-
Executive SummaryWith cyber attack methods growing increasingly
sophisticated many traditional internet gateway solutions are no
longer t for purpose. This whitepaper reveals just how many
organisations are leaving themselves vulnerable to cyber
criminality by keeping hold of their legacy rewall. We also examine
how modern gateway security is providing an appropriate defence to
these more complex threats and discuss what organisations should
consider when refreshing this technology.
[428
3/FI
RE
WA
LLW
P/20
1408
14/L
H]
0121 248 7931www.icomm.co.uk
Icomm Technologies Limited 45-55 Camden Street, Birmingham, B1
3BP.
Internet Gateway Security: A state of the nation 2014
White Paper
-
Internet Gateway Security: A state of the nation 2014
2
Introduction
Barely a week goes by without the media reporting a new cyber
threat which is capable of causing havoc. There are constant
warnings of various forms of sophisticated malware which have
already infected thousands of computers across the UK. GameOver
Zeus, Cryptolocker and Shylock are just a few to hit the headlines
this year.
Once networks are infected, these types of malware can give
cybercriminals the ability to steal corporate, personal or nancial
details, encrypt les and hold them for ransom or extort money from
companies through denial of service (DoS) attacks.
The exact nature of the threats detailed in these media reports
may change but the accompanying quote from a relevant security
expert is always the same, in order to protect yourself, keep your
security defences up to date. The three core pillars of those
defences include end point protection, gateway defence and software
patch updates.
Companies may be updating their client anti-virus and are
regularly patching software, but the Icomm Technologies Survey 2014
has revealed too many organisations are failing to address the nal
pillar by not upgrading their rewalls as part of their internet
gateway security.
In recent years cybercriminals have evolved their tactics in
order to evade detection by traditional rewall defences. Yet in
many cases, the companies they target have not all kept pace with
this and some are still relying on legacy solutions which are no
longer t for purpose.
These organisations now need a next generation rewall which has
the capability to go deeper and inspect all tra c, regardless of
the port and protocol. A modern rewall solution can inspect even
encrypted tra c and detect those threats.
Next generation rewalls are now also protecting businesses
against the potential security impact of modern technology trends,
such as the consumerisation of IT and cloud computing. These
solutions can also provide granular control over website and
application usage, to ensure bandwidth is always available for the
most critical business functions.
?one sixth of companies have never tested their firewall
Many organisations are not upgrading their firewalls
UK businesses are at risk with old or untested firewall
technology
Approximately
782,240
of SMBs lack knowledge of firewall refresh cycles
White Paper
Icomm Technologies Limited
45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk
-
Internet Gateway Security: A state of the nation 2014
3
Next generation fi rewall: an imperative
It is a disturbing fact that the methods deployed by cyber
criminality will continue to
become more sophisticated. As a result, no one is 100% safe from
attack.
Even the biggest technology rms such as Microsoft, Apple and
Facebook - who you would think could adequately defend themselves -
have admitted to breaches.
From a nancial and reputational perspective, the consequences of
these attacks can be huge. In one of the largest global incidents
to date, US retail giant Target saw the personal and nancial
details of up to 110 million customers compromised.
It is not just large companies being targeted, however.
Research, by security rm
Symantec, has shown that 30% of all global cyber attacks are
actually aimed at small
businesses - where defences are perceived to be weaker. Smaller
targets may be less lucrative to cybercriminals but it requires
less e ort to attack several soft targets than one which is large
and well protected.
The security solution
The persistence of the threat, coupled with the increased
complexity of these attacks, has meant modern rewalls are now
required to do much more than simply check where tra c is coming
from and going to. Cybercriminals have now found ways to con and
trick their way around these traditional defences.
What is needed is deep packet inspection and that is what a next
generation rewall provides - it digs further down to check for a
virus or an intrusion, said Mark Lomas, IT consultant at Icomm
Technologies.
If you have not refreshed your rewall within the last three
years the chances are that you are using a legacy rewall which is
no longer t for purpose.
