the
network. Activities include disabling any
agent-based security, updates from the
botnet command and control system,
additional infection recruitment and
extraction of the targeted assets.
The Answer is a New Class
of Firewall –
Internal Segmentation Firewall (ISFW)
Most firewall development over the past
decade has been focused on the border,
the Internet edge, perimeter (host firewall),
endpoint, data center (DMZ) or the cloud.
This started with the stateful firewall but
has evolved to include Unified Threat
Management (UTM) for distributed
networks, which brought together the
firewall, intrusion detection and antivirus.
Later came the Next Generation Firewall
(NGFW), which included intrusion
prevention, and application control for the
Internet edge. More recently because of
the huge increase in speeds, Data Center
Firewalls (DCFW) have arrived to provide
more than 100Gbps of throughput. All
of these firewalls have in common an
approach designed to protect from the
“outside-in.”
For rapid internal deployment and
protection, a new class of firewall is
required – Internal Segmentation Firewall
(ISFW). The Internal Segmentation Firewall
has some different characteristics when
compared to a border firewall.
Download white papers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
15