The following interview with Ken Karsten, Vice President of Federal Sales at Intel Security, is an excerpt from our recent guide, Securing Government: Lessons from the Cyber Front Lines. In this guide, we review five tactics government organizations are using to enhance their cybersecurity.
Because government serves citizens, agencies cannot achieve their missions without opening their secure networks to outside traffic. But this doesn’t mean agencies must sacrifice security. It does mean, though, that organizations must have the policies and technologies in place to ensure this network traffic is diligently verified and monitored for appropriate use.
To understand how the public sector can achieve this network governance, we spoke with Ken Karsten of Intel Security, a security solutions provider. He explained how network administration is changing and why those changes require agencies to adopt next generation firewalls to ensure ongoing security.
Changes in Network Administration Risk Security
First, Karsten explained that agencies are moving toward multi-disciplinary network management. “Decades ago, quality assurance was a different silo in a lot of manufacturing environments. But as quality went up, we started including that quality assurance in the regular manufacturing process. I think inevitably you’re going to see the same with security. It’s going to be a part of the intrinsic networking responsibility and IT environment,” he said.
As a result, “Security people are going to require a better network understanding, and network people are going to require a better security understanding as [security solutions] are bolted in,” Karsten added.
Second, Karsten said the transition of many agencies to cloud-based platforms will change the way networks are managed: “As you outsource to the cloud, many functions are being taken on by the cloud providers. Internally, administrators no longer need quite the breadth of technical capability to implement specific rule sets and policies of administration around these systems and capabilities.”
“But what they will need is the ability to make decisions on what they want to allow or not allow, and how they want to leverage their technology and applications to drive their business objectives and their mission,” said Karsten. As cloud providers perform many network tasks, traffic in and out of agency systems will naturally increase.
Next Generation Firewalls Confront New Challenges
According to Karsten, this increased traffic, coupled with the integration of security and network administration functions, requires agencies to adopt new firewalls.
“A traditional firewall basically allows traffic to go from inside to outside the network, and then from outside back into the network. And it does this based on a port and a protocol,” he explained. “But what a traditional firewall really does is, based on a port, make an assumption of what that protocol is.”
As the number of protocols exponentially multiply, it becomes easier for one protocol to trick the firewall into thinking it is a similar one by using the same port. Next generation firewalls mitigate this risk.
“When you bring next generation firewalls into play, you have the ability to do deep packet inspection. You know the protocol that the traffic is using, so you can ensure what it is, what application it’s using, and which user is executing it,” said Karsten. “It gives you a lot more granularity in policy, providing you a lot more visibility and security.”
What’s more, Karsten explained, “You can even go beyond that, to not only confirm that we’re using a certain application, but also inspect it to see if there are any intrusions or misuse or even viruses in that application traffic.”
This detailed visibility of network traffic also allows agencies to create more stringent policies regarding use and access. “The neat thing about a next generation firewall is not only does it have all these features and functions, but it also allows you to segment your network a little better. If you understand the internal environment — the applications that reside there and the users that are accessing those systems — you can create system-level access based on user,” said Karsten.
“Then, if I see a person go through the firewall and see they’re trying to access an application that they shouldn’t not have access to, I can immediately know something is wrong and I can stop that traffic,” he continued.
At the same time they segment their networks, agencies can also consolidate governance because the next generation firewall offers dual functionality. “It is both networking technology with security technology, housed in one form, factored both from a software perspective and a hardware perspective, even if it’s virtual,” said Karsten.
In summary, next generation firewalls meet both the operational and security challenges associated with the rise of network traffic. Karsten concluded, “Consolidating those features and functions lowers the total cost of an enterprise to implement a solution. It also raises the level of security by enabling additional security feature sets in real-time network traffic.”