Category Archives: Firewall

ACCELERATE 2018 – A MILESTONE FOR FORTINET

Accelerate 18 began with a series of keynotes to a capacity crowd of Fortinet partners, sales people, and for the first time, customers. Beyond the expected executive addresses and other talks and workshops, Fortinet announced the evolution of our Security Fabric architecture – and more importantly – demonstrated how Fortinet is uniquely positioned in the industry to deliver the next generation of network security.

Two years ago, Fortinet announced the Fortinet Security Fabric, our vision for the future of security designed for today’s distributed, scalable, and adaptive networks. It was the first security approach designed from the ground up to span the entire network from IoT to multi-clouds as a single, integrated, and highly automated security system.

Unlocking Digital Transformation

The theme for this year’s Accelerate conference is “strength in numbers.” Patrice Perche, Fortinet’s Senior Executive Vice President for worldwide sales and support, kicked off the day by reviewing the numbers from 2017 that reinforced our leadership and relevance. For example, we’re the most deployed security solution in the world, and Fortinet has strong market momentum, positioned for robust future growth. He added that Fortinet has a market-shaping impact on assisting enterprises as they secure their evolving digital infrastructures. The Security Fabric gives us a unique position from which to address all major security markets today, including digital transformation, OT and critical infrastructure, IoT/OT, and the cloud. In fact, we’re the only vendor capable of addressing all of those markets at the same time.

Data must be protected as it passes between systems, applications, devices, and the multi-cloud and be located at every point of data interaction. That is impossible to achieve using traditional, legacy security devices and platforms. There are five major areas that cybersecurity needs to address in order to enable a successful digital transformation.

  • First, security needs to shift from defending a fixed perimeter to protecting data across the extended network.
  • Second, security needs to extend to OT networks that are transitioning from proprietary protocols to IP and Windows-based controllers.
  • Third, multi-cloud is amplifying the security challenge by limiting visibility, creating security blind spots, and disconnecting cloud-based security from the central enterprise network.
  • Fourth, organizations need help complying with regulatory requirements to protect data and privacy in complex and evolving infrastructures.
  • Finally, threat intelligence must evolve quickly by leveraging machine learning and AI to enable faster automation in fighting attacks and reducing dwell time.

Patrice finished by emphasizing that strength in numbers is about more than just technologies and market share. No one organization can deliver holistic security alone, which is why we need channel partners, services providers, technical and Fabric-ready partners, certified Network Security Experts, security academies, government CERTs, third-party testing, threat sharing like CTA, and more, all working in concert to collectively secure us all. And Fortinet and the Fabric are at the heart of all of this.

The Future of Security

Ken Xie, Fortinet’s Founder, Chairman of the Board, and Chief Executive Officer, then took the stage to discuss the evolution of security and what it means to organizations today. He began by explaining that the internet was built over 40 years ago to provide point-to-point connections between a few dozen government entities and universities operating in a trusted environment, but that 95% of the traffic crossing the internet today no longer fits what it was originally designed for.

Today, however, we have entered an era of hyperconnectivity, where IoT, OT, and multi-cloud are combined with interconnected endpoints and applications to disrupt industries and create new business models. Data and content are now the planet’s most valuable assets, and the amount of data we are generating has grown 45X over the last decade, and is set to double every two years.

The first generation of network security started about 25 years ago and was focused on securing basic network connections. Then 17 years ago Fortinet pioneered the second generation of network security to secure the applications and content inside permitted connections in order to detect and remove malware. Since then, network infrastructure has continued to undergo radical change. Networks no longer have permanent borders, which also means that the majority of data no longer stays inside the company’s network or on the servers or devices protected by the firewall. Instead, you have to protect every point across the entire digital attack surface. This requires a third generation of security integrated together through a common fabric.

Every security solution deployed in the Security Fabric works together to share and correlate threat intelligence, detect advanced threats, automate responses and provide continuous trust assessment through a combination of physical and virtual appliances and Fortinet-hosted or public cloud services. This approach has leapfrogged the competition with the most innovative, highest performing network security strategy in the world, enabling Fortinet customers to securely compete in the connected network economy.

The Fortinet Security Fabric

John Maddison, Fortinet’s SVP, Products and Solutions, then walked attendees through many of the new innovations in FortiOS 6.0, the latest flagship release of the industry’s most widely deployed network security operating system, as well introducing FortiGuard AI and the new FortiGate 6000 series to event attendees.

He began by explaining that there are exponentially more devices and applications attached to the network than even just ten years ago, and that software-defined networks have become the norm, which means that everything is connected to everything else and data flows dynamically across an increasingly hyperconnected web of networked devices.

