With cyber attack methods growing increasingly sophisticated many traditional internet gateway solutions are no longer fit for purpose. This whitepaper reveals just how many organisations are leaving themselves vulnerable to cyber criminality by keeping hold of their legacy firewall without content filtering.
We also examine how modern gateway security is providing an appropriate defence to these more complex threats and discuss what organisations should consider when refreshing this technology.
Barely a week goes by without the media reporting a new cyber threat which is capable of causing havoc. There are constant warnings of various forms of sophisticated malware which have already infected thousands of computers across the UK. GameOver Zeus, Cryptolocker and Shylock are just a few to hit the headlines this year.
Once networks are infected, these types of malware can give cybercriminals the ability to steal corporate, personal or financial details, encrypt files and hold them for ransom or extort money from companies through denial of service (DoS) attacks.
The exact nature of the threats detailed in these media reports may change but the accompanying quote from a relevant security expert is always the same, ‘in order to protect yourself, keep your security defences up to date’. The three core pillars of those defences include end point protection, gateway defence and software patch updates.
Companies may be updating their client anti-virus and are regularly patching software, but the Probrand Survey 2014 has revealed too many organisations are failing to address the final pillar by not upgrading their firewalls as part of their internet gateway security.
In recent years cybercriminals have evolved their tactics in order to evade detection by traditional firewall defences. Yet in many cases, the companies they target have not all kept pace with this and some are still relying on legacy solutions which are no longer fit for purpose.
These organisations now need a next generation firewall which has the capability to go deeper and inspect all traffic, regardless of the port and protocol. A modern firewall solution can inspect even encrypted traffic and detect those threats.
Next generation rewalls are now also protecting businesses against the potential security impact of modern technology trends, such as the consumerisation of IT and cloud computing. These solutions can also provide granular control over website and application usage, to ensure bandwidth is always available for the most critical business functions.
It is a disturbing fact that the methods deployed by cyber criminality will continue to become more sophisticated. As a result, no one is 100% safe from attack.
Even the biggest technology firms such as Microsoft, Apple and Facebook - who you would think could adequately defend themselves - have admitted to breaches.
From a financial and reputational perspective, the consequences of these attacks can be huge. In one of the largest global incidents to date, US retail giant Target saw the personal and financial details of up to 110 million customers compromised.
It is not just large companies being targeted, however. Research, by security firm Symantec, has shown that 30% of all global cyber attacks are actually aimed at small businesses - where defences are perceived to be weaker. Smaller targets may be less lucrative to cybercriminals but it requires less effort to attack several soft targets than one which is large and well protected.
The security solution
The persistence of the threat, coupled with the increased complexity of these attacks, has meant modern firewalls are now required to do much more than simply check where traffic is coming from and going to. Cybercriminals have now found ways to con and trick their way around these traditional defences.
“What is needed is deep packet inspection and that is what a next generation firewall provides - it digs further down to check for a virus or an intrusion,” said Mark Lomas, IT consultant at Probrand.
“If you have not refreshed your firewall within the last three years the chances are that you are using a legacy firewall which is no longer fit for purpose.”
In response to these evolving threats, security firms have rolled out firewalls in the last few years which offer a more advanced defence. As cybercriminals are now capable of smuggling malware passed traditional firewalls by burying it within encrypted traffic, these solutions now provide SSL decryption and inspection.
“Today, up to 35% of enterprise traffic is secured using the Secure Sockets Layer (SSL) protocol. Cybercriminals know this, and they have begun to use SSL to hide their attacks. Organisations which are still relying on legacy firewalls with no or limited SSL Inspection capabilities can be compromised,” said Florian Malecki, International Product Marketing Director at Dell Security.
Case Study - One potential consequence of sticking with your legacy firewall
Probrand was privy to a damaging cyber attack on a small business, which had been taking an ‘if it’s not broke, don’t fix it’ approach to firewalls. With a legacy solution in place, which was incapable of deep packet inspection, the company’s defences proved ineffectual against the attack. The company later approached Probrand for help.
The business found itself at the mercy of an aggressive hacker who encrypted vital files and promised to expose sensitive information to the company’s entire email contact book unless £500 was paid into a specified bank account.
A word file left on the business owner’s computer read, ‘You have been hacked’. Inside a menacing message threatened: “I do not require to do much more work on my part to ruin you.”
The hacker, who was clearly well practised in this form of extortion, cheekily demanded that the business quote a reference number when making their payment.
This situation could have been avoided if the business had upgraded to a next generation firewall beforehand.
Too many still at risk
As more high profile cyber attack incidents have hit the headlines, there has been a dawning realisation within organisations that they really need to take cyber security seriously.
