ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Internal segmentation firewalls: Securing the inner network

Thu 26 May 2016
FYI, this story is more than a year old

The good news is that edge firewalls do an excellent job of protecting the network border. The bad news is that they can’t help after a breach occurs. Once malware enters the network, it can move laterally virtually unopposed. The key to securing your client’s network, data and application services is to place ‘edge’ protection inside their network to create barriers that allow legitimate traffic to pass whilst stopping any unauthorised activities.

Internal networks have been designed to be flat and open. But it has been impractical to deploy edge firewalls internally due to latency and cost. As a result, data and application services - including trade secrets, private data, proprietary applications and other sensitive assets - residing on internal networks have remained relatively unsecured. Added to the mix is the fact that advanced threats are getting better at slipping past perimeter security to reach the unprotected internal network.

“Networks require their own special type of internal security,” says Jonathan Fox, General Manager of Advanced Solutions at Ingram Micro, a leading distributor of Fortinet’s cyber-security solutions in Australia. “Fortinet’s internal segmentation firewalls (ISFWs) remove the constraints and limitations of what a firewall can do for enterprises and prevent infections on easy targets, such as compromised smartphones, web servers and security cameras, from spreading laterally to your critical infrastructure. Installed correctly, ISFWs segment and protect network assets to control access, offer greater visibility in terms of user activity and traffic and limit damages in the event of a breach.”

ISFW architecture delivers maximum performance and maximum security while offering the flexibility of being placed anywhere in the enterprise. In addition, ISFWs offer streamlined processes to manage individual policies for multiple devices and secure the enterprise’s internal network security with minimal management overheads.

Segmentation is key

Until recently, effective segmentation hasn’t been practical. Performance, price and overheads have been problematic for implementing a good segmentation strategy. But these barriers are no longer valid.

“ISFWs can handle traditional ‘north-south’ segmentation as well as emerging ‘east-west’ segmentation,” continues Fox. “Because they can be placed anywhere inside the network, ISFWs can focus on monitoring activities that move around the internal portions of the enterprise network. If hackers attempt to locate assets and data of value by spreading laterally from one compromised host to another, the ISFW identifies this activity as suspect and restricts the lateral movement and propagation of malicious code.”

One network - multiple policies

ISFWs can also manage individual policies for multiple devices. Network managers can configure different levels of visibility, control and mitigation for internal segments within the network. Not all ISFW policies require the same level of inspection so managers have much more flexibility as to how and where they set activity thresholds. The ability to put the security where you want it, when you want it is one of the greatest benefits of an ISFW.

With more security enforcement points within the network, device and policy management becomes more critical. Policy-driven segmentation controls access to the network, applications and resources by automatically associating each user’s identity - attributes such as physical location, the type of device used to access the network or the application used - with the security policies of a specific segment.

“ISFWs firewalls have the ability to dynamically identify users and enforce the appropriate policies throughout the network,” concludes Fox. “In effect, the entire firewall infrastructure turns into an intelligent policy-driven fabric that protects vital assets with less overhead, less latency and lower overall costs.”

To learn more about how ISFW solutions are helping to solve these sorts of problems and secure today’s networks, Fortinet has prepared a technical white paper ‘Security Where You Need It, When You Need It’ that presents both a design approach and architecture for implementing an ISFW strategy for your enterprise. Call Exclusive Networks and they’ll be happy to get you started.

Contact the Fortinet Team at Ingram Micro to see how we can help:

- 1300 651 124 - sales@ingrammicro.com.au - http://au.ingrammicro.com/

 

 