The resulting complexity means organizations can’t keep adding new security devices to their network. Instead, this dynamic digital attack surface requires an adaptive security framework:

John provided details about the newly announced FortiOS 6.0, with more than 200 new features, to better protect digital organizations. Highlights include:

  • New security capabilities across the key solution areas within the Security Fabric architecture, including management and analytics, multi-cloud, network, advanced threat protection, unified access, web applications, email, IoT and endpoint security.
  • Business, network and entity level tagging functionality to enable business precise segmentation, providing the critical building blocks for intent-based network security.
  • New automated lifecycle workflows, attack surface hardening services, with customized ranking and industry benchmarking, to deliver the next level of NOC/SOC management.
  • Industry-leading secure SD-WAN functionality, threat detection services, and expanded visibility from IoT to multi-cloud networks to protect the vast attack surface resulting from digital transformation (DX) strategies.

FortiGuard Artificial Intelligence

Fortinet’s latest advances in AI extend traditional AV protection to include detecting unknown malware by leveraging Fortinet’s Self-Evolving Detection System (SEDS) that uses an advanced hybrid data mining approach combined with behavioral analysis and machine learning to detect advanced malware and malware features, allowing it to achieve high accuracy and low false positive at the speeds today’s networks require.

FortiGate 6000 Series

Finally, John walked the audience through the recently announced family of enterprise edge NGFW appliances, the FortiGate 6000 series. These appliances utilize our most advanced security processing technology, making them the first 100 Gps NGFW solutions on the market.

The Security Renaissance

The day’s keynote sessions were wrapped up by Phil Quade, Fortinet’s CISO. In his presentation, Phil made a strong case for the need for a new approach to security, or a “Security Renaissance.” This renaissance is necessary because data is the new “oil” driving the digital industrial revolution, and it needs to be vigorously protected.

The challenge is that not only are the infrastructures that need protecting undergoing transformation, the threat has changed as well: threat actors have changed, exploitation tools developed by nation states are available to everyone; wireless, mobility, and the cloud have changed how and where we implement defenses; and now things like quantum computing require us to even rethink the relative security of things like asymmetric encryption.

Fortunately, AI has matured along with networks, which means that automation and integration technologies can be more easily woven into things like orchestration, ongoing machine learning to refine outcomes, and the distributed Security Fabric. This approach allows dynamic micro and macro segmentation to replace traditional boundary defenses, which in turn enable business coalitions that were previously deemed unsafe, prevent compromise in highly dynamic and distributed environments, and limit the scope of a breach if the network is compromised.

Our FortiGuard AI announcement shows just how much further down the path Fortinet is than any of our competitors in making AI-based security real, allowing us to address sophisticated, multi-vector threats spread across a distributed landscape through security orchestration empowered by machine learning. Built on a foundation of speed and integration, we have now put in place the building blocks to truly achieve the vision of machines executing the intent of humans, providing new insights across organizations and increasing overall security by sharing data and mitigations in cyber-relevant time.

Warning – 3 Popular VPN Services Are Leaking Your IP Address

Researchers found critical vulnerabilities in three popular VPN services that could leak users’ real IP addresses and other sensitive data.

VPN, or Virtual Private Network, is a great way to protect your daily online activities that work by encrypting your data and boosting security, as well as useful to obscure your actual IP address.

While some choose VPN services for online anonymity and data security, one major reason many people use VPN is to hide their real IP addresses to bypass online censorship and access websites that are blocked by their ISPs.

But what if when the VPN you thought is protecting your privacy is actually leaking your sensitive data and real location?

A team of three ethical hackers hired by privacy advocate firm VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate—with millions of customers worldwide were found vulnerable to flaws that could compromise user’s privacy.

The team includes application security researcher Paulos Yibelo, an ethical hacker known by his alias ‘File Descriptor’ and works for Cure53, and whereas, the identity of third one has not been revealed on demand.

PureVPN is the same company who lied to have a ‘no log’ policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case.

After a series of privacy tests on the three VPN services, the team found that all three VPN services are leaking their users’ real IP addresses, which can be used to identify individual users and their actual location.

Concerning consequences for end users, VPN Mentor explains that the vulnerabilities could “allow governments, hostile organizations [sic], or individuals to identify the actual IP address of a user, even with the use of the VPNs.”

The issues in ZenMate and PureVPN have not been disclosed since they haven’t yet patched, while VPN Mentor says the issues discovered in ZenMate VPN were less severe than HotSpot Shield and PureVPN.

The team found three separate vulnerabilities in AnchorFree’s HotSpot Shield, which have been fixed by the company. Here’s the list:

  • Hijack all traffic (CVE-2018-7879) — This vulnerability resided in Hotspot Shield’s Chrome extension and could have allowed remote hackers to hijack and redirect victim’s web traffic to a malicious site.
  • DNS leak (CVE-2018-7878) — DNS leak flaw in Hotspot Shield exposed users’ original IP address to the DNS server, allowing ISPs to monitor and record their online activities.
  • Real IP Address leak (CVE-2018-7880) — This flaw poses a privacy threat to users since hackers can track user’s real location and the ISP. the issue occurred because the extension had a loose whitelist for “direct connection.” Researchers found that any domain with localhost, e.g., localhost.foo.bar.com, and ‘type=a1fproxyspeedtest’ in the URL bypass the proxy and leaks real IP address.

