internet gateway security - a state of the nation 2014 whitepaper

Executive SummaryWith cyber attack methods growing increasingly sophisticated many traditional internet gateway solutions are no longer t for purpose. This whitepaper reveals just how many organisations are leaving themselves vulnerable to cyber criminality by keeping hold of their legacy rewall. We also examine how modern gateway security is providing an appropriate defence to these more complex threats and discuss what organisations should consider when refreshing this technology.

[428

3/FI

RE

WA

LLW

P/20

1408

14/L

H]

0121 248 7931www.icomm.co.uk

Icomm Technologies Limited 45-55 Camden Street, Birmingham, B1 3BP.

Internet Gateway Security: A state of the nation 2014

White Paper


2

Introduction

Barely a week goes by without the media reporting a new cyber threat which is capable of causing havoc. There are constant warnings of various forms of sophisticated malware which have already infected thousands of computers across the UK. GameOver Zeus, Cryptolocker and Shylock are just a few to hit the headlines this year.

Once networks are infected, these types of malware can give cybercriminals the ability to steal corporate, personal or nancial details, encrypt les and hold them for ransom or extort money from companies through denial of service (DoS) attacks.

The exact nature of the threats detailed in these media reports may change but the accompanying quote from a relevant security expert is always the same, in order to protect yourself, keep your security defences up to date. The three core pillars of those defences include end point protection, gateway defence and software patch updates.

Companies may be updating their client anti-virus and are regularly patching software, but the Icomm Technologies Survey 2014 has revealed too many organisations are failing to address the nal pillar by not upgrading their rewalls as part of their internet gateway security.

In recent years cybercriminals have evolved their tactics in order to evade detection by traditional rewall defences. Yet in many cases, the companies they target have not all kept pace with this and some are still relying on legacy solutions which are no longer t for purpose.

These organisations now need a next generation rewall which has the capability to go deeper and inspect all tra c, regardless of the port and protocol. A modern rewall solution can inspect even encrypted tra c and detect those threats.

Next generation rewalls are now also protecting businesses against the potential security impact of modern technology trends, such as the consumerisation of IT and cloud computing. These solutions can also provide granular control over website and application usage, to ensure bandwidth is always available for the most critical business functions.

?one sixth of companies have never tested their firewall

Many organisations are not upgrading their firewalls

UK businesses are at risk with old or untested firewall technology

Approximately

782,240

of SMBs lack knowledge of firewall refresh cycles

White Paper

Icomm Technologies Limited

45-55 Camden Street,

Birmingham, B1 3BP.

0121 248 7931

www.icomm.co.uk


3

Next generation fi rewall: an imperative

It is a disturbing fact that the methods deployed by cyber criminality will continue to

become more sophisticated. As a result, no one is 100% safe from attack.

Even the biggest technology rms such as Microsoft, Apple and Facebook - who you would think could adequately defend themselves - have admitted to breaches.

From a nancial and reputational perspective, the consequences of these attacks can be huge. In one of the largest global incidents to date, US retail giant Target saw the personal and nancial details of up to 110 million customers compromised.

It is not just large companies being targeted, however. Research, by security rm

Symantec, has shown that 30% of all global cyber attacks are actually aimed at small

businesses - where defences are perceived to be weaker. Smaller targets may be less lucrative to cybercriminals but it requires less e ort to attack several soft targets than one which is large and well protected.

The security solution

The persistence of the threat, coupled with the increased complexity of these attacks, has meant modern rewalls are now required to do much more than simply check where tra c is coming from and going to. Cybercriminals have now found ways to con and trick their way around these traditional defences.

What is needed is deep packet inspection and that is what a next generation rewall provides - it digs further down to check for a virus or an intrusion, said Mark Lomas, IT consultant at Icomm Technologies.

If you have not refreshed your rewall within the last three years the chances are that you are using a legacy rewall which is no longer t for purpose.

In response to these evolving threats, security rms have rolled out rewalls in the last few years which o er a more advanced defence. As cybercriminals are now capable of smuggling malware passed traditional rewalls by burying it within encrypted tra c, these solutions now provide SSL decryption and inspection.

Today, up to 35% of enterprise tra c is secured using the Secure Sockets Layer (SSL) protocol. Cybercriminals know this, and they have begun to use SSL to hide their attacks. Organisations which are still relying on legacy rewalls with no or limited SSL Inspection capabilities can be compromised, said Florian Malecki, International Product Marketing Director at Dell Security.

No one is

100% safe from attack.

of all global cyber attacks are aimed at

BUSINESSESsmall

30%

A firewall older than 3 years is not fit for purpose

White Paper



Birmingham, B1 3BP.

0121 248 7931

www.icomm.co.uk


4

Icomm Technologies was privy to a damaging cyber attack on a small business, which had been taking an if its not broke, dont x it approach to rewalls. With a legacy solution in place, which was incapable of deep packet inspection, the companys defences proved ine ectual against the attack. The company later approached Icomm for help.

The business found itself at the mercy of an aggressive hacker who encrypted vital les and promised to expose sensitive information to the companys entire email contact book unless 500 was paid into a speci ed bank account.

A word le left on the business owners computer read, You have been hacked. Inside a menacing message threatened: I do not require to do much more work on my part to ruin you.

The hacker, who was clearly well practised in this form of extortion, cheekily demanded that the business quote a reference number when making their payment.

This situation could have been avoided if the business had upgraded to a next generation rewall beforehand.

Case Study

One potential consequence of sticking with your legacy fi rewall

have no plans to, or claim they will never, update their firewall 29%

White Paper



Birmingham, B1 3BP.