In response to these evolving threats, security rms have rolled
out rewalls in the last few years which o er a more advanced
defence. As cybercriminals are now capable of smuggling malware
passed traditional rewalls by burying it within encrypted tra c,
these solutions now provide SSL decryption and inspection.
Today, up to 35% of enterprise tra c is secured using the Secure
Sockets Layer (SSL) protocol. Cybercriminals know this, and they
have begun to use SSL to hide their attacks. Organisations which
are still relying on legacy rewalls with no or limited SSL
Inspection capabilities can be compromised, said Florian Malecki,
International Product Marketing Director at Dell Security.
No one is
100% safe from attack.
of all global cyber attacks are aimed at
BUSINESSESsmall
30%
A firewall older than 3 years is not fit for purpose
White Paper
Icomm Technologies Limited
45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk
-
Internet Gateway Security: A state of the nation 2014
4
Icomm Technologies was privy to a damaging cyber attack on a
small business, which had been taking an if its not broke, dont x
it approach to rewalls. With a legacy solution in place, which was
incapable of deep packet inspection, the companys defences proved
ine ectual against the attack. The company later approached Icomm
for help.
The business found itself at the mercy of an aggressive hacker
who encrypted vital les and promised to expose sensitive
information to the companys entire email contact book unless 500
was paid into a speci ed bank account.
A word le left on the business owners computer read, You have
been hacked. Inside a menacing message threatened: I do not require
to do much more work on my part to ruin you.
The hacker, who was clearly well practised in this form of
extortion, cheekily demanded that the business quote a reference
number when making their payment.
This situation could have been avoided if the business had
upgraded to a next generation rewall beforehand.
Case Study
One potential consequence of sticking with your legacy fi
rewall
have no plans to, or claim they will never, update their
firewall 29%
White Paper
Icomm Technologies Limited
45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk
-
Internet Gateway Security: A state of the nation 2014
5
Too many still at risk
As more high pro le cyber attack incidents have hit the
headlines, there has been a dawning realisation within
organisations that they really need to take cyber security
seriously.
The Icomm Technologies Internet Gateway Security Survey, which
was conducted with more than 500 IT executives within small and
medium sized businesses (SMBs) in the UK, revealed that most have
taken action by refreshing their rewall.
The study showed that 61% rms have upgraded their rewall
protection within the last 30 months - 41% have done so within the
last 18 months. However, the results also reveal that many
organisations are still relying on traditional solutions.
The survey found 14% of organisations have not, or are unsure
whether they have, upgraded their rewall since 2009. This means one
in every seven SMBs in the UK is likely to have inadequate
protection against the attack methods currently being deployed by
cyber criminals.
Testing
It is one thing to deploy a next generation rewall but it is
another checking the solution is actually doing its job. It is
recommended that companies check their rewall with
penetration testing at least once a year on average. For
companies storing sensitive information, such as their customers
personal or nancial details, this might take place quarterly.
A lot of people seem to think because they have a rewall they
are fully protected when they might not have the right policies in
place. Penetration testing is important to ensure everything is
working as it should, said Malecki.
As Verizons recent Data Breach survey has shown, when a business
is compromised it can be a long time before that is discovered and
quite often it is the third parties doing these penetration tests
that are the ones who are nding these breaches.
The Icomm survey found that more than three quarters (77%) of
SMBs do carry out a penetration test at least once a year - almost
half (48%) test twice a year or even more
frequently. However, the study found that a worrying 16% have
never tested their
firewall. This means that nearly one in every six SMBs in the UK
has no way of knowing whether their rewall is working or not.
one in seven SMBs have inadequate protection
one in six SMBs have never tested their firewall
penetration tests should happen at least once a year
White Paper
Icomm Technologies Limited
45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk
-
Internet Gateway Security: A state of the nation 2014
6
The refresh cycle
Like any element of the IT infrastructure, the rewall protecting
an organisations network should be refreshed periodically.