Here it must be noted that all the three vulnerabilities were in the HotSpot Shield’s free Chrome plug-in, not in the desktop or smartphone apps.

The researchers also reported similar vulnerabilities in the Chrome plugins of Zenmate and PureVPN, but for now, the details of the bugs are being kept under wraps since both the manufacturers have not yet fixed them.

Best Practices: Deploying an Effective Firewall

In early August, malware infiltrated the computer network and systems of a transmission plant in North Carolina. It was a potentially costly attack, as the factory stood to lose $270,000 for every hour that it wasn’t manufacturing and shipping its automotive parts to plants across the U.S. Fortunately, the facility had a firewall standing between the factory’s crown jewels and hackers, blocking the malware when it tried to exit their network.

Just like the structure they were named after, firewalls are the first line of defense against cybercriminals. They check, control, and block incoming or outgoing network traffic. Data traversing in and out of your systems must first pass through the firewall, scrutinizing them or blocking them if they don’t meet specified criteria.

But maintaining your company’s firewall can be daunting especially if the network it protects has arrays of clients, endpoints, servers, and other devices, each of which has their own connection requirements. If improperly managed or deployed, a firewall can leave gaps in your organization’s security that attackers can use to infiltrate your network. Gartner even projected that in the next three years, 99% of firewall breaches would be caused by misconfigurations.

Firewalls serve as your first line of defense: they scrutinize inward or outbound traffic for any malicious content as per your rules.

There is no panacea for building a hacker-proof firewall, but there are things that can be done to streamline its management. Every organization has unique and specific requirements but these can provide you with a starting point for managing your firewall—so you and your company don’t get burned.

What firewall fits you?

Firewalls can be network or host-based. Network firewalls are arrayed on the gateways—computers routing traffic from a workstation to an external network—such as those within local and wide area networks (LANs/WANs) or intranet. Host-based firewalls, which became significant when it was integrated into Windows XP back in 2004, are positioned in communication endpoints and part of your operating system (OS) or security application.

They vary depending on where communication originates and where it is inspected and intercepted. Weigh your options and define your security needs. What do your networks and systems require? What kind of transactions transpire within your networks? Will they have the resources to run it? Who will manage your firewall? Will it be enough to contain and prevent incursions?

Enforce the principle of least privilege

The same concept applies when deploying firewalls. Applying the principle of least privilege reduces the firewall’s attack surface. Deny all incoming and outgoing traffic by default first, then build up your rules by enabling only the services whose traffic you want in and out. Disable services or software that aren’t needed and limit the applications that run on the firewall.

Strengthen your firewall rules

Periodically spring-clean your firewall’s policies to maximize its performance and eliminate conflicting rules. But more importantly, it lets you audit your firewall’s architecture and streamline it if needed.

The SANS Institute has a checklist of rulesets that can serve as your benchmark. Ensure that your firewall enables anti-spoofing filters and user and management permission rules, i.e., allowing HTTP to a public web server or Simple Network Management Protocol (SNMP) traps to network management servers. Make your firewall more efficient by running noise rules—dropping unwanted traffic. Rules that notify IT/system administrators of suspicious traffic are recommended. Log the traffic for analysis; back these logs up and store them in secure repositories.

Is your firewall application-aware?

An effective firewall doesn’t just involve creating the right policies, but also proactively analyzing the connections and filtering packets of data that pass through it. Ensure that your rules can identify the conditions within the connection, predict what it will entail, and detect disruptions in a normal connection. You can use these as your starting points when filtering traffic: direction, (inbound/outbound), protocol (TCP/UDP/ICMP/ICMPv6), as well as destination computer and ports.

Many of today’s software and applications don’t employ standard ports—nodes of communication for a specific process or service. Many malware also use them as entry points: WannaCry, and the other malware after it—UIWIX ransomware and certain cryptocurrency-mining malware—used Port 445. Enforce port restrictions, but balance the business need to access certain services. The SANS Institute also has a checklist of ports that can be blocked. It’s also recommended that your firewall can inspect and classify the traffic by applications on the ports that you permit, open or use.

Keep everyone in the loop

Make sure that administrators, risk/compliance managers, and information security professionals who maintain the firewall know the policies configured. Opening a port can contradict corporate or security policy, for instance, and in-house application developers or those provisioning certain services may also request changes to firewall policies. Make sure that everyone is in the loop and following good documentation practices. Define the purpose of opening a new port or what the new rule is for, and who will be affected by the changes. These considerations help mitigate misconfigurations and conflicting rules in your firewall.

