With a deep background in security technology consulting, installation, and migration; one of the more common questions we are asked today is how to make the transition from old-school port-based firewalls to the next generation application aware solutions. As customers are migrating to next generation security platforms, they are concerned that they are not adequately taking advantage of the capabilities of the latest and greatest products (and rightfully so). Although managing security rules are one key aspect of making the transition, security teams realize that this move up can be complicated if not managed properly. Concerns that should be carefully considered include:
1. Baseline core applications
Understanding the applications on the network and how they interact is key. Historically, application providers simply ask that specific ports/protocols be opened to allow their applications to talk through security devices. The problem is that those ports are commonly known throughout the industry and can be used to transport (and hide) nefarious activity. With the next-generation technologies, they are intelligent enough to recognize if this is happening and react accordingly.
This requires more scrutiny in determining what data is truly legitimate and what should be blocked from the network. Utilizing tools that will ‘listen’ to the network and help you map out the applications (and associated interactions between devices) is key to understanding what is really going on. Use these tools to create a baseline of the core applications and take the time to get it right up front. This will not only save time in the long run but help ensure a more seamless experience for the end users.
2. Security policy application standards
Once the applications are known on the network, take the time to develop policy standards if they are not in place already. For example, standardizing policy guidelines will help minimize the number of polices and allow for more efficient grouping of applications and/or hosts together.
3. Managing custom application signatures
As signatures and similar approaches are used for classifying applications, it is not uncommon to come across customer developed or specialty applications that require special handling. Most technologies handle standard and common applications today. You will however need to look to creating ‘signatures’ for any custom applications that are unique to that environment. There are multiple techniques and approaches but we find that most environments (especially those new to these technologies) will use the most basic signatures to start with for these special applications. As security standards or reporting become more progressive, the need to take advantage of these application aware capabilities will drive the need for more advanced signatures. Be aware of the capabilities of the technology your using and how it can be used to help meet the growing needs of the business.
4. User education
One of the most commonly overlooked factors when using this technology is to educate end users (typically application or server owners) on the difference between the application-aware approach vs. old traditional port/protocol methodology. As the old adage states “Garbage in / Garbage out”; helping application owners better understand the value and need for this approach and how it affects them will ultimately smooth the process of introducing new applications or when migrating from older security technologies.
It has proven that taking a more holistic approach when introducing application-aware technologies results in a more seamless integration into existing network environments. It also ensures that businesses maximize their investment by getting the most out of these technologies over the long run.
- JJ Crump, CTO