Companies are advised to upgrade their rewall every three to ve
years on average - as they would their servers.
This refresh is not just to ensure the solution in place is o
ering an adequate defence against evolving threats, it is also
about protecting performance. If a company is growing, the
organisation needs a rewall that can handle increased tra c and
prevent bottlenecks.
The Icomm survey revealed the majority of rms acknowledge the
need for this refresh and have plans to carry this out within the
next ve years. The research did reveal, however, that nearly a
third (29%) say they have no plans to, or will never, upgrade their
rewall.
When asked how often they believed they should refresh their
rewall, a quarter (25%) of respondents replied at the end of its
life.
Lomas said: It would be interesting to know when someone thinks
their rewall is broken, as its not a case of checking whether the
lights are on.
If you have a traditional rewall it will not be protecting you
in the same way it was when you bought it - so in my eyes it is
already broken.
Many refresh their firewall every five years
think a firewall doesnt need refreshing
White Paper
Icomm Technologies Limited
45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk
-
Internet Gateway Security: A state of the nation 2014
7
What to consider when upgrading your Firewall
It is not unusual for businesses to acquire their rewall
solution as an add-on, when buying another solution. This one stop
shop approach when procuring one of the key pillars in an
organisations security defences is questionable.
The level of integration a rewall needs with other elements of
the IT infrastructure is limited. Therefore, the purchasing
decision should be independent to any other form of procurement.
Organisations are free to deploy a best of breed solution which o
ers the deep packet inspection, with decryption and anti-evasion
technology, mentioned above.
Lomas said: We would always advocate a consultancy led approach
to rewalls as some vendors do o er a greater depth of solution than
others. For some, security is their main focus but there are others
which are just lling out their portfolios.
Protecting productivity
Organisations should also consider technology trends, such as
the consumerisation of IT and cloud computing, which can impact on
internet bandwidth. Next generation rewalls are capable of
protecting an organisations bandwidth performance by providing a
granular level of control.
This allows organisations to manage behaviour on certain
websites or applications and specify which teams or individuals are
given access. For example, the marketing department may be given
permission to promote the business on consumer websites such as
Facebook and YouTube but at the same time a next generation rewall
can curtail any excessive video streaming or gaming on these
platforms.
At times when there is excessive demand placed on the internet,
a next generation rewall can also take action to protect vital
cloud applications and reduce the bandwidth available to
non-essential functions.
Malecki explains: If an England football game is on, some
companies will be happy to let their sta stream this but if this a
ected bandwidth it could prevent access to essential applications
such as Salesforce.com or another CRM system. A next generation
rewall will, however, allow you to reserve a percentage of the
bandwidth for critical applications to ensure the business remains
productive at these times.
have no plans to upgrade at allhave no plans to upgrade at
allhave no plans to upgrade at all
White Paper
Icomm Technologies Limited
45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk
-
Conclusion
Firewall manufacturers have been forced into taking some great
strides forward in recent years, in response to the nefarious
activities of cybercriminals. But with approximately one in seven
SMBs still likely to be deploying traditional solutions, it is
clear many organisations are still leaving themselves vulnerable to
attack.
Furthermore, as IT consumerisation and cloud computing threaten
to impact on crucial functionality, businesses could well be losing
competitive advantage by not deploying next generation solutions
which protect productivity.
With cyber attacks and internet usage both destined to grow
rapidly in the coming years, the third of businesses who have no
plans to upgrade their rewall will also need to rethink their
approach. Otherwise their performance will su er, or worse still
they could leave themselves at the mercy of increasingly
sophisticated cybercriminals.
For further information and support on refreshing, testing and
upgrading your fi rewall, please get in touch with Icomm
Technologies on 0121 248 7931 or at www.icomm.co.uk
White Paper
0121 248 7931www.icomm.co.uk
Icomm Technologies Limited 45-55 Camden Street, Birmingham, B1
3BP.
Internet Gateway Security: A state of the nation 2014
8