Combating Business Threats

Today’s threat scenario is defined by two factors. One is the emergence of user as the weakest link in the security chain and the second is the internal threats which are high in frequency and potential and are estimated at over 50% of the total threats. Blended threats like spyware, phishing, pharming, viruses and more are targeting the individual user, extracting corporate and personal confidential information or turning their devices into parts of massive botnets to further the attack. A Unified Threat Management solution provides comprehensive protection to enterprises with tightly integrated multiple security features working together on a single appliance. DIGVIJAYSINH CHUDASAMA OF CYBEROAM explains some contemporary issues relate to security and role of cutting edge technology in fighting with those security threats.

enterprisingCIO: What all types of new threats have emerged so far?

DIGVIJAYSINH:  The threat to businesses is ever on the rise with the widespread adoption and dependence on Internet connectivity. The blended threats combine the characteristics of computer viruses, worms, and malicious code with vulnerabilities found on servers and the Internet. Their purpose is not only to initiate an attack but also to spread it by a variety of means that include the creation of botnets, rapidly changing methods of transmission and more. Blended threats are known to spread rapidly and cause widespread damage.

Businesses have to continuously deal with such potentially devastating Internet attacks and vulnerabilities such as viruses, spams, malicious code, Web defacement, insider abuse and theft of intellectual property. In response to emerging threats and network vulnerabilities, the Unified Threat Management solutions provide comprehensive security in flexible environment with multiple security features on a single platform.

enterprisingCIO: What are the biggest challenge ahead of a CIO who\'s priority is network uptime and hassle free network management?

DIGVIJAYSINH: Today’s CIO is not just an IT manager. CIO now needs to be both an outstanding technology manager and a fully functional business leader. Security is no longer about keeping out viruses, worms and other threats. Each day, companies strive to correlate business decisions to things that actually happen on their network by applying business policies to Internet access management and security. The CIO should enable the Network manager to manage policies for a wide array of users, thus offering security and productivity without limiting business flexibility. It thus translates into high ROI, enhancing business productivity and maximizing the benefits of the Internet as a valuable business resource.

enterprisingCIO: How different are the security threats for SMBs from large enterprise?

DIGVIJAYSINH: The threat scenario of blended and complex threats – both internal and external, are faced both by SMBs and Enterprises. However, they basically differ in their needs of Integration requirements and Performance requirements. Beyond the feature functionality which is a common requirement for both, enterprises require security with high performance, high throughput and low latency. Also Enterprise-class UTM devices need to support the complicated network topologies present in larger corporations. UTM devices ought to provide failover functionality for uninterrupted security, traffic flow and network functioning.. Also, Enterprise-class UTM devices need to offer flexibility to work both at the edge and core.

Some of the features in the present generation of UTMs that fulfill the needs of enterprises as follows:

Ø                                          Integrated active-active high availability feature provides protection against hardware failure to maximize network uptime and ensure uninterrupted access.

Ø                                          Dynamic Routing that provides rapid uptime, increased network throughput with low latencies and trouble-free configuration and supports rapid network growth.

Ø                                          VLAN ability enables large enterprises to create work profile-based policies across distributed networks from a centralized location or head office.

Ø                                          Although identity-based policies are required across all organizations, they are critically important to enterprises in offering high levels of security, data protection and business flexibility in addition to meeting the requirements of regulatory compliance.

enterprisingCIO: In terms of optimum productivity of a security tool, what role can policy setups possibly play?

DIGVIJAYSINH: Centralized management and control offers coordinated defense against zero-hour and blended threats across distributed networks. It enables enterprise-wide implementation of corporate Internet policy, ensuring high productivity and security. Policy set ups lower the deployment cost while offering complete control over distributed networks and play a crucial role in case of remote networks.

UTMs like Cyberoam with its Cyberoam Central Console (CCC) enables enforcement of global policies for Firewall, Intrusion Detection & Prevention and Anti-virus scanning. This supports the creation and implementation of enterprise-wide security policy to strengthen branch and remote office security while lowering operational complexity. The Cyberoam Central Console enables administrators to assign security policies based on user’s work profile even in remote locations. This fully leverages Cyberoam\'s unique user identity-based security approach.

enterprisingCIO: In such scenario, what is the relevance of a tool like UTM?

