Preventing and Avoiding Network Security Threats and Vulnerabilities

Potential attacks, software and platform vulnerabilities, malware, and misconfiguration issues can pose serious threats to organizations seeking to protect private, confidential, or proprietary data. Fortunately, various technologies – collectively known as unified threat management – make it easy to use virtualized or appliance-based tools to provide comprehensive security coverage.

With a combination of regular updates, monitoring and management services, and critical security research and intelligence data, you can vastly improve your business’s cybersecurity. We’ll explore how to erect defenses with UTM and implement sound security policies to cope with an array of threats.

Unified threat management is an all-in-one security implementation that helps protect businesses from online security risks. A UTM solution includes features like network firewalls, antivirus software, intrusion detection and virtual private networks. Many businesses may prefer UTM software platforms, but hardware options, such as dedicated firewalls and router networking devices, are also available.

By implementing a UTM program throughout your organization, you provide a single security source for all of your information technology (IT) needs that can scale as your business grows. 

With a UTM guarding your organization, you get a streamlined experience with various security components working together seamlessly, instead of the potential issues that could arise if you integrated multiple services for each function.

By its very nature, technology is constantly changing. Unfortunately, this includes cybercrime; as technology progresses and we become more connected, the number of threats keeps growing. 

A business can’t predict when or how the next data breach will occur. It could be through a text, email, pop-up ad, or even a vulnerability in your business website. 

This unpredictability is why it’s critical to implement a comprehensive UTM program throughout your organization. A UTM is like a cybersecurity force guarding against the most common vulnerabilities hackers could exploit. By essentially guarding every virtual entry point, a UTM is a great preventive security measure for any business.

Poor access management is the root cause of many IT hacks. Your business should tightly control who can access networked devices, cloud workloads and big data projects.

The history of information security and palliative technologies goes back to the 1980s, when perimeter security (through firewalls and screening routers) and malware protection (primarily in the form of early antivirus technologies) became available. 

As threats evolved in sophistication and capability, other elements to secure business networks and systems became available. These solutions include email checks, file screening, phishing protection, and allow lists and block lists for IP addresses and URLs.

From the mid-’90s to the first decade of the 21st century, there was an incredible proliferation of point solutions to counter specific threat types, such as malware, IP-based attacks, distributed denial-of-service (DDoS) attacks, and rogue websites with drive-by downloads. This explosion led to an onslaught of data security software and hardware designed to counter individual threat classes. 

Unfortunately, a collection of single-focus security systems lacks consistent and coherent coordination. There’s no way to detect and mitigate hybrid attacks that might start with a rogue URL embedded in a tweet or email message, continue with a drive-by download when that URL is accessed, and really get underway when a surreptitiously installed keylogger teams up with timed transmissions of captured data from a backdoor uploader. 

Worse yet, many of these cyberattack applications are web-based and use standard HTTP port addresses, so higher-level content and activity screening is necessary to detect and counter unwanted influences. 

The basic premise of UTM is to create powerful, customized processing computer architectures that can handle, inspect, and (when necessary) block large amounts of network traffic at or near wire speeds. It must search this data for blacklisted IP addresses, inspect URLs for malware signatures, look for data leakage, and ensure all protocols, applications, and data are benign. 

Typical UTM solutions usually bundle various functions, such as the following.

Modern UTM systems incorporate all these functions and more by combining fast special-purpose network circuitry with general-purpose computing facilities. The custom circuitry that exposes network traffic to detailed and painstaking analysis and intelligent handling does not slow down benign packets in transit. It can, however, remove suspicious or questionable packets from ongoing traffic flows, turning them over to scanners or filters. 

The UTM agency can then perform complex or sophisticated analyses to recognize and foil attacks, filter out unwanted or malicious content, prevent data leakage, and ensure security policies apply to all network traffic.

Since many businesses are shifting employees to remote work models, it’s more critical than ever to invest in VPNs for data security.

UTM solutions usually take the form of special-purpose network appliances that sit at the network boundary, straddling the links that connect internal networks to external networks via high-speed links to service providers or communication companies.

By design, UTM devices coordinate all aspects of a security policy, applying a consistent and coherent set of checks and balances to incoming and outgoing network traffic. Most UTM device manufacturers build their appliances to work with centralized, web-based management consoles. This lets network management companies install, configure and maintain UTM devices for their clients. 

Alternatively, IT managers and centralized IT departments can take over this function. This approach ensures that the same checks, filters, controls, and policy enforcement apply to all UTM devices equally, avoiding the gaps that the integration of multiple disparate point solutions (discrete firewalls, email appliances, content filters, virus checkers, and so forth) can expose.

