This is simply unacceptable. Industry analysts like Gartner have noted this as well, and have recommended that customers move to next-generation network security infrastructure.

Not only do next-generation firewalls vastly increase the visibility and control you have over the applications, users, and content you have on your network – they also save you lots of money on IPS.  With today’s highly segmented networks, this can result in multi-million pound purchases for large organizations – but ironically you still can’t manage threats well.

One of the principal reasons for Gartner’s recommendations is that traditional IPS can’t effectively manage applications and can’t detect threats in SSL-encrypted and compressed content.

Our next-generation firewalls do all of the above, and deliver industrial-strength intrusion prevention capabilities while saving you money.  In fact, the cost of our solution averages under £3,000 per protected network segment – a savings of at least 75% over TippingPoint and ISS.  Don’t take our word for it…  Drop into InfoSec and see for yourself; at the same time get measured up for a bespoke shirt.

Tailored security from Varidion

The traditional three tier switching model of Access, Distribution and Core was conceived by Cisco in the days where data thus traffic flowed vertically to a single point, gathering speed on the way.  100Mbp/s access to GbE uplinks aggregated on 10GbE switches at the core, these in turn fed big fat application specific hosts with GbE network adaptors pushing and pulling very similar data types – mostly all fat clients.

The world is now flat….. Well, its getting flatter by the day.  Applications will no longer live in private data centres; Enterprises will use a mix of SaaS and Private Cloud solutions to meet tomorrow’s demands.  Virtualisation will allow business to turn up and down IT resources to meet with demand.  This has a huge effect on your network infrastructure.

To add to your woes, your staff are using more and more Social Applications, not just Facebook and YouTube but Google Apps, Internet chat and Blogging are all seeing a huge increase within the Enterprise.

So what do I do?

The concern with the traditional model is latency – forcing packets to stop at every layer.  Enterprises should build networks with a distribution layer of 10 GbE switches that is flattened out, becoming the communication link between servers with as few hops as possible, thus killing network latency.

Leaf-spine topology for computing network architecture

Some describe this two-layer switching method as leaf-spine switching topology or, similarly, a fat-tree switching topology.  In this scenario, servers are connected to leaf switches, which are then connected to a broad web of spine switches that provide interconnected bandwidth between leafs and spines.

This fabric of switches, which includes as many ports as possible, allows equal bandwidth access to every connection, enabling non-blocked movement data in an any-to-any server environment. Cloud leaf fabric controls the flow of traffic between servers, while the spine switching fabric moves traffic between nodes bi-directionally.

Very little is static in a cloud environment. Instances of servers and networks are provisioned at the drop of a hat.  To this end, the network architect must seek out a partner that understands the end-to-end solution from Application to User.  Varidion are a next generation service provider that builds and operates fully managed Infrastructure as a service that allows Enterprises to focus on the business elements of IT and not the technology end.

Remember – The network is the Computer!

HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users,” McAfee said.

As the browser becomes an integrated part of the desktop and its communication language can access local resources, security devices such as firewalls and Intrusion Detection Systems will be ineffective against these threats in 2010.

Speak to Varidion today about implementing a Next Generation Firewall, that understands these applications and can prevent your data leaving from under your nose.

Read the full report.

With today’s dynamic applications, a next generation of network security device is required;

• One that can identify the applications in use, even when they are trying to hide.
• One that can identify who has these applications, either through choice or via malware infection.
• One that will control what’s entering and leaving your network, even if it’s encrypted inside SSL.

And until recently you needed to add another point solution or applicance to protect your network.

Next Generation Firewall vendor, Palo Alto Networks, has grasped the nettle and created a Multi-Gigabit Firewall that can identify, control and report on over 1000 applications right down to a user level and even if shrouded in encryption.  Refreshingly, implementing a Palo Alto Next Generation Firewall from Varidion will reduce your appliance sprawl as this single device delivers URL control; Spam filtering; Remote Access (IPSEC and SSL) and Malware detection all for less than £1,000 per month.

Can you afford not to implement one?  Call us today..

So what?

Well its simple, if today you detect and remove the use of file-sharing software within your business by managing and removing applications loaded onto your PCs, then this method is now redundant.  That is, unless you plan to remove browsers from your PCs?

Browser-based file sharing applications are a direct avenue for the transfer of confidential data and allows user download of infected files and malware-infested advertising.

The remedy is simple; you need to identify and control your applications at the network layer.  By their very nature, P2P, Malware and many Web2.0 applications masquerade as valid web and SSL traffic by hiding within their ports and protocols.  So unless your firewall can identify these rogue applications you have no way of controlling them.  Can your firewall distinguish between valid http and file-sharing http?

At Varidion, our Next Generation Firewall can identify and classify some 900 applications so control and protection is simple.  If you still managing by port & protocol speak to us about a free trial of our service, we will even give you a report outlining all the applications in use on your network.  I guarantee we’ll find something you don’t like!

According to Brand Reputation, over 80% of surveyed consumers are more likely to look for online reviews than 12 months ago, but crucially they are five times more likely to tell friends and post negative feedback.

Brand Reputations CEO said, “When this trend occurs via the Web, these numbers quickly multiply and could spell disaster for retailers who don’t have strategies in place.”

It’s critical a retailer embraces Social Media, the Net-Generation consumer doesn’t read Which, they take peer review and negative feedback as their key litmus test.  So while the Retailers website has become its shop front, Social Media will be become its marketing media, but unless managed and controlled it could prove fatal.

“Banning access to social media from the corporate network is futile.”

Carol is correct, we can’t stop social networking, you only have to look at the largest firewall installed, China!   They have failed to manage the flow of incoming information via Web 2.0 sites.  Today’s world we live in is digitally enabled and socially connected.  Moreover, the enterprise cannot protect its self from everything, they must learn to balance risk and performance, cloud and software as a service has great value, but they will introduce a change in how technology is managed and controlled.  Web 2.0, SaaS and Internet based social networking applications to carry real threats to corporations and must be managed effectively with today’s tools that understand these tools…

Todays Firewalls

I’m sorry to tell you, its got more holes than a Swiss Cheese! Don’t be alarmed…..      most have.

Why?   They’re just simply out of date….

Basically today’s Web 2.0 applications have technology leapfrogged your security infrastructure, so while you diligently close ports and protocols these Net Generation applications choose another port, or better still masquerade as a valid protocol such as HTTPS so your firewall hasn’t a clue. Worried? You should be.

To restore the firewall as the core of your security infrastructure you need to look deeper into the traffic that’s flowing through it, something yesterday’s firewalls simply don’t and can’t do, that was until Nir Zuk one of the inventors of Statefull Inspection Technology headed back to the drawing board…. The outcome, a truly application aware security device that can accurately identify and classify over 900 of the today’s most dynamic applications irrespective of port, protocol but crucially evasion tactic. So finally the Enterprise can adopt Web 2.0 collaboration tools with the piece of mind they can actually control them.

Today, many Enterprises block applications such as Webex, LogMeIn, Yoics and P2P applications for very obvious reasons, again I have bad news, they are in use, you just can’t see them as they look just like valid http and http/s traffic. The facts are stark, in a recent application usage report of 60 large enterprises representing the behavior of 900,000 users, Peer 2 Peer applications were found in 92% of the enterprises, and web based file sharing in 72% of the companies and guess what; 100% had Firewalls and a further 82% had additional devices such as a Proxy, URL filter or an IPS.

Now that’s a great investment! Upgrade your business today speak to Varidion about an application aware network.