0121 248 7931

www.icomm.co.uk


5

Too many still at risk

As more high pro le cyber attack incidents have hit the headlines, there has been a dawning realisation within organisations that they really need to take cyber security seriously.

The Icomm Technologies Internet Gateway Security Survey, which was conducted with more than 500 IT executives within small and medium sized businesses (SMBs) in the UK, revealed that most have taken action by refreshing their rewall.

The study showed that 61% rms have upgraded their rewall protection within the last 30 months - 41% have done so within the last 18 months. However, the results also reveal that many organisations are still relying on traditional solutions.

The survey found 14% of organisations have not, or are unsure whether they have, upgraded their rewall since 2009. This means one in every seven SMBs in the UK is likely to have inadequate protection against the attack methods currently being deployed by cyber criminals.

Testing

It is one thing to deploy a next generation rewall but it is another checking the solution is actually doing its job. It is recommended that companies check their rewall with

penetration testing at least once a year on average. For companies storing sensitive information, such as their customers personal or nancial details, this might take place quarterly.

A lot of people seem to think because they have a rewall they are fully protected when they might not have the right policies in place. Penetration testing is important to ensure everything is working as it should, said Malecki.

As Verizons recent Data Breach survey has shown, when a business is compromised it can be a long time before that is discovered and quite often it is the third parties doing these penetration tests that are the ones who are nding these breaches.

The Icomm survey found that more than three quarters (77%) of SMBs do carry out a penetration test at least once a year - almost half (48%) test twice a year or even more

frequently. However, the study found that a worrying 16% have never tested their

firewall. This means that nearly one in every six SMBs in the UK has no way of knowing whether their rewall is working or not.

one in seven SMBs have inadequate protection

one in six SMBs have never tested their firewall

penetration tests should happen at least once a year

White Paper



Birmingham, B1 3BP.

0121 248 7931

www.icomm.co.uk


6

The refresh cycle

Like any element of the IT infrastructure, the rewall protecting an organisations network should be refreshed periodically. Companies are advised to upgrade their rewall every three to ve years on average - as they would their servers.

This refresh is not just to ensure the solution in place is o ering an adequate defence against evolving threats, it is also about protecting performance. If a company is growing, the organisation needs a rewall that can handle increased tra c and prevent bottlenecks.

The Icomm survey revealed the majority of rms acknowledge the need for this refresh and have plans to carry this out within the next ve years. The research did reveal, however, that nearly a third (29%) say they have no plans to, or will never, upgrade their rewall.

When asked how often they believed they should refresh their rewall, a quarter (25%) of respondents replied at the end of its life.

Lomas said: It would be interesting to know when someone thinks their rewall is broken, as its not a case of checking whether the lights are on.

If you have a traditional rewall it will not be protecting you in the same way it was when you bought it - so in my eyes it is already broken.

Many refresh their firewall every five years

think a firewall doesnt need refreshing

White Paper



Birmingham, B1 3BP.

0121 248 7931

www.icomm.co.uk


7

What to consider when upgrading your Firewall

It is not unusual for businesses to acquire their rewall solution as an add-on, when buying another solution. This one stop shop approach when procuring one of the key pillars in an organisations security defences is questionable.

The level of integration a rewall needs with other elements of the IT infrastructure is limited. Therefore, the purchasing decision should be independent to any other form of procurement. Organisations are free to deploy a best of breed solution which o ers the deep packet inspection, with decryption and anti-evasion technology, mentioned above.

Lomas said: We would always advocate a consultancy led approach to rewalls as some vendors do o er a greater depth of solution than others. For some, security is their main focus but there are others which are just lling out their portfolios.

Protecting productivity

Organisations should also consider technology trends, such as the consumerisation of IT and cloud computing, which can impact on internet bandwidth. Next generation rewalls are capable of protecting an organisations bandwidth performance by providing a granular level of control.

This allows organisations to manage behaviour on certain websites or applications and specify which teams or individuals are given access. For example, the marketing department may be given permission to promote the business on consumer websites such as Facebook and YouTube but at the same time a next generation rewall can curtail any excessive video streaming or gaming on these platforms.

At times when there is excessive demand placed on the internet, a next generation rewall can also take action to protect vital cloud applications and reduce the bandwidth available to non-essential functions.

Malecki explains: If an England football game is on, some companies will be happy to let their sta stream this but if this a ected bandwidth it could prevent access to essential applications such as Salesforce.com or another CRM system. A next generation rewall will, however, allow you to reserve a percentage of the bandwidth for critical applications to ensure the business remains productive at these times.

have no plans to upgrade at allhave no plans to upgrade at allhave no plans to upgrade at all

White Paper



Birmingham, B1 3BP.

0121 248 7931

www.icomm.co.uk

Conclusion

Firewall manufacturers have been forced into taking some great strides forward in recent years, in response to the nefarious activities of cybercriminals. But with approximately one in seven SMBs still likely to be deploying traditional solutions, it is clear many organisations are still leaving themselves vulnerable to attack.

Furthermore, as IT consumerisation and cloud computing threaten to impact on crucial functionality, businesses could well be losing competitive advantage by not deploying next generation solutions which protect productivity.

With cyber attacks and internet usage both destined to grow rapidly in the coming years, the third of businesses who have no plans to upgrade their rewall will also need to rethink their approach. Otherwise their performance will su er, or worse still they could leave themselves at the mercy of increasingly sophisticated cybercriminals.

For further information and support on refreshing, testing and upgrading your fi rewall, please get in touch with Icomm Technologies on 0121 248 7931 or at www.icomm.co.uk

White Paper

0121 248 7931www.icomm.co.uk

Icomm Technologies Limited 45-55 Camden Street, Birmingham, B1 3BP.


8