These are some of the most respected UTM providers:

Cyberthreat intelligence gives you a direct line into new and developing cyberattacks worldwide, so you can know the enemy and build an effective solution to prevent breaches.

When choosing a business UTM solution, you should seek the standard functions described above as well as these more advanced features: 

Advanced UTM devices must also support flexible architectures whose firmware can be easily upgraded to incorporate new means of filtering and detection and to respond to the ever-changing threat landscape. UTM makers generally operate large, ongoing security teams that monitor, catalog, and respond to emerging threats as quickly as possible, providing warning and guidance to client organizations to avoid exposure to risks and threats.

Some of the best-known names in the computing industry offer UTM solutions to their customers, but not all offerings are equal. Look for solutions from reputable companies like Cisco, Netgear, SonicWall and Juniper Networks. You’re sure to find the right mix of features and controls to meet your security needs without breaking your budget.

As a visit to the periodic survey of information security certifications at TechTarget’s SearchSecurity confirms, more than 100 active and ongoing credentials are available in this broad field. However, not all of the best IT certifications address UTM directly or explicitly. 

While no credential focuses exclusively on UTM, some of the best InfoSec and cybersecurity certifications cover UTM aspects in their exam objectives or the associated standard body of knowledge that candidates must master:

Of these credentials, the generalist items (such as CISA, CISSP, and CHPP/CHPA) and the two SANS GIAC certifications (GCIH and GCWN) provide varying levels of coverage on the principles of DLP and the best practices for its application and use within the context of a well-defined security policy. 

Out of the above list, the CISSP and CISA are the most advanced and demanding certs. The Cisco and Juniper credentials concentrate more on the details of specific platforms and systems from vendors of UTM solutions.

With the ever-increasing emphasis on and demand for cybersecurity, any of these certifications – or even entry-level cybersecurity certifications – can be a springboard to launch you into your next information security opportunity.

Eduardo Vasconcellos contributed to the writing and research in this article.

CRN Interview: Dan Warmenhoven, Network Appliance

Last week, Network Appliance said it would for the first time sell products through distribution--via agreements with Arrow Electronics' North American Computer Products group and Avnet Hall-Mark--to serve the bulk of its existing solution provider community and to attract more channel partners. Company CEO Dan Warmenhoven spoke to CRN Senior Editor Joseph F. Kovar about the distribution move, the channel and EMC/Legato.

CRN: Why the push through distribution?

Warmenhoven: It's the next stage in expanding our channel partnerships. Over the last few years, we've developed a set of global partnerships with firms like IBM Global Services and Accenture. Last year, we got into what we consider 'Star' partners like Forsythe, Datalink and a few others. And we just felt it was time to move on to the next stage.

We've had a number of regional VARs, probably in the neighborhood of about 100, that we have developed in parallel with our Star partners. And it was really time to provide a consolidated way to interface with them and provide additional support to them.

CRN: Your current 100 or so solution providers--the ones you have now--will be required to go through distribution, correct?

Warmenhoven: Yeah, that's the plan.

CRN: Why the requirement instead of a choice?

Warmenhoven: Let me describe first our relationship with Arrow and Avnet. They really are not stocking distributors. They're really kind of virtual distributors. They have the relationship with the VAR whereby they consolidate the orders and take the credit risk. So we actually see the order from Avnet or Arrow. The product is essentially ordered directly by the end VAR and shipped to their end user. And everything is built to order. So this is not a traditional stocking relationship. It's really a credit and financial transaction management relationship which actually simplifies the whole process for everybody.

CRN: The other goal of going through distribution would be to increase the number of potential solution providers that you work with. Are there any plans to do that?

Warmenhoven: Yes. In fact, we'd like to have Arrow and Avnet both help us to expand the set of VARs we have. We've developed 100 or so [solution providers on our own], and they've done a really terrific job over the last year since we got that program ramped. But there are regions in North America where we have very little sales coverage. We're counting on VARs and other indirect channel partners to take us into the Southeast, where we have very few people.

CRN: What kind of solution providers would you be looking for through distribution?

Warmenhoven: They fit into a couple of different categories. Some are very vertically focused. . . . In verticals such as retail, for instance, which generally has a pretty strong reliance on VARs, we have no corporate focus. We would look to VAR partners to complement us in that regard.