Related stories
Top stories
Story image
Cybersecurity
Infoblox's State of Security Report spotlights Australian remote work hazards
Attackers exploit weak WiFi, remote endpoints, and the cloud, costing 50% of organisations over $1.3 million in breach damages.
Story image
Wireless
Cradlepoint expands its Cellular Intelligence capabilities
Cradlepoint has announced additional Cellular Intelligence capabilities with its NetCloud service.
Story image
Cybersecurity
BlackBerry offers Kaspersky replacement cybersecurity for the channel
BlackBerry advises that users of Kaspersky software in Australia and New Zealand undertake a rigorous risk analysis of their current security posture.
Story image
Lightspeed
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
Microsoft
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Telstra
Telstra, Google and Accenture launch 5G AR experience for AFL
Telstra, Google and Accenture are developing a new 5G powered augmented reality (AR) experience at Melbourne's Marvel Stadium for the footy season.
Story image
Gaming
PNY launches XLR8 Gaming EPIX memory products in A/NZ
PNY has launched its XLR8 Gaming EPIC-X RGB™ DDR4 Silver 3200MHz and 3600MHz memory products in Australia and New Zealand.
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Telstra
Telstra and Silver Trak Digital delivers 5G to the cinemas
Telstra and Silver Trak Digital say they've launched Australia's fastest and most secure delivery of content over 5G for cinemas.
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Hawaiki Cable
BW Digital completes acquisition of Hawaiki Submarine Cable
BW Digital has completed its full acquisition of Hawaiki Submarine Cable, with all applicable regulatory filings and approvals now received.
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
Testing
Google and CSIRO use AI to help protect the Great Barrier Reef
Google has partnered with CSIRO in Australia to implement AI solutions that help protect the Great Barrier Reef.
Story image
Cybersecurity
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Microsoft
SAS Viya on Microsoft Azure to deliver 204% return - study
The Forrester Total Economic Impact study finds SAS Viya on Microsoft Azure brings a 204% return on investment over three years.
Story image
Ransomware
A third of companies paying ransom don’t recover data - report
Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
Story image
SAS
New SAS service overcomes subscription fatigue for media companies
SAS has launched SAS 360 Match which helps media companies move towards a AVOD model to generate revenue as subscribers cancel.
Story image
Wasabi Technologies
Wasabi opens new cloud storage in Australia with Equinix
Wasabi Technologies has opened a new hot cloud storage region in Sydney, Australia, using Equinix services. This is the company's 12th global storage region.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Artificial Intelligence
SAS launches human-focused responsible innovation initiative
SAS has launched a responsible innovation initiative, furthering its commitment to equity and putting people first.
Story image
trust
9/10 Aussies to stop spending if personal data compromised
"Based on the patterns we are seeing among Australian consumers, it is evident that trust in a brand is exceptionally important."
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Fortinet
Fortinet's Security Fabric hits new record for integrations
The Fortinet Security Fabric has surpassed 500 technology integrations with more than 300 Fabric-Ready Technology Alliance Partners.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Alteryx
Decision Inc. Australia enters partnership with Alteryx
Independent data and analytics consultancy Decision Inc. Australia has partnered with automated analytics company Alteryx, expanding its offering to clients.
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
PaaS
New digital traffic light system to tackle construction defects
Smarter Defects Management launches its PaaS digital system and says it will revolutionise managing defects in the construction industry.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Data solutions
South Australia state satellite makes significant progress
South Australia’s first state satellite has successfully completed the Critical Design Review (CDR), moving it closer to providing tangible data solutions.
Story image
Workato
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
Story image
Artificial Intelligence
ANU and Seeing Machines to use AI to improve driver safety
The Australian National University and Seeing Machines have won a grant to develop AI systems monitor human behaviour while driving.
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Cybersecurity
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
Apple
Apple previews new features for users with disabilities
Apple says new software features that offer users with disabilities new tools for navigation, health and communication, are set to come out later this year.
Story image
Application Performance Monitoring / APM
Why SolarWinds Partners will have big wins in 2022
We summarise the key recent changes that the monitoring software vendor has made to accelerate its channel business.
Story image
Manufacturing
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
Wireless
Sony to bring new 1000X series WH-1000XM5 headphones to the market
Sony has announced the newest edition of its award-winning wireless headphones, with the 1000X series WH-1000XM5 noise-cancelling model.
Story image
Fintech
Airwallex launches new bank feed integration with NetSuite
Airwallex has launched a new bank feed integration with NetSuite, developed in partnership with NetSuite solution partner, Onlineone.
Story image
Review
Hands-on review: MSI MPG Z690 Carbon WIFI motherboard
It’s all change with Intel’s 12th generation CPUs. We have a new chipset in the 600-series, a new socket with the LGA 1700, and new DDR5 memory.
Story image
Phishing
KnowBe4 celebrates reaching 50,000 customers worldwide
KnowBe4 has reached the milestone of 50,000 customers, adding nearly 2,500 in the first quarter of 2022 alone.