Firewalls should be part of defense in depth

As hackers and threat actors fine-tune their attacks, so must the technologies that protect the data and systems they’re after. Firewalls are also now being incorporated with other functionalities such as deep packet inspection—which examines the packet of data for malware and other defined policies—as well as intrusion prevention and detection systems.

Firewalls can be an effective preventive measure against threats, but they shouldn’t the only layer of protection. Firewalls can’t protect you from email-based threats and unauthorised access to devices, for instance. While they help secure your networks and systems by validating and blocking suspicious traffic, they are just a starting point for building your organization’s cybersecurity defenses.

Best business firewalls: Which firewall is suitable for your business?

Best business firewalls: Which firewall is suitable for your business?

There are countless options to choose from when considering firewall protection. Should you invest in an external firewall, stick with a virtual firewall or take the plunge with both?

The firewalls listed here cater to most sizes of organisation, from small businesses that only require virtual firewalls to larger enterprises that should house external firewall hardware.

With recent data breaches highlighting the importance of securing your network, IT Monteur Firewall Firm investigates the best firewalls on the market for every business’ first line of defence.

Firewalls – Buyer’s Guide and Reviews – March 2018

A10 Networks
A10 Networks Thunder CFW
Barracuda Networks
Barracuda Networks NG Firewall
Check Point
Check Point Power-1
Check Point
Check Point UTM-1
Check Point
Check Point VPN-1
Check Point
Check Point VSX
Cisco
Cisco Sourcefire Firewalls
Cisco
Cisco ASA
Cisco
Meraki MX Firewalls
Cisco
Cisco Firepower NGFW
Cisco
Cisco ASAv
Fortinet
Fortinet FortiGate
Fortinet
FortiGate-VM
GFI
Kerio Control
Hewlett Packard
Enterprise
3Com H3C Firewall
Hillstone Networks
Hillstone E-Series
Hillstone Networks
Hillstone T-Series
Hillstone Networks
Hillstone X-Series Data Center Firewalls
Hillstone Networks
Hillstone CloudEdge
Intel Security
Intel Security StoneGate
Intel Security
Intel Security Firewall Enterprise MFE
Juniper
Juniper SRX
NetFortris
NetFortris Hosted Firewall
NetFortris
NetFortris Threat Analyzer
OPNsense
OPNsense
Palo Alto Networks
Palo Alto Networks WildFire
Palo Alto Networks
Palo Alto Networks VM-Series
pfSense
pfSense
SonicWall
SonicWall TZ
SonicWall
SonicWall NSA
Sophos
Sophos Cyberoam UTM
Sophos
Sophos UTM
Sophos
Sophos XG
Stormshield
Stormshield Network Security
Trustwave
Trustwave Firewalls
Untangle
Untangle NG Firewall
WatchGuard
WatchGuard XTM
WatchGuard
WatchGuard Firebox
Zscaler
Zscaler Web Security

Top Firewalls Solutions

1 Fortinet FortiGate
The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal
segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key
components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats
throughout the entire network
2 Cisco ASA
Adaptive Security Appliance (ASA) is Cisco’s end-to-end software solution and core operating system that powers the Cisco ASA
product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades,
standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and
allows end-users to access information securely anywhere, at any time, and through any device.Adaptive Security Appliance is
also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security
solution.
3 Sophos UTM
The global network of highly skilled researchers and analysts, protecting businesses from known and emerging malware – viruses,
rootkits and spyware.
4 pfSense
Providing comprehensive network security solutions for the enterprise, large business and SOHO, pfSense solutions bring
together the most advanced technology available to make protecting your network easier than ever before. Our products are built
on the most reliable platforms and are engineered to provide the highest levels of performance, stability and confidence.
5 Palo Alto Networks WildFire
WildFire™ cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive
zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and
static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and
prevent even the most evasive threats.
6 Sophos Cyberoam UTM
Cyberoam Unified Threat Management hardware appliances offer comprehensive security to organizations, ranging from large
enterprises to small and branch offices. Multiple security features integrated over a single, Layer 8 Identity-based platform make
security simple, yet highly effective.
7 SonicWall TZ
The secure, sophisticated SonicWALL TZ is widely deployed at small businesses, retail, government, remote sites and branch
offices. It combines high-performance intrusion prevention, malware blocking, content/URL filtering and application control.
8 Meraki MX Firewalls
With the proliferation of modern applications and mixed-use networks, host and port based security is no longer sufficient. Cisco
Meraki’s layer 7 “next generation” firewall, included in MX security appliances and every wireless AP, gives administrators
complete control over the users, content, and applications on their network.
9 WatchGuard XTM
Small businesses need big security, too, and the WatchGuard XTM Series firewall/VPN appliances deliver that strong protection Ð
but without the hefty price tag. Enterprise-grade security includes full HTTPS content inspection, VoIP support, and optional
security subscriptions like Application Control and Intrusion Prevention Service.
10 Juniper SRX
High-performance security with advanced, integrated threat intelligence, delivered on the industry’s most scalable and resilient
platform. SRX Series gateways set new benchmarks with 100GbE interfaces and feature Express Path technology, which enables
up to 1 Tbps performance for the data center.

