Perimeter Security Today
Threats to your network continue to evolve. And defensive software and appliances that you can deploy to defend your network, and the assets that are available through your network, are becoming more complex. The typical approach to dealing with new security threats is to add layers of security. Defense in depth is a basic approach to network security, but it adds complexity by adding gateways that must often be managed and configured separately. The complexity of the system can slow your ability to react and respond to a threat.
Traditional network perimeter security uses stateful firewall protection and intrusion prevention tied to an enterprise business policy. This type of enforcement works well against known threats. The emergence of next-generation firewalls combined with unified threat management (UTM) has allowed a more granular degree of filtering. These integrated security functions expand security measures beyond basic stateful firewall filtering. However, the security policies must be manually configured and maintained in most cases.
The threat landscape has evolved. Attackers have migrated from using broad, unfocused tactics and are now creating specialized malware that attacks specific targets or groups of targets. Often, the goal of these attacks is to embed malware in the target’s infrastructure and continue the attack, without detection, over long periods. If malware infiltrates a rich target, it can carry out a wide range of undetected malicious activities over months or years, including data theft, espionage, and disruption or destruction of infrastructure and processes. While methods vary, the commonality of these specialized attacks is that they are designed to avoid detection by mainstream security technologies, such as antivirus, firewalls, and content inspection gateways.
To respond more quickly to evolving network security threats, the next-generation firewall must adapt dynamically in real time. The next-generation firewall needs access to external threat detection systems that are updated dynamically with information about new and evolving threats. With access to dynamic threat data, security policies can adapt and evolve over time without manual intervention.