The Probrand Internet Gateway Security Survey, which was conducted with more than 500 IT executives within small and medium sized businesses (SMBs) in the UK, revealed that most have taken action by refreshing their firewall.
The study showed that 61% firms have upgraded their firewall protection within the last 30 months - 41% have done so within the last 18 months. However, the results also reveal that many organisations are still relying on traditional solutions.
The survey found 14% of organisations have not, or are unsure whether they have, upgraded their firewall since 2009. This means one in every seven SMBs in the UK is likely to have inadequate protection against the attack methods currently being deployed by cyber criminals.
It is one thing to deploy a next generation firewall but it is another checking the solution is actually doing its job. It is recommended that companies check their firewall with penetration testing at least once a year on average. For companies storing sensitive information, such as their customer’s personal or financial details, this might take place quarterly.
“A lot of people seem to think because they have a firewall they are fully protected when they might not have the right policies in place. Penetration testing is important to ensure everything is working as it should,” said Malecki.
“As Verizon’s recent Data Breach survey has shown, when a business is compromised it can be a long time before that is discovered and quite often it is the third parties doing these penetration tests that are the ones who are finding these breaches.”
The Probrand survey found that more than three quarters (77%) of SMBs do carry out a penetration test at least once a year - almost half (48%) test twice a year or even more frequently. However, the study found that a worrying 16% have never tested their firewall. This means that nearly one in every six SMBs in the UK has no way of knowing whether their firewall is working or not.
The refresh cycle
Like any element of the IT infrastructure, the firewall protecting an organisation’s network should be refreshed periodically. Companies are advised to upgrade their firewall every three to five years on average - as they would their servers.
This refresh is not just to ensure the solution in place is offering an adequate defence against evolving threats, it is also about protecting performance. If a company is growing, the organisation needs a firewall that can handle increased traffic and prevent bottlenecks.
The Probrand survey revealed the majority of firms acknowledge the need for this refresh and have plans to carry this out within the next five years. The research did reveal, however, that nearly a third (29%) say they have no plans to, or will never, upgrade their firewall.
When asked how often they believed they should refresh their firewall, a quarter (25%) of
respondents replied ‘at the end of its life’.
Lomas said: “It would be interesting to know when someone thinks their firewall is broken,
as it’s not a case of checking whether the lights are on.
“If you have a traditional firewall it will not be protecting you in the same way it was when
you bought it - so in my eyes it is already broken.”
What to consider when upgrading your Firewall
It is not unusual for businesses to acquire their firewall solution as an add-on, when buying another solution. This ‘one stop shop’ approach when procuring one of the key pillars in an organisation’s security defences is questionable.
The level of integration a firewall needs with other elements of the IT infrastructure is limited. Therefore, the purchasing decision should be independent to any other form of procurement. Organisations are free to deploy a best of breed solution which offers the deep packet inspection, with decryption and anti-evasion technology, mentioned above.
Mark Lomas said: “We would always advocate a consultancy led approach to firewalls as some vendors do offer a greater depth of solution than others. For some, security is their main focus but there are others which are just filling out their portfolios.”
Organisations should also consider technology trends, such as the consumerisation of IT and cloud computing, which can impact on internet bandwidth. Next generation firewalls are capable of protecting an organisation’s bandwidth performance by providing a granular level of control.
This allows organisations to manage behaviour on certain websites or applications and specify which teams or individuals are given access. For example, the marketing department may be given permission to promote the business on consumer websites such as Facebook and YouTube but at the same time a next generation firewall can curtail any excessive video streaming or gaming on these platforms.
At times when there is excessive demand placed on the internet, a next generation firewall can also take action to protect vital cloud applications and reduce the bandwidth available to non-essential functions.
Malecki explains: “If an England football game is on, some companies will be happy to let their staff stream this but if this affected bandwidth it could prevent access to essential applications such as Salesforce.com or another CRM system. A next generation firewall will, however, allow you to reserve a percentage of the bandwidth for critical applications to ensure the business remains productive at these times.”
Firewall manufacturers have been forced into taking some great strides forward in recent years, in response to the nefarious activities of cybercriminals. But with approximately one in seven SMBs still likely to be deploying traditional solutions, it is clear many organisations are still leaving themselves vulnerable to attack.
Furthermore, as IT consumerisation and cloud computing threaten to impact on crucial functionality, businesses could well be losing competitive advantage by not deploying next generation solutions which protect productivity.
With cyber attacks and internet usage both destined to grow rapidly in the coming years, the third of businesses who have no plans to upgrade their firewall will also need to rethink their approach. Otherwise their performance will suffer, or worse still they could leave themselves at the mercy of increasingly sophisticated cybercriminals.