For more details just call or email us on
Phone:+91 120 649 8887
Email: sales@itmonteur.net

SONICWALL RECOGNIZED ON CRN’S 2018 SECURITY 100 LIST

 

This project recognizes the coolest security vendors in each of five categories: Endpoint Security; Identity Management and Data Protection; Network Security; SIEM and Security Analytics; and Web, Email and Application Security. The companies on CRN’s Security 100 list have demonstrated creativity and innovation in product development as well as a strong commitment to delivering those offerings through a vibrant channel of solution providers.

In addition to recognizing security technology vendors for outstanding products and services, the Security 100 list serves as a valuable guide for solution providers trying to navigate the IT security market. The list aids prospective channel partners in identifying the vendors that can best help them improve or expand their security offerings.

“The core elements of today’s businesses, both large and small, depend upon robust and reliable cybersecurity solutions,” said Bob Skelley, CEO of The Channel Company. “Unprecedented streams of data, the sweeping transition to cloud computing, vast networks of wireless systems, the rapidly growing Internet of Things—all these advances necessitate increasingly complex and adaptive security measures. CRN’s 2018 Security 100 list recognizes top vendors that are meeting this extraordinary demand with the most innovative security technologies on the market, enabling businesses to grow uninterrupted.”

This announcement comes just 24 hours ahead of the launch of the 2018 SonicWall Cyber Threat Report. This premier cyber security industry report puts you a step ahead of cyber criminals in the global cyber war, empowering you with proprietary security data, global knowledge and latest trends, gathered and analyzed by our leading-edge SonicWall Capture Labs Threat Network. The 2018 Cyber Threat Report is available on March 6.

Fortinet founder sees network security in the bigger picture

When Ken Xie  was a student at Stanford University in the early 1990s, the network security world was a different place. Security was based on software firewalls running on personal computers and servers, which Xie capitalized on with his first company — Systems Integration Solutions, Inc. As the computer industry matured, Xie realized that firewalls were not enough, so he founded a second firm, NetScreen Technologies Inc., to leverage hardware and virtual private network technologies for stronger defense.

By 2000, it became clear that growing security threats would demand a whole different approach. After selling NetScreen to Juniper Networks Inc. for $4 billion, Xie embarked on his latest venture to transform the security world — Fortinet Inc. As the company’s founder, chairman and chief executive officer, Xie has come to appreciate a new reality in network security: that the best solution is to leverage automation and an approach that takes into account the entire infrastructure because the attack surface has become huge and highly complex.

“Nowadays the data no longer sits inside a company,” Xie said. “They go to the mobile device, they go to the cloud, they go to the ‘internet of things.’ It’s everywhere. So that’s where the security also needs to change for all the important data to be secure within the whole infrastructure.”

Xie stopped by the set of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Fortinet Accelerate event in Las Vegas, Nevada, and spoke with co-hosts Lisa Martin (@LuccaZara) and Peter Burris (@plburris). They discussed Fortinet’s approach to securing the infrastructure and opportunities presented by changing data protection needs around the globe. (* Disclosure below.)

Automated solutions provide speed and visibility

Fortinet revealed the next generation of its Security Fabric architecture this week with the release of FortiOS 6.0. The network security operating system includes new security capabilities for multicloud, web applications, email and IoT.

The new release also includes automated lifecycle workflows and expanded visibility across the vast attack surface of the infrastructure. “Today in the enterprise, 90 percent of connections go through Wi-Fi now,” Xie said. “That’s difficult to manage. To handle the cybersecurity space, you have to be able to quickly react to change on the internet, on applications.”

With Europe’s General Data Protection Regulation scheduled to go into effect in less than three months, Fortinet also announced the FortiGuard Security Rating Service to provide customized network auditing and on-demand compliance reports.

“GDPR is a great opportunity to keep expanding the security space and make it safer for the consumer, for the end-user,” Xie concluded.

 

 

Check Point introduces a new cloud security product family

Check Point Software Technologies Ltd. has announced the CloudGuard product family to protect enterprises from Gen V cyber attacks on cloud applications and infrastructure. The company is also introducing CloudGuard SaaS protecting enterprises against cyber attacks on SaaS applications. CloudGuard is a part of the Check Point Infinity architecture, built on industry-proven and award-winning technologies to provide comprehensive Gen V cyber protection for the cloud.

