Corporate Security
by Mr. Vincent Hebbelynck

The Rules Have Changed—Are You Equipped to Play?

Corporate network security is more complicated than ever. Protecting the network requires more than perimeter firewalls. Recent networking technologies, such as teleworking and WLANs, enhance employees’ productivity but also mean that the network perimeter is no longer easily defined—making it easier for security threats to skirt firewalls and exploit back doors into the corporate network. Today’s security challenges call for a next generation in security strategy, layering security technologies to provide defense in depth, and compartmentalizing the network to limit damage in case of attack. This security within the network is sometimes also referred as “Security in the Cloud”, or “Layered Security”.

That kind of strategy is difficult and costly to implement using the usual existing security appliances and software. Instead, implementing the next-generation security strategy calls for a new generation in security infrastructure—flexible infrastructure that lets corporations customize security resources to requirements, that scales without incremental cost increase and that streamlines management. The purpose of this article is to cover these new security architectural concepts such as virtualization.

Third-Generation Security—Defense in Depth

At first, corporate networks were flat and private, used only by internal employees. Network security employed physical locks to prevent unauthorized access to assets. This was the first generation. Then, corporations connected networks to the Internet. Firewall appliances sat at the access points to prevent unauthorized access to internal systems and data. These few security “checkpoints” were simple to manage and relatively low-cost. This was the second generation. Today, corporate network boundaries are blurred. Secure connection protocols, such as SSL and IPSec, enable corporations to use the Internet to exchange information with remote employees, branch offices, customers, suppliers, and partners across the Internet, but unfortunately also allow bypassing firewalls. Attackers could eventually enter the corporate network over a secure VPN tunnel from an employee’s compromised home PC. Furthermore firewalls don’t block e-mail, providing the perfect cover for attacks disguised as attachments. These days, a simple perimeter strategy is not enough to protect the corporate network.

Today’s security challenges call for a third-generation security strategy. Third-generation security is deep and pervasive, reinforcing the perimeter with layers of firewalls and intrusion detection and prevention systems (IDPs) to plug back-door security holes and detect and eliminate attacks. Third-generation security is also compartmentalized, isolating important assets and containing attacks to limit damage. In a layered security strategy, firewalls and IDPs are placed throughout the network—around the perimeter, in front of application servers, in front of network segments, and between application tiers. As you move toward the center of the network, security policies become increasingly stringent. In a compartmentalized strategy, network segments and assets are sectioned off into individually secured compartments. For example, a firewall between LAN segments can prevent an attack unleashed via e-mail from spreading through the network. Together, layering and compartmentalization provide defense in depth—the third generation in security.
 
Implementing Third-Generation Security: A Virtual Solution to the Appliance Problem

Until now, implementing third-generation security has been effort-intensive and expensive. That’s because until now, third-generation security could only be implemented with security appliances offering individual security services installed on dedicated hardware.


Implementing defence in depth using appliances requires tens to hundreds of seperate devices that are costly and complex to install and manage.

At every point requiring defense, one or more appliances must be deployed. Every deployed appliance requires equipment and operations expenditures to purchase and install it. Once installed, appliance capacity is often wasted, because traffic at that location does not fully utilize the resource. Operations costs continue for the life of the appliance. When the number of appliances exceed IT staff capacity to manage them, additional personnel must be added. Apart from the cost, getting even a single appliance purchased, installed, configured, and running can take weeks, while security threats show up in real time.

Providing defense in depth with appliances means acquiring tens to hundreds of devices. Stringing these appliances and management interfaces together makes deployment and management even more complex. Altogether, an appliance-based third-generation security implementation becomes an IT nightmare, costing far more than the budget can accommodate, and taking months to roll out.

Fortunately, an efficient, cost-effective way to make the third-generation security transition has emerged. Virtualization Solutions makes third-generation security possible, on demand, and within budget. Virtualization lets you customize and deploy multiple, pre-tested security services to specific requirements, without incremental cost increase, and with a single, simplified management interface. Virtualization offers a realistic path to third-generation security.

Up to recently, virtualization has been mostly present in the computing and storage domains. Introducing virtualization in the network and security domains makes perfect business sense, for a better use of resources and a better control of operational costs.
 
Telindus’ Virtualization Solution:  Security on-Demand and within Budgets 

Telindus’ Virtualization Solution brings Defense in Depth into your Network in a phased approach. A first phase consists in an analysis of the existing security infrastructure and proposes a smooth migration to a Defense in Depth architecture including Virtualization. Adopting Virtualization will provide the same security functions and performance as traditional appliance-based services, but will offer fully dynamic, integrated operations.  Services will be upgradeable on the fly, without service disruption or downtime, and might be arbitrarily combined into unique service configurations tailored to meet specific application requirements. The second phase consists in the Integration of the new infrastructure leading to the third phase which is managing the infrastructure and making it evolving as previously defined.

Virtual and Integrated

The Virtualization Solution provides a dedicated upgrade path providing the ability to upgrade with additional services modules, as the security requirements expand.  Modules are a software upgrade only meaning no additional equipment installations or network downtime. These modules encompasses technologies such as: firewalls, IDSes and IPSes, IPSec and SSL VPNs, server load balancing, global server load balancing, SSL acceleration and routing.

Virtualization Solution’s benefits

The Telindus virtualization Solution provides a realistic third-generation security solution, it brings economies of scale, on-demand service deployment, and simplified, integrated management to third-generation security, so that deploying and managing hundreds of security services becomes realistic—where deploying hundreds of security appliances is not.

The Virtualization Solution Integrates Telindus Service Packages including network design assessment, project implementation management, equipment monitoring, technical and commercial support to ensure effective business operations.

Technology partnership

Telindus is offering its Virtualization Solution through its Strategic technical partnership with Inkra Networks, offering today’s most advanced 3rd generation Security devices.

Building Tomorrow’s Security

The corporate security rules have changed. Protecting the network requires far more than a perimeter-based security strategy. Corporations need defense in depth — security services pervasively layered throughout a compartmentalized network. The only realistic way to do this is to virtualize security services and streamline security deployment and management procedures. Offering virtualized, integrated security and performance services, with hardware-based virtualization technology, and centralized, automated management software, Telindus’ Virtualization Solution is the only realistic third-generation security solution available today.