The second [category] is those who focus on data storage and data management solutions, who can put together fairly complete configurations for customers. Typically, those are focused, we think, on midtier accounts, say under-$1-billion-in-size corporations, where they often have very small IT staffs and are fairly dependent on VARs to integrate a complete solution for them.

The third is regional VARs, where we have very little coverage. We have very few people, like I said, in the Southeast.

CRN: As far as working with solution providers goes, how is Network Appliance's compensation program for direct sales set up?

Warmenhoven: Channel-neutral. This is one of the things we put in place starting two years ago. It became fully embodied in the compensation plans of our people last year. It is absolutely, totally channel-neutral. We have encouraged our organizations to leverage their partners, and I think it has been pretty successful. . . .

I think it was very, very successful. Last year, our mix of direct/indirect in North America moved from 80/20 to 65/35. . . . We're hoping to see that blend shift even more to the indirect channel going forward.

CRN: Network Appliance has the final say in terms of who actually becomes authorized through a distributor, correct?

Warmenhoven: I think technically that's correct. But essentially it's determined by Avnet and Arrow. They're really in control, and our objective was to have them build out the partnerships. And since Arrow and Avnet take the credit risk, they really have more of a financial implication here than we do.

We do, in fact, have a right of refusal. But I think that's more of a formality than a reality.

CRN: Are you looking to attract a specific number of solution providers as a result of the distribution?

Warmenhoven: No, not necessarily. I don't think the question is number of VARs and partners we have. I really think the question is the volume of business they can generate.

CRN: One of the things that Microsoft is bragging about is how their share of the NAS operating system market continues to grow. Does Network Appliance see a threat from the growing use of the Microsoft operating system, and is this move to distribution related to bringing your products more into the space Microsoft competes in?

Warmenhoven: No and yes. We are focused on the space where Microsoft is present. But I wouldn't say that this is in any way a reaction to Microsoft. . . .

We're really focused on a different kind of solution set--a full range of features and functions. All the advanced features you can buy on our enterprise solution like mirroring, file recovery, quota management and all those other kinds of things, and being able to drive that down to price points that are very attractive to small and medium businesses.

We have just recently started shipping a new product, which we're probably going to launch in the fall, which is intended to be a very competitive, full-functioned solution--a Network Appliance Filer in every sense of the word--that packages into a [3U-high rack shelf], or alternatively as a tower, that can scale up to 2 Tbytes. And we think from a half-Tbyte and up it's very cost-competitive with anything you'd find from one of the Microsoft OEMs. . . .

We would have done this independent of what Microsoft would have done. This is not a response to Microsoft whatsoever. This is just a way for us to reach a broader range of customers with a new and more cost-effective solution set than we've been able to bring in before. . . .

CRN: EMC just said it will buy Legato. Any surprises there? Any reaction from Network Appliance?

Warmenhoven: This is not one that I think is going to be particularly successful from the point of creating synergy. I personally believe that the storage market right now has really three subsegments to it. And combinations across those are inefficient and not advisable at this point in time.

There's a class of storage software vendors. Legato was in that class, along with Veritas, IBM Tivoli, BMC, a few others. There is a class of networked storage switches [like] Brocade, McData, Cisco. And a class of storage systems, which is where I put ourselves, Hitachi Data Systems, EMC.

The market shares in every segment are very fragmented. In order to be successful, a player in one segment of the market really has to have a complete set of partnerships with players in the others. Legato has played fairly neutral relative to storage systems but interoperates effectively with all of them.

The NDMP data management protocol was actually developed between us and Legato. We've had a very close relationship with them over the years. And consequently we can tell our customers with confidence that Legato is a completely supported, highly integrated solution. We can tell them we are jointly involved in our road maps together.

I gotta tell you, that ended [on July 8]. That's no longer going to be the case.

Legato's going to find that the only partner they have in the storage systems space is EMC. So their solutions will naturally atrophy to the point where they're only EMC-appropriate. And at the same time, EMC has just declared itself a competitor with Veritas and the other storage management software providers, and that naturally is going to cause a reaction where Veritas or BMC or IBM Tivoli are no longer going to feel like they should be partnered closely with EMC.

So consequently, I think you'll find that EMC will get less support from the other software solution providers. Their Legato applications will get less support from other storage system providers. And consequently, I do not think the synergies will be realized.

I certainly would not proceed in that kind of an acquisition.

CRN: Any final words to the solution provider community in terms of what you want them to see from Network Appliance and distribution?

Warmenhoven: We love you, we're committed to you, and we're counting on a great amount of mutual success.

Zyxel NWA220AX-6E review