People are often described as being products of their time. The major events that happen in a person’s formative years create a tinted lens that colors the way they handle other situations later in life.
The same could be said about network security. Technologies like stateful inspection and HTTP proxies were created to address the security challenges that arose as enterprises began to conduct more and more of their business on the Internet and more specifically, the Web. Their approach to security was based on a basic set of assumptions – that blocking or filtering ports (and subsequently, URLs) is an effective way to stop unwanted and potentially dangerous traffic.
However, we all know that the ways businesses use the Internet have evolved beyond the capabilities of port-based approaches to security. Today’s networks require IT departments to understand what applications are running on the network (what it is, where it is, who’s using it, and how; and what their weaknesses are). For example, the latest edition of Palo Alto Networks Application Usage and Threat Report (released last month) showed that just ten applications are responsible for more than 97 percent of exploit logs. Of those ten, nine were commonly used business applications that form the backbone of most organizations’ business processes.
Knowing that cyber criminals are attacking a critical network application as part of a sophisticated attack that includes other malware that masks itself AS another application means that the era of port-based security is over. If you can’t tell the good traffic from the bad, simply blocking or filtering a port leaves a lot to be desired as a solution to address the problem. Protecting today’s networks require firewalls backed by a deep understanding of what applications are running on the network, who is using the application and what data that application is accessing. Knowing that will allow network administrators to develop polices that safely enable applications. Our current business environment requires firewall technology built with applications in mind from the very beginning.
In short, in today’s era, if you don’t know applications, you don’t know security.