Story image

Internal segmentation firewalls: Securing the inner network

26 May 16

The good news is that edge firewalls do an excellent job of protecting the network border. The bad news is that they can’t help after a breach occurs. Once malware enters the network, it can move laterally virtually unopposed. The key to securing your client’s network, data and application services is to place ‘edge’ protection inside their network to create barriers that allow legitimate traffic to pass whilst stopping any unauthorised activities.

Internal networks have been designed to be flat and open. But it has been impractical to deploy edge firewalls internally due to latency and cost. As a result, data and application services - including trade secrets, private data, proprietary applications and other sensitive assets - residing on internal networks have remained relatively unsecured. Added to the mix is the fact that advanced threats are getting better at slipping past perimeter security to reach the unprotected internal network.

“Networks require their own special type of internal security,” says Jonathan Fox, General Manager of Advanced Solutions at Ingram Micro, a leading distributor of Fortinet’s cyber-security solutions in Australia. “Fortinet’s internal segmentation firewalls (ISFWs) remove the constraints and limitations of what a firewall can do for enterprises and prevent infections on easy targets, such as compromised smartphones, web servers and security cameras, from spreading laterally to your critical infrastructure. Installed correctly, ISFWs segment and protect network assets to control access, offer greater visibility in terms of user activity and traffic and limit damages in the event of a breach.”

ISFW architecture delivers maximum performance and maximum security while offering the flexibility of being placed anywhere in the enterprise. In addition, ISFWs offer streamlined processes to manage individual policies for multiple devices and secure the enterprise’s internal network security with minimal management overheads.

Segmentation is key

Until recently, effective segmentation hasn’t been practical. Performance, price and overheads have been problematic for implementing a good segmentation strategy. But these barriers are no longer valid.

“ISFWs can handle traditional ‘north-south’ segmentation as well as emerging ‘east-west’ segmentation,” continues Fox. “Because they can be placed anywhere inside the network, ISFWs can focus on monitoring activities that move around the internal portions of the enterprise network. If hackers attempt to locate assets and data of value by spreading laterally from one compromised host to another, the ISFW identifies this activity as suspect and restricts the lateral movement and propagation of malicious code.”

One network - multiple policies

ISFWs can also manage individual policies for multiple devices. Network managers can configure different levels of visibility, control and mitigation for internal segments within the network. Not all ISFW policies require the same level of inspection so managers have much more flexibility as to how and where they set activity thresholds. The ability to put the security where you want it, when you want it is one of the greatest benefits of an ISFW.

With more security enforcement points within the network, device and policy management becomes more critical. Policy-driven segmentation controls access to the network, applications and resources by automatically associating each user’s identity - attributes such as physical location, the type of device used to access the network or the application used - with the security policies of a specific segment.

“ISFWs firewalls have the ability to dynamically identify users and enforce the appropriate policies throughout the network,” concludes Fox. “In effect, the entire firewall infrastructure turns into an intelligent policy-driven fabric that protects vital assets with less overhead, less latency and lower overall costs.”

To learn more about how ISFW solutions are helping to solve these sorts of problems and secure today’s networks, Fortinet has prepared a technical white paper ‘Security Where You Need It, When You Need It’ that presents both a design approach and architecture for implementing an ISFW strategy for your enterprise. Call Exclusive Networks and they’ll be happy to get you started.

Contact the Fortinet Team at Ingram Micro to see how we can help:

- 1300 651 124

Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.
Review: Should you buy the Fitbit Charge 3?
If you are new the to the world of wearables you might be wondering if Fitbit’s new offering is a good first step. Maybe I can help with that.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Cohesity signs new reseller and cloud service provider in Australia
NEXION Networks has been appointed as an authorised reseller of Cohesity’s range of solutions for secondary data.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
Avnet to boost AI/IoT solutions with acquisition
The acquisition of Softweb Solutions adds software and artificial intelligence to Avnet’s ecosystem and bolsters its IoT capabilities.