Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Next generation firewalls

Ross O. Storey | July 21, 2010
MIS Asia editor, Ross O. Storey, shared thoughts with Palo Alto Networks co-founder and chief architect, Yuming Mao, on the benefits and dangers of todays new openness and interactivity.

How prepared do you think Asia Pacific enterprises are to meet these new challenges and are they coping with the burgeoning demand for bandwidth?

Many organisations continue to struggle with managing these new applications, and their incumbent network security infrastructure, which bases decisions on irrelevant network port information, and struggles with an antiquated good/bad security model. One of the things weve seen in bandwidth-conscious enterprises is the desire to allow certain applications, but queue and shape them such that they cannot interfere with more critical and more latency-sensitive business applications.

How has the enterprise risk profile changed because of these new bandwidth hungry systems and how serious is the situation in the Asia Pacific, compared to the US and Europe?

I dont think the risk profile is that different in Asia. The compliance issues are different, and individual enterprises cultures are different, but the desire to use Enterprise 2.0/Web 2.0 applications, the need to adopt social technologies, and the concern about the risks they carry are common globally. Have a look at our latest Application Usage and Risk Report for some detail on how similar North American, Asian and European organisations look from a risk perspective.  (http://www.paloaltonetworks.com/literature/AUR_spring2010.php)

How well are firewalls evolving to meet these new threats and what should enterprises be doing to ensure they are properly protected in this changing environment?

The traditional stateful inspection firewall as we know it cant evolve it must fundamentally change.  The firewall has some unique advantages it sees all traffic, and it defines the trust boundary. Traditional firewalls, however, cannot see past port and network protocol. So taking the good (the position of the firewall within the network) and starting over with a next-generation firewall with the following requirements will both solve the problem outlined above, and simplify network security. Next-generation firewalls must:

•    Identify applications regardless of port, protocol, evasive tactic or SSL

•    Identify users regardless of IP address

•    Protect in real-time against threats embedded across applications

•    Fine-grained visibility and policy control over application access / functionality

•    Multi-gigabit, in-line deployment with no performance degradation

Which sectors do you believe face the highest risk from this changing IT environment and where are their key vulnerabilities?

From what weve seen in customers, financial services, government, and healthcare organisations are most sensitised to these risks, because of their greater dependence on information technology, and because of the relatively higher value of the information within their systems (e.g., for a bank, bits and bytes equal money which has an immediate and direct value, as opposed to in a manufacturer, where the information travelling on the network may be important, but have no direct and immediate value to an attacker).

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.