Most attacks on customer data and company confidential information are launched inside the network by targeted, custom spyware, employees and contractors  who have access, means and opportunity to steal data.

It is a fair bet that your network perimeter is well protected with firewall and IPS.

But what about the internal network?

Your existing network security tools are not up to the challenge.

While existing security tools (firewalls, IPS and proxy-based Web, mail and content-filtering gateways) can do a good job controlling perimeter network access, scanning for mail-borne viruses and filtering Spam; they provide insufficient control to control internal network channels (A network channel is a bi-directional TCP/IP client-server connection between two hosts: for example a web client on Port 1187 conversing over HTTP with a Web server on port 80, running the Jabber application protocol).

Protocol coverage is lacking: The protection that firewalls provide is only as good as the policy they are configured to implement. Analysis of real-world configuration data shows that corporate firewalls often enforce rule sets that violate well-established security guidelines (for example zone-spanning objects and lack of stealth rules). Stateful inspection firewalls don’t perform deep content inspection on complete sessions and are therefore blind  to data theft attacks that encapsulate instant messaging inside telnet sessions in order to transfer Microsoft Office files with sensitive data.

Proxy-based content filters totally depend upon end-points not having any direct access to the Internet - research with clients show us that as much as 20 percent of all endpoints already bypass content filtering proxies.

Precise visibility of network transactions is missing: Firewall and proxy logs are generally never analyzed, and often lag hours behind an event. An IPS often relies on anomaly detection. Anomaly detection relies on network flow data, which is often reported at intervals of 15 to 45 minutes. With that kind of lag, an entire network can be brought down. Because anomaly detection is looking for an anomalous event rather than an attack, it is frequently plagued by time-consuming false positives. A proxy on the other hand relies on URL filtering and simple keyword matching that analyzes the HTTP header and URL string. By looking at content and ignoring the network; a proxy can suffer from high rates of false negatives, missing attacks.

Cost of implementation and maintenance is high. Installation of multiple, disparate, proxy-based security products complicate network and end-point maintenance. Proxies require changes to the network infrastructure and in large networks may be impossible to install. End-point products carry a heavy cost of distribution and maintenance and are highly sensitive to Windows versions and vulnerable to Tuesday updates.

Multiple elements increase risk in the overall solution: This is additional risk that manifests itself as a result of the interaction between a complex system of cache servers, SSL accelerators, Load balancers, Reverse proxy servers, transparent proxies, IDS/IPS and Web Application Firewalls. Consider that endpoints can bypass SSL proxies by specifying a gateway IP address and transparent proxies on a Windows network are no assurance for unauthenticated user agents bypassing the entire proxy infrastructure. HTTP-Aware firewalls such as Web application firewalls can be completely or partially bypassed in some cases. Transparent proxies can be compromised by techniques of HTTP response splitting since they rely on fine-grained mechanisms of matching strings in HTTP headers.

Move now and do something about it?

Contact us today and ask for a consultation and free quotation from one of our professional consultants