/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsEnterprises traditionally have deployed firewalls as barriers at the network perimeter. The Intention being to Thwart All External Attacks or to block all traffic that was not authenticated or allow access only to specific applications. This Served the Enterprise Security Needs for a while, and kept external compromises at bay. This was a lull before the storm. Hackers were preparing for the next compromise, and this came quite rapidly with the growth of Web Applications – and took toll of the Firewall Architecture.
The growth of Web Applications like HTTP, HTTPS, Instant Messaging, Video/Audio Streaming etc required specific ports to be open on the firewall and thus an opening to launch attacks from inside to Outside. Conventionally Firewall Architecture was built to handle Layer 3 & 4 Decision making, and the new attacks required a control of Layer 7.
The Attacks now were getting more sophisticated – Malicious Codes, Viruses, Spyware’s etc inside Applications and thus could be secured against only by Application Data Analysis – which by the way, requires examining a series of packets For e.g., a .JPG or ActiveXScript is normally contained in hundreds or thousands of packets.
Enterprise security was further getting compromised in terms of Unproductive and Malicious Web Access from Inside, Intellectual property loss via WebMail, Instant Messaging, Bandwidth choking caused by Streaming Video’s/Peer-to-Peer Traffic etc.
All this increasingly meant that Enterprise Security needed to quickly understand Application Layer or Content Threats. An Integrated Security Solution that granularly controls User Access to Authorised Content/Application, Control Malicious or unproductive URL’s, Control IM, P2P, Spyware, Media etc and provide AntiVirus Control was the need of the hour for these content threats control. Another important consideration is the Speed with which this Security can be implemented – as early implementation on Firewalls landed up introducing unacceptable latency in the Internet traffic and hence quickly reneged by users.
Enter the Secure Proxy Appliance, which traditionally catered to Internet User Access Control, Internet Acceleration, Content Intelligence, Monitoring and Reporting. The Proxy Appliances harness this Intelligence to Control and Secure the Content.
The Industry parallely was designing a protocol to provide an Integrated AV approach, and froze on ICAP (Internet Content Adaptation Protocol). Leading AV Engines like McAfee, Kaspersky, Sophos & Panda now offer an Integrated Security and AV Solution based on ICAP in conjunction with Secure Proxy Appliances, like The BlueCoat ProxySG and ProxyAV at Near Wire-Speeds.
These High Performance Secure Proxy Appliances are thus increasingly becoming a popular choice in an Enterprise to Complement the Firewall to avoid not only the above-mentioned threats but also for newer Security Challenges like HTTPS. As HTTPS works on Port 443, and is the preferred choice for Secure Financial/ Intranet Applications (and hence open in a firewall), it has virtually become a backdoor to all threats, discussed earlier.
Secure Proxies are the Only Network Security Devices that have the ability to terminate the HTTPS (or SSL) request. No other Network Device like a Firewall /IPS/IDS has this capability. Termination by a proxy is the only way to gain visibility and control of SSL communications. It provides a critical control point for protection (against viruses, worms, spyware, and phishing), policy (manage the who, what, where, when, and how of user/application interaction), and performance (cache, compress, and prioritize traffic).
The Power of the Secure Proxy has hence achieved great acceptance and destined for a mandatory status as an Integrated Gateway Offering for a Complete Security Solution in an Enterprise Network.
The author is Mr Lim Pun Kok, Managing Director – Asean / ANZ, Blue Coat