Next-gen firewalls also use deep
packet inspection techniques to
examine traffic for anomalies and
known malware. Newer features,
such as data leakage prevention, can
further help organizations protect
themselves from within. Often, even
trusted employees can send sensitive data into untrusted zones, either
intentionally or by accident. Nextgen firewalls combat this by using
sophisticated pattern matching techniques and user identity to detect and
prevent unauthorized communication of sensitive information and files
through the network perimeter.
traffic it in a safe, cloud-based virtual
environment to observe the behavior
of malicious malware. Through these
a subscription services, updates are
automatically generated and distributed to installed firewalls for global
protection against the newly discovered malware. ❚
Ronen Isaac is vice president
of Continental Computers, a
networking and video surveillance products reseller and
integrator/VAR based out of
El Segundo, Calif. He is also vice president of
WLANmall.com.
IDS and IPS
Intrusion detection systems (IDS)
passively monitor network traffic,
looking for malicious patterns, such
as repeated attempts to log on to an
account or server. When these devices
notice a pattern, they send alerts to
administrators and sometimes modify
firewall rules to restrict access.
Intrusion prevention systems (IPS)
work in conjunction with nextgeneration firewalls to identify and
stop suspicious traffic. IPS are complex, and are designed to minimize
false positives. IPS vendors include
SourceFire, Palo Alto Networks and
Tipping Point.
Zero-Day Attack Mitigation
A zero-day attack or threat exploits
a previously unknown vulnerability
in a computer application, meaning
that the attack occurs on "day zero"
of awareness of the vulnerability;
thus, developers have had zero days
to address and patch it. Zero-day
exploits — the software and/or strategies to carry out a successful attack
— are used or shared by attackers.
Solutions such as Palo Alto
Networks' WildFire are typically an
adjunct subscription to existing firewalls. They actively analyze network
Request information: www.securityinfowatch.com/10214166
www.SecurityInfoWatch.com | SD&I; | November 2013
57