Enterprise cloud adoption is accelerating, enabling greater business agility and efficiencies through both deployment of hybrid cloud infrastructures like Amazon Web Services, Microsoft Azure and VMWare NSX; and migration to cloud-based applications such as Microsoft Office365, Google G-Suite, Salesforce, ServiceNow, Slack, Box, Dropbox, Egnyte and more.

There is also an increase in multi-vector attacks on cloud workloads and cloud applications including malware, as well as increasing incidences of account hijacking.

According to Check Point research, half of all breaches of enterprise SaaS applications are the result of account hijacks.

“Security is continually cited as a key barrier to wide-spread enterprise cloud adoption,” said Gil Shwed, CEO at Check Point. “Our new CloudGuard product family provides consistent and comprehensive threat prevention for cloud based SaaS applications and infrastructure workloads.”

CloudGuard SaaS is an industry-first set of technologies designed to provide advanced security and threat prevention for software-as-a-service (SaaS) applications. CloudGuard SaaS also prevents account hijacking, using patent-pending ID-Guard technology.

Key security features include:

  • Zero-day Threat Protection: Prevents APTs and unknown zero-day malware from infecting content in SaaS applications using real-time sandboxing, ransomware protection, anti-bot technologies and real-time cloud-based threat intelligence.
  • Identity Protection with ID-Guard (patent-pending) technology: Identifies and blocks threat actors or impostors to access SaaS accounts, and blocks unauthorized users and compromised devices.
  • Data Protection: Automatically forces encryption of sensitive data, and blocks and quarantines unauthorized sharing of sensitive files.

“After migrating our organization to Office365 and OneDrive, we searched for a comprehensive cybersecurity solution to protect them and decided on Check Point CloudGuard,” said Amir Shay, Security Officer, Neopharm Group. “Since adopting CloudGuard SaaS, it has blocked numerous attacks on our applications, including account takeover, phishing and ransomware attacks.”

CloudGuard IaaS, formerly vSEC and now a member of the CloudGuard family, CloudGuard IaaS provides advanced Gen V security/threat prevention of attacks on infrastructure and workloads for all leading public and private cloud platforms including: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Cisco ACI, OpenStack, VMware NSX, VMware Cloud on AWS, VMware ESX, Alibaba Cloud, KVM, Hyper-V and more.

“With cloud adoption at an all-time high, cloud security is clearly a major concern for most enterprises,” said Doug Cahill, group director and senior cybersecurity analyst at market research firm, Enterprise Strategy Group. “As enterprises evaluate cloud security solutions, they must look to offerings like Check Point’s CloudGuard family of security solutions that not only provide advanced threat protection, but also keep applications, infrastructure and data in the cloud safe.”

Gen V cyber attacks are defined as large scale and fast moving attacks across mobile, cloud and on-premise networks. These sophisticated attacks easily bypass the conventional, static detection-based defenses being used by most organizations today.

With the shared ownership of assets in the cloud between cloud provider and end user, knowing who is responsible for security is often unclear, and can lead to additional confusion. CloudGuard is the industry’s only complete family of cloud security solutions focused on advanced threat prevention and keeping enterprise cloud applications, infrastructure and data protected from Gen V cyber attacks.

Check Point CloudGuard IaaS is available immediately; CloudGuard SaaS will be available in early Q2’18.

Palo Alto Networks unveils cloud security offering

At its recent Epic Cloud Security Event,  Palo Alto Networks showcased how it is infusing new cloud capabilities into its Next-Generation Security Platform designed to prevent successful cyberattacks in the cloud. The forthcoming advancements, introduced during the event, will provide customers operating in hybrid and multi-cloud environments with a comprehensive, consistent security offering that integrates directly with cloud infrastructure and workloads.

In an upcoming study conducted by ZK Research, 86 percent of respondents indicated that their organization stores and manages data across multiple cloud infrastructure providers. Maintaining a consistent and effective security posture in these multi-cloud environments becomes especially cumbersome because the security capabilities that are native to cloud providers can only be configured to protect the infrastructure for which it was developed. These native capabilities must also be supplemented for effective cyber breach prevention, and failure to do so could leave an organization vulnerable to data loss or exposure.

The cloud evolution demands a new model of cybersecurity that is specifically designed to address its nuances; provide frictionless deployment and management of effective security capabilities; and enable security, operations, networking and development teams to meet the demands of agile organizations.

