Advertisment

"Firewalls will soon be history"

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Firewalls and security software products are a must for enterprises to help them deal with the deluge of attacks from spammers, hackers and viruses.

Advertisment

However, deploying firewalls and other security software products in enterprises, will soon be thing of past, forecasts Chandra Kopparapu, vice-president sales, Asia Pacific, Foundry Networks.

“If I need a firewall and a switch, why do I need separate boxes for them? Why can't someone make a single box that has both?” asks Kopparapu.

Drawing an analogy with a one-arm router, Kopparapu says that companies in past made a lot of money and a lot of products around a one-arm router. “But not anymore. The same thing will happen with firewalls", contends Kopparapu.

Advertisment

In an interaction with Idhries Ahmad of CIOL, Kopparapu explains the trends in network security domain, and how organizations can consistently foresee a security threat and come up with a solution to tackle that.

Kopparapu also has a word or two for CIO's to deal with serious security threat posed by insiders rather than external hackers to organization’s assets. Excerpts:

CIOL: One of the biggest problems for enterprise is how to foresee a threat and come up with a solution? How can an enterprise be able to do that consistently?

Advertisment

Chandra Kopparapu: In order to solve this problem, you need to know what you don't know -- this means research, investment, proper due diligence and time-and-effort. There are thousands of security products and solutions out there. Thousands more are waiting to be invented. Keeping up with and understanding all of them takes a lot of work.

Determining which solutions are important to your network and which are not, also takes a lot of work. Every network is different with different security needs and different security priorities, and this is the reality enterprises face.

 
Advertisment

There is no "silver bullet" in security where one product will protect your network from all threat today and in the future.

CIOL: Contrary to common belief, insiders, rather than external hackers, pose the most serious threats to an organization’s assets. How does Foundry Networks look at the threat?

CK: The best protection to insider threats is having multiple layers of security. Here are some suggestions. Enable 802.1x authentication on your ports from where insiders access your network. Use a NAC or NAP or some sort of admission control solution. There are many out there to choose from.

Advertisment

Enforce anti-virus policies on every device used by your insiders. This can be through anti-virus software on devices or by some IPS or IDS in your network. Enable all or any DOS protection on your network. There are lots of DOS protection features embedded into switches and routers, so use them.

Chandra Kopparapu, vice-president sales, Asia Pacific, Foundry Networks.CIOL: Foundry Networks has this interesting assumption about “firewalls and software products” becoming outdated soon. Can you explain how is that going to happen since firewalls and other software products have become part and parcel of every enterprise network?

CK: Use the precedence set by the one-arm router. There was a time when companies made a lot of money and a lot of products around a one-arm router. Not anymore! The same thing applies to firewalls. If I need a firewall and a switch, why do I need separate boxes for them? Why can't someone make a single box that has both?

Advertisment

This is the approach Foundry has adopted with its embedded security capabilities that are built into all switches, and SecureIron LAN switches and perimeter traffic managers.

It is designed to deliver application level intelligence and security protection throughout the enterprise network, including at the network perimeter and inside the LAN.

CIOL: What does Foundry’s SecureIron Family bring to the table that secures enterprise network?

Advertisment

CK: Foundry's SecureIron solution is designed to deliver application level intelligence and security protection throughout the enterprise network, including at the network perimeter and inside the LAN.

The solution consists of two distinct product families –SecureIron perimeter traffic managers for security augmentation and traffic optimization at the enterprise perimeter; and SecureIron LAN switches for inside the LAN protection against emerging threats from within the enterprise network from malicious users and machines.

 

The SecureIron family of products is the first-of-a-kind to embed security features into the network switch for total integration of security into the infrastructure throughout the enterprise. The switches feature Layer 2 through Layer 7 intelligence to protect against many forms of network and application level attacks at multi-gigabit speeds to deliver unparalleled security performance at LAN rates.

At the perimeter, the SecureIron traffic managers deliver critical security augmentation to traditional firewalls and optimize application performance by maximizing utilization of ISP WAN bandwidth and firewall capacity with advanced traffic management features.

CIOL: Can you share in detail some of the trends that you have been seeing in network security domain?

CK: NAC, NAP, IDS, IPS, DOS protection, email filtering, etc., things like these are well publicized and have already attracted lots of attention from vendors, customers, users, etc.

However, all this attention is necessary because these are critical security issues and all need to be addressed in any enterprise network. What about some under-appreciated network security threats? What parts of the network are we lacking protection? One area is location-based security.

Knowing where a security threat is physically located now and knowing where it has been and tracking its location as it moves. It's one thing to detect a security threat. It's also one thing to mitigate a security threat. However, the real objective should be to remove security threats. This can only be accomplished if you can physically locate it. I predict a big trend toward new security products and solutions to do this.

tech-news