"Firewalls will soon be history"
A must have for enterprises to tackle security
threats, firewalls will soon be thing of past,
contends Foundry
IdhriesAhmad
BANGALORE, INDIA: Firewalls and security software
products are a must for enterprises to help them deal
with the deluge of attacks from spammer, hackers and
viruses.
However, deploying firewalls and other security
software products in enterprises, will soon be thing
of past, forecasts Chandra Kopparapu, vice-president
sales, Asia Pacific, Foundry Networks.
If I need a firewall and a switch, why do I need
separate boxes for them? Why can't someone make a
single box that has both? asks Kopparapu.
Drawing an analogy with a one-arm router, Kopparapu
says that companies in past made a lot of money and a
lot of products around a one-arm router. But not
anymore. The same thing will happen with firewalls",
contends Kopparapu.
In an interaction with Idhries Ahmad, Kopparapu
explains the trends in network security domain, and
how organizations can consistently foresee a security
threat and come up with a solution to tackle that.
Kopparapu also has a word or two for CIO's to deal
with serious security threat posed by insiders rather
than external hackers to organizations assets.
Excerpts:
Idhries Ahmad: One of the biggest problems for
enterprise is how to foresee a threat and come up with
a solution? How can an enterprise be able to do that
consistently?
Chandra Kopparapu: In order to solve this problem, you
need to know what you don't know -- this means
research, investment, proper due diligence and
time-and-effort. There are thousands of security
products and solutions out there. Thousands more are
waiting to be invented. Keeping up with and
understanding all of them takes a lot of work.
Determining which solutions are important to your
network and which are not, also takes a lot of work.
Every network is different with different security
needs and different security priorities, and this is
the reality enterprises face.
There is no "silver bullet" in security where one
product will protect your network from all threat
today and in the future.
Idhries Ahmad: Contrary to common belief, insiders,
rather than external hackers, pose the most serious
threats to an organizations assets. How does Foundry
Networks look at the threat?
CK: The best protection to insider threats is having
multiple layers of security. Here are some
suggestions. Enable 802.1x authentication on your
ports from where insiders access your network. Use a
NAC or NAP or some sort of admission control solution.
There are many out there to choose from.
Enforce anti-virus policies on every device used by
your insiders. This can be through anti-virus software
on devices or by some IPS or IDS in your network.
Enable all or any DOS protection on your network.
There are lots of DOS protection features embedded
into switches and routers, so use them.
Chandra Kopparapu, vice-president sales, Asia Pacific,
Foundry Networks.
Idhries Ahmad: Foundry Networks has this interesting
assumption about firewalls and software products
becoming outdated soon. Can you explain how is that
going to happen since firewalls and other software
products have become part and parcel of every
enterprise network?
CK: Use the precedence set by the one-arm router.
There was a time when companies made a lot of money
and a lot of products around a one-arm router. Not
anymore! The same thing applies to firewalls. If I
need a firewall and a switch, why do I need separate
boxes for them? Why can't someone make a single box
that has both?
This is the approach Foundry has adopted with its
embedded security capabilities that are built into all
switches, and SecureIron LAN switches and perimeter
traffic managers.
It is designed to deliver application level
intelligence and security protection throughout the
enterprise network, including at the network perimeter
and inside the LAN.
Idhries Ahmad: What does Foundrys SecureIron Family
bring to the table that secures enterprise network?
CK: Foundry's SecureIron solution is designed to
deliver application level intelligence and security
protection throughout the enterprise network,
including at the network perimeter and inside the LAN.
The solution consists of two distinct product families
SecureIron perimeter traffic managers for security
augmentation and traffic optimization at the
enterprise perimeter; and SecureIron LAN switches for
inside the LAN protection against emerging threats
from within the enterprise network from malicious
users and machines.
The SecureIron family of products is the
first-of-a-kind to embed security features into the
network switch for total integration of security into
the infrastructure throughout the enterprise. The
switches feature Layer 2 through Layer 7 intelligence
to protect against many forms of network and
application level attacks at multi-gigabit speeds to
deliver unparalleled security performance at LAN
rates.
At the perimeter, the SecureIron traffic managers
deliver critical security augmentation to traditional
firewalls and optimize application performance by
maximizing utilization of ISP WAN bandwidth and
firewall capacity with advanced traffic management
features.
Idhries Ahmad: Can you share in detail some of the
trends that you have been seeing in network security
domain?
CK: NAC, NAP, IDS, IPS, DOS protection, email
filtering, etc., things like these are well publicized
and have already attracted lots of attention from
vendors, customers, users, etc.
However, all this attention is necessary because these
are critical security issues and all need to be
addressed in any enterprise network. What about some
under-appreciated network security threats? What parts
of the network are we lacking protection? One area is
location-based security.
Knowing where a security threat is physically located
now and knowing where it has been and tracking its
location as it moves. It's one thing to detect a
security threat. It's also one thing to mitigate a
security threat. However, the real objective should be
to remove security threats. This can only be
accomplished if you can physically locate it. I
predict a big trend toward new security products and
solutions to do this.
5, 50, 500, 5000 - Store N number of mails in your inbox. Go to
http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html
To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe.
To change your subscription to digest mode or make any other changes, please
visit the list home page at
http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