DIGVIJAYSINH: UTM solutions are popular among businesses and have recently emerged as the choice in security solutions for enterprises as well. One of the most affirmative reasons for the selection is that the appliance is a one-stop-shop for network security. The third generation of UTM solutions are capable of fighting increasingly complex blended threats in real-time without compromising performance. At the same time, they lower capital and operating expenses involved in handling multiple, point solutions. UTMs like Cyberoam are high in granularity with identity-based security that seals the weakest link in the network - the user by pinpointing the user rather than the IP address of the Machine. The integration of identity controls in Cyberoam UTM ensures total protection against the rising Internal threats by identifying who is doing what in the network.

enterprisingCIO: How does Cyberoam offerings can help in these situations?

DIGVIJAYSINH: Cyberoam is a third generation of UTM that has weaved identity controls in its solution and hence helps in controlling the user who is the weakest link in today’s security scenario. It also puts a lid on internal threats by tracing the source of threat right up to the exact user and not just the IP address of a machine. In fact the very deployment of Cyberoam acts as a deterrent for potential internal threat sources.

While the identity based comprehensive security is a USP of Cyberoam, its performance also remains unmatched. The apprehensions about UTMs not fitting in to the performance requirements of enterprise is also laid to rest by Cyberoam’s high performance. Cyberoam UTM runs on multi-core processors. Coupled with innovative software design that leverages the power of multi-core architecture, Cyberoam provides unprecedented throughputs beyond 3 Gbps of IPS and 600 Mbps of UTM throughput

enterprisingCIO: How to ensure the ease of use aspect for the IT manager?

DIGVIJAYSINH: A single UTM appliance makes it very easy to manage security strategy, with just one device to worry about, one source of support and a single way to set-up and maintain every aspect of security solution. Single point of contact, 24 x 7 vendor support, technical training combined with Zero-hour protection without degrading the network performance makes it a boon for IT managers. So not only is it a cost-effective purchase in the first place, but day-to-day “running costs” are also lowered to the point of being insignificant. Cyberoam UTM proves to be a highly effective solution as its strength lies in the bundle of solutions which are integrated and designed to work together in synchrony.

Moreover, UTMs like Cyberoam are a step ahead in granularity by including identity controls in its solution. It helps not only in controlling user behavior and thus insider threats but its access policies too are connected not only to an IP address, but also to a user name or a group of users. So the decision, either to allow or deny, will be based on a user’s access right. The access rights will depend on the user or the group of users business needs.

enterprisingCIO: How do you translate the RoI element for your customers?

DIGVIJAYSINH: Reduced complexity, through Single security solution, Single Vendor, Single AMC, avoidance of multiple software installation and maintenance, Plug & Play Architecture, Web-based GUI for easy management coupled with Zero-hour protection without comprising on performance translates into high ROI for customers who deploy UTMs like Cyberoam.

enterprisingCIO: What profile of customers should go for UTM solution?

DIGVIJAYSINH: Mostly organizations whether SMBs and Enterprises look for security solutions in terms of lowered capital and operating costs, integrated multiple security features and ability to counter the rising trend of Insider threat. Cyberoam not only fulfills all these needs but goes a step ahead in being the only security solution that has identity controls in its features. It traces the threat source not just up till the IP address of the machine but pinpoints the exact user. In fact its user centric approach tackles two of the greatest demons of Internet security i.e., internal threats and user behavior which have emerged as the greatest security chink in the network.

Cyberoam’s identity-based security solution has positioned it as a brand across all verticals. However one market segment among which Cyberoam is typically popular is the verticals like education where the usage of a single machine by multiple users makes user identity an important parameter in identifying usage and security. The identity feature comes as a boon for these organizations who are only too keen to adopt Cyberoam security.

enterprisingCIO: Can you briefly explain about the deployment aspect for UTM solutions?

DIGVIJAYSINH: Small businesses and remote/branch office networks utilize UTM appliances for perimeter security. A UTM appliance that is deployed at the network edge not only blocks unauthorized Internet traffic, but stops Web server hacks, strips viruses, discards spam, foils Phishing URLs, and closes the spyware back-channel.

However Data center operations demand higher throughputs and since many UTM boxes are designed to cater to higher throughputs they are finding a place at the core of the enterprise network. Since many enterprises had earlier been using low and mid-level UTM boxes at their branches and at the network periphery, they are expected to adopt high-end UTM boxes at the core of their network as well.