How Next Generation Firewalls Can Help Control Your Business

What’s happening with firewalls?

The traditional firewall continues to be a staple in the network for security activities. Firewalls have traditionally operated on Layer 3 and Layer 4 information. In more recent years, they have become a lot smarter, which is in part due to Layer 7 Application identification and enhanced deep packet scanning. With these enhancements, firewalls began to gain new abilities including the ability to control applications and the capability to understand and identify the applications that are running in a network, allowing new application layer controls to be put into place. Next generation firewalls can also reach out to an organization’s directory services, i.e. Active Directory or eDirectory, and pull in user information for setting up user firewall policies, allowing for user and/or group-based application controls.  Referred to as Next Generation Firewalls (NGFW), additional NGFW enhancements include the ability to provide deep packet scanning, content security, gateway anti-virus, and content filtering.

What next generation firewalls deliver

Next generation firewalls give you the control, protection, and simplicity, along with the operational efficiency to support your business. It is important to maintain a balance between three main areas: operational efficiency, support for the business, and security efficiency. Operational efficiency allows users to scale centralized control and protection of resources.  NGFW’s provide support for businesses by being open and flexible with better total cost of operations (TCO).  They also offer security efficiency that protects with breadth, depth, and enhanced threat prevention. Bulk adoptions of next generation firewalls are starting now, and Gartner estimates that 70% of enterprise firewall purchases in 2014 will be next-gen firewalls.

Application awareness is the core of next generation firewalls. Application awareness enables firewalls to identify the applications that are running across it. Applications aren’t always easily recognized as some are evasive, but once identified there are a number of capabilities that are opened for use. In the beginning, visibility and tracking allow administrators to understand what applications are running across the network while gaining an understanding of what kind of security risks you might be looking at as well as what user behaviors are in play. Application identification allows users to control and set policies based on those applications. It gives you the capability to block applications you might consider risky such as peer to peer applications. User firewall controls allow different users to have different application policies based on their role and group. Policies can also be tailored by specific applications and rate limits can also be placed on individual applications, providing a nice level of control.

Quality of Service (QoS) can be applied on policies that help protect and optimize the use of your resources and prioritize the applications that are mission-critical while limiting the resources that are available for applications that are less important. Packet inspection can be used with encrypted packets and can monitor traffic traveling over https, which is important to be able to see what is in that traffic with SSL proxy. Intrusion prevention system (IPS) helps to remediate security threats and apply security controls.

Unified threat management (UTM) is where content security comes into play. UTM provides antivirus, protection from malware, and reputation enhanced capabilities.  Antispam provides multilayered spam protection and protection against APTs.  Web filtering blocks malicious URLs and prevents lost productivity, while content filtering filters out extraneous or malicious content to maintain bandwidth for essential traffic.

Juniper Networks’ next generation firewall strategy

Juniper Networks’ takes a threefold approach to NGFW by providing security, easy manageability, and scalability for all-in-one best value devices along with software that provides consolidated, layered NGFW security. Services provide integrated solutions, ApplD efficacy, and threat/app support full portfolio, while simplified management delivers UX leads engineering, highly scalable integrating management for all of the security services into a single centralized management platform that enables management of multiple firewalls in one place. Open/dynamic intelligent security provides open IPS and app signatures, as well as advanced threat protection.

Juniper’s NGFW capabilities include integrated user/role firewall that allows easy agent-less SRX AD integration, creating a flexible and scalable user FQ portfolio. AppSecure and UTM deliver better application (app) visibility and control including evasive app and tunneled app detection, open app and IPS signatures, and best-in-class content security. Simplified management features include centralized management of the complete security services suite, integrated logging and reporting, and the ability to scale to large environments.

Juniper WebApp Secure delivers what you would expect an application aware solution to deliver, including tracking, firewall controls, QoS controls, SSL Proxy capabilities, and IPS.  Integrated user firewall and extended user security options include integrated user firewall, active user role firewall SRX + MAG, and end-to-end user security SRX + UAC + NAC. All of these services are available on all of Juniper’s platforms, allowing users to choose a platform that best fits their environment and layer on security services as you need them. Licenses can also be purchased on an as-needed basis. Each device can be easily managed with Security Director. Juniper’s Firefly device also offers a virtual platform solution comes with AppSecure capabilities and UTM. When evaluating your NGFW, it’s important to remember that when adding additional services onto your firewall, you must consider the performance implications of those features or the resources that are in your firewall to make sure it can handle the added services.

Great Lakes Computer Partners with Aruba Networks

Great Lakes Computer has become a PartnerEdge authorized partner with Aruba Networks, a leading provider of next-generation network access solutions for the mobile enterprise.  Founded in 2002, Aruba designs and delivers Mobility-Defined Networks that empower IT departments and #GenMobile, a new generation of tech-savvy users that rely on mobile devices for every aspect of work and personal communication. To create a mobility experience that #GenMobile and IT can rely on, Aruba Mobility-Defined Networks automate infrastructure-wide performance optimization and trigger security actions that used to require manual IT intervention. The results are dramatically improved productivity and lower operational costs. Aruba is the industry leader in 802.11ac access points and focuses on building secure, reliable, and easy-to-manage wireless networks.

Recently Juniper Networks and Aruba Networks announced their strategic partnership to deliver converged wireless and wired networking solutions based on each company’s best-of-breed technologies. This partnership includes joint development efforts and collaboration to focus on items such as delivering comprehensive solutions and more value to customers and enabling technology partners to take advantage of Juniper’s open APIs. Together, Juniper and Aruba address mobility market trends with product-level integration that leverages open protocols and open APIs on Juniper routers and switches, and contextual data on users, devices, applications and location available from Aruba’s enterprise Wireless LAN (WLAN) products. With this new integration, enterprises will now be able to optimize application performance, enable mobility-centric security and policy, and reduce total cost of ownership by eliminating vendor lock-in.

Already a partner with Juniper Networks for many years, Great Lakes Computer has chosen to align with Juniper in their positioning with Aruba Networks. This partnership will allow GLC to provide the knowledge, products, and expertise of Aruba Networks, as well as the new developments that their partnership with Juniper Networks brings. Great Lakes Computer already provides wireless site surveys to help improve existing wireless deployments as well as identify access point placement and coverage for new wireless deployments. These surveys help identify issues such as gaps in coverage, insufficient data throughput, service interruptions, and a growing number of devices.

Great Lakes Computer will carry the complete Aruba Networks wireless portfolio including access points, controllers, and software, as well as provide professional services to support hardware sales. 

Unitrends Releases Free Online DR Planning Tool

As the industry’s fastest-growing multi-environment disaster recovery and data protection company, Unitrends has recently announced the release of their online Business Continuity/Disaster Recovery (BC/DR) Link service tool that allows users to build and customize a disaster recovery plan. This enables users to easily build a comprehensive disaster recovery plan and confidently respond to an outage or disaster and recover systems quickly and efficiently. Unitrends has made this online tool absolutely free providing businesses that don’t have the staff, time, or budget to address disaster recovery with an easy and automated way to do so.

The BC/DR Links delivers step-by-step guidance for building a robust disaster recovery plan and includes 1 Gigabyte