Customers of Palo Alto Networks benefit from consistent security for modern cloud environments, including:

  • Consistent protections across locations and clouds: Palo Alto Networks Next-Generation Security Platform will extend cloud workload protections to the Google Cloud Platform, in addition to enhanced capabilities for AWS and Azure environments.
  • Cloud-resident management: Panorama network security management will be supported in all major clouds, offering simplified and centrally managed deployment and management for all Palo Alto Networks next-generation firewalls and VM-Series virtualized next-generation firewalls, regardless of form factor or location.
  • Automation integrations for frictionless workflows in multi-cloud environments: Enhanced auto-scaling for AWS and added support for Azure Security Center and Google Cloud Deployment Manager will simplify security deployments and enable scaling based on changing cloud demands. Integrations with Terraform and Ansible will automate workflows and policy management.
  • Continuous data security and compliance for all three major clouds: New protections will be provided by Aperture security service to enable discovery and monitoring of cloud resources, guard against sensitive data loss, enable monitoring for risky or suspicious administrator behavior, and provide additional protection against security misconfigurations and malware propagation.
  • Prevention of zero-day attacks: Traps advanced endpoint protection will prevent zero-day attacks for Linux workloads across all major clouds, in addition to the existing support of Windows workloads.

 

Gajshield DLP Firewall

GAJSHIELD Next Generation Firewall Unique Context Sensitive Network based Data Leak Prevention System with Cloud Security

GAJSHIELD Next Generation DLP Firewall
Unique Context Sensitive Network based Data Leak Prevention System with Cloud Security

GAJSHIELD DLP Firewall

Next Generation DLP Firewall

Unique Context Sensitive Network based Data Leak Prevention System with Cloud Security

GajShield’s layered security platforms are designed to provide in depth protection against various attacks by tightly integrating key security functions and to securely connect remote offices and partners. GajShield Network Security Appliances combines ICSA Certified Firewall, IPS, VPN, URL Filtering, Virus screening and Bandwidth Management in a single appliance to provide in depth protection at the network edge.

ICSA Certified

  • User Sense UTM – Policy combination of User, Source, IP
  • address and Service
  • Policy based control for Firewall, IPS, URL Filtering,
  • Anti-virus, Anti-spam, DLP and Bandwidth Management
  • Access Scheduling
  • Policy based Source & Destination NAT
  • H.323 NAT Traversal, 802.1q VLAN Support
  • DoS, DDoS, Syn Flood Attack prevention

For SOHO specification

GS 15nu GS20nu
Firewall
– Concurrent Sessions 190000 3300000
– New Sessions/Second 5100 28000
– Firewall Throughput 230 Mbps 3.2 Gbps
– VPN Throughput 100 Mbps 325 Mbps
– UTM Throughput 170 Mbps 280 Mbps
– Antivirus Throughput 140 Mbps 450 Mbps
– IPS Throughput 160 Mbps 720 Mbps
– VPN Tunnels 25 550
– Configurable WAN / DMZ / LAN ports Yes Yes
– 10/100 Interfaces 4 4
– 10/100/1000 Interface

For SME

GS 80nu

GajShield ‘GS 40dc’ provides content aware data context, which helps you to secure your enterprise beyond next generation firewalls. The GajShield 40dc appliance is targeted at high speed Internet security device for SOHO/SMB. The 40dc appliance manages gigabit traffic with content aware data context platform providing enterprise grade security even to the smallest enterprise.

GS 40d c FEATURES SPEC IF ICAT IONS
10/100
10/100/1000 4
Concurrent Sessions 320000
New Sessions Per Second 8000
Firewall Throughput 2.5 Gbps
VPN Throughput 400 Mbps
UTM Throughput 350 Mbps
AntiVirus Throughput 425 Mbps
IPS Throughput 475 Mbps
VPN Tunnels 150
Configurable WAN/LAN/DMZ ports cx Yes

For Enterprise

GS 130d c FEATURES GajShield 260d Features GS 320dc-f  Features GajShield 330d Features GajShield 930d Features GajShield 1030d Features
10/100 6 10 20/16 20/16
10/100/1000 8 2 4 4/8 4/8
Concurrent Sessions 850000 850000 900000 1100000 3000000
New Sessions Per Second 26000 26000 30000 60000 150000
Firewall Throughput 5.5 Gbps 5.5 Gbps 7 Gbps 20 Gbps 25 Gbps
VPN Throughput 1.9 Gbps 1.9 Gbps 2.5 Gbps 12 Gbps 15 Gbps
UTM Throughput 1 Gbps 1 Gbps 2100 Mbps 3.5 Gbps 5 Gbps
AntiVirus Throughput 1200 Mbps 1200 Mbps 2200 Mbps 5.7 Gbps 7.2 Gbps
IPS Throughput 1500 Mbps 1500 Mbps 2400 Mbps 9.5 Gbps 11.5 Gbps
VPN Tunnels 4000 4000 6000 20000 25000
Configurable WAN/LAN/DMZ ports yes Yes Yes Yes Yes

Gajshield Firewall Price

Gajshield DLP Firewall Price

For more details just call or email us on
Phone:+91 120 649 8887
Email: sales@itmonteur.net

How do you set up a successful firewall migration?

