I have talked with a great deal of IT leaders in recent months, small to large organizations who all have security concerns on their mind. I always express to many of them the great value of UTM technology. I have had a Fortinet UTM device in the office here for several years, and always impressed with the capability of the device.
Unified Threat Management was originally designed to help protect the networks of small and medium sized businesses, but recently UTM firewalls have been expanding to corporate networks as well. The term UTM is used to describe network firewalls that contain many different features in 1 box.
Such features include e-mail spam filtering, an intrusion prevention system, anti-virus capability, internet filtering, and the functions of a traditional firewall. Basically, what this means is that a UTM firewall can perform the same functions in 1 box that would otherwise require 2 or 3 boxes. In addition, central management, and web based administration.
What are the benefits of UTM Firewalls?
1. The main benefit of Unified Threat Management is the fact that so many necessary functions are combined into one box. This reduces the complexity of the firewall system and saves businesses time and money. In addition, complexity brings risk and opportunity for errors.
2. Since all the security features are in one device, you do not need to spend time figuring out how all your security devices work and then how they all work together. Once you understand how your UTM firewall works, you understand your entire security system.
3. Also, because the whole security system is in one device, there is much less to buy. In fact, the only thing that you have to buy is the UTM firewall. This significantly reduces the cost that needs to be spent on a security system.
4. Maintaining network security can often become complex and confusing, but when all the security features are combined into one system, it is easy to see how all the functions are integrated and how they work together. Also, because it is only one system coming from one vendor, training for the entire system also only comes from one vendor. This means that when you need help, there will only be one company you need to go to. This is much easier than having to contact three or four different companies if the system fails.
The ease that is created by Unified Threat Management as well as the time and money that the system saves makes it a worthwhile investment for any business. If you need to protect your network, get started with a UTM firewall today.
Stay positive!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
Friday, December 17, 2010
Friday, December 10, 2010
Security - Do you have inside threats?
I talk with many IT leaders over the course of a year, and everyone is focused on Firewalls, IDP, IDS, DLP, and the list goes on. No one really talks about inside threats. What about that risk? When IT pros think of securing networks, they typically concern themselves with outside attacks and hackers. But, the easier attack or hack is inside your office or a branch office. They also face threats from their employee’s, especially their internal staff. The threats can be intentional with malicious employees or they can be accidental, when staff will mistakenly leave sensitive information open and available to hackers. What about social engineering - not just an outside attack.
New Threats
The majority of data breaches will involve outside criminals. Verizon’s 2010 Data Breach Investigations Report stated that 70% of breaches in 2009 where from outside criminals. The most surprising number is insider threats reached 48% more, that is double of what it was in 2008. Some of that number is overall with people from both inside and outside the company involved.
The question becomes how can IT Managers reduce the risk of insider threats? The best place to start is your employee’s inside the IT department. Most IT staffers have the highest level of access and the technical knowledge of how to steal data. In addition, some IT staff are over worked, under appreciated and feel negative towards their employer.
To protect against threats within the IT Staff, industry experts recommend the following best practices…
Enforce a Policy of least privilege
48% of the security breaches in the Verizon study involved the misuse of privileges by employees. Help limit the attack by giving them only the access that they need to do their job. That typically means assigning privileges individually, not based on employee groups.
Conduct thorough background check
Make sure your HR department is aware of the positions in your IT department that require access to critical and sensitive data. You can appropriately filter out candidates before they are hired.
Terminate Properly
A recent survey by Cyber-Ark, 63% of IT staffers admitted they would steal passwords, financial reports and other sensitive information if they knew they were about to be fired. Disable account access right away if employees are going to be fired.
Watch for signs of a suspicious employee
Employees involved in cybercrime will often show signs such as absences from work, changes in work habits and a change in temperament.
Enforce your policies
A lax environment can convince some staffers that they can get away with fraud. Make sure you are enforcing all of your polices and violations are dealt with appropriately.
Unknowing accomplices
Staffers and IT professionals might also put their company’s network at risk. The Verizon study shows the cybercriminals are less reliant on malware to steal data. More often, they are gaining access with social engineering or exploiting poorly configured networks. In addition, some staff members can take equipment or company assets home and conduct attacks after hours.
Keep your staff informed….
Provide Training: Watch for hackers’ latest tactics for tricking staffers into providing sensitive data or access credentials. Most IT Pros should know better, but you still need to remind them from time to time.
Conduct Audits:
This can help detect potential fraud and catch holes that IT staffers may have overlooked. Encourage Staff to Report Problems so they can be addressed and fixed.
Keep in mind the human side of the environment. Employees that are happy at work, feel fair compensation, rewards, and apprciation are less likely to do harm to the company. They feel part of the overall success and appreciate the financial rewards of their hardwork, and dedication.
Keep positive!
Scott Arnett
scott.arnett@charter.net
New Threats
The majority of data breaches will involve outside criminals. Verizon’s 2010 Data Breach Investigations Report stated that 70% of breaches in 2009 where from outside criminals. The most surprising number is insider threats reached 48% more, that is double of what it was in 2008. Some of that number is overall with people from both inside and outside the company involved.
The question becomes how can IT Managers reduce the risk of insider threats? The best place to start is your employee’s inside the IT department. Most IT staffers have the highest level of access and the technical knowledge of how to steal data. In addition, some IT staff are over worked, under appreciated and feel negative towards their employer.
To protect against threats within the IT Staff, industry experts recommend the following best practices…
Enforce a Policy of least privilege
48% of the security breaches in the Verizon study involved the misuse of privileges by employees. Help limit the attack by giving them only the access that they need to do their job. That typically means assigning privileges individually, not based on employee groups.
Conduct thorough background check
Make sure your HR department is aware of the positions in your IT department that require access to critical and sensitive data. You can appropriately filter out candidates before they are hired.
Terminate Properly
A recent survey by Cyber-Ark, 63% of IT staffers admitted they would steal passwords, financial reports and other sensitive information if they knew they were about to be fired. Disable account access right away if employees are going to be fired.
Watch for signs of a suspicious employee
Employees involved in cybercrime will often show signs such as absences from work, changes in work habits and a change in temperament.
Enforce your policies
A lax environment can convince some staffers that they can get away with fraud. Make sure you are enforcing all of your polices and violations are dealt with appropriately.
Unknowing accomplices
Staffers and IT professionals might also put their company’s network at risk. The Verizon study shows the cybercriminals are less reliant on malware to steal data. More often, they are gaining access with social engineering or exploiting poorly configured networks. In addition, some staff members can take equipment or company assets home and conduct attacks after hours.
Keep your staff informed….
Provide Training: Watch for hackers’ latest tactics for tricking staffers into providing sensitive data or access credentials. Most IT Pros should know better, but you still need to remind them from time to time.
Conduct Audits:
This can help detect potential fraud and catch holes that IT staffers may have overlooked. Encourage Staff to Report Problems so they can be addressed and fixed.
Keep in mind the human side of the environment. Employees that are happy at work, feel fair compensation, rewards, and apprciation are less likely to do harm to the company. They feel part of the overall success and appreciate the financial rewards of their hardwork, and dedication.
Keep positive!
Scott Arnett
scott.arnett@charter.net
Subscribe to:
Posts (Atom)