This may outright stun a few security professionals, but it is (yes, affirmative) possible for migrations to be relatively fast, totally secure and overall mostly painless.

Not what you’ve experienced? Also not surprising.

Migration projects tend to drag on – and paradoxically, they become the cause of security problems they were only initiated to fix up.

This happens for any number of reasons, including:

  • Staffing concerns: Cybersecurity needs more people. There’s 2x more job postings for cybersecurity roles than other IT roles at present, but the talent marketplace hasn’t fully caught up yet.
  • Infrastructure issues: Infrastructure is the plumbing/umpire of the network. It’s essential to the function, but completely ignored until there’s an actual problem. Migrations tend to bring some of those infrastructure concerns to the fore and quickly.
  • Cost overruns: This happens for dozens of reasons including staffing concerns, budgeting mistakes and competing priorities.
  • Disruption of network services: Migrations become a hassle in part because they take down other aspects of the network that customers (and internal employees) may need access to.

That’s a partial list of why migrations are often such a hassle for companies.

Is there a better way, though?

The Four Essentials of a Successful Migration

This might sound almost too logical, so brace yourself.

The four steps you need to move through (in order) are:

  1. Remove Technical Mistakes
  2. Remove Unused Access
  3. Refine and Organize
  4. Continually Monitor

Let’s take this one-by-one quickly.

Remove Technical Mistakes

Most firewall rulebases are going to have some combination of hidden rules, shadowed rules, redundant rules and overlapping rules. All these can cause network problems, security breaches and overly long migration processes. The first step, simply, is to rid the rulebase of these issues.

Take a look at this, for example:
Open Ended Up to 1024 Px Wide - FM-table.png

The source and service columns are different. They’re different rules, right? Well, not necessarily. Look closer and you can see Rule 14 is using the source network of 192.168.20.0/24, which embraces the source for Rule 19 (192.168.20.95). The services of Rule

That’s an example of a hidden rule. That’s akin to the dark matter of network security; you can’t see it directly. This is a big problem for many security professionals and their bosses, and that fogginess gets extrapolated in cloud settings. But the way this hidden rule was ultimately found was through Traffic Flow Analysis (TFA), which is a tool you can deploy to show how packets move through your network. TFA helps you clean up some of the technical mistakes.

Remove Unused Access

This is about policy analysis – looking at network rules, system policy rules and firewall rules – followed by rule and object usage analysis.

If the primary goal of network security policy is to determine what’s allowed and what isn’t (and that should always be the goal), these three steps are designed to help you understand the present effectiveness of your ruleset.

Consider object usage, which is primarily about firewalls. With object analysis, we can see the amount of traffic across the full inventory of firewall devices. This is essential in a migration, because it gives you the opportunity to objectify your next set of firewalls to mirror or change your current object usage.

Traffic Flow Analysis comes back into the picture here too, isolating out the routing rules that keep the network safe and working effectively.

Refine and Organize

Now that you have a better picture of your rules and access points, it’s time to move forward and refine for new business goals.

This is about vulnerability analysis and compliance checks. Good vulnerability analysis is going to contain some possibility of attack simulation – so that you can visualize what your future attackers might try to do.

No resource is ever compromised without first being accessed through a series of events – events that are governed by the rulebase. But when you combine vulnerabilities with the rulebase, you have a clear picture of how an exposure can be exploited. Or, you may find that you’re ready to implement the new rule with no ill-intended effects.

The final piece of the puzzle – how you tie everything together and make sure it’s running smoothly – is called orchestration. Easiest analogy or parallel here is legitimately, well, an orchestra. If each instrument is off doing their own thing and playing their own chords, it’s going to sound horrible. But if everything is in sync and working together, that’s a lot better.

In the same way, end-to-end orchestration is the final piece of the refining and organizing process. By automating the rule lifecycle – intent, design, review, implementation and decommissioning – our migration can have the same consistency we enjoyed when clearing the rulebase of undesirables.

Continuous Compliance

Compliance drift happens over time. Because of how busy security teams get, it’s often goes under the radar as it’s happening.

There are any number of platforms out there proposing or offering “continuous compliance,” but the fine print matters more here. For something to truly deploy “continuous compliance,” you need it to be:

  1. Real-time
  2. Global in scale
  3. Work with user and machine behavior
  4. Retain data forever
  5. Be customizable

Consider the need to retain data forever (which is incredibly important and not offered by many security solutions). If we only have data that extends back 30, 60 or 90 days, that does not give us the full picture of an object’s or a rule’s activity. We make a change out of a conviction that we have an unused rule, then calamity strikes. We could have spared ourselves this set back if we had data that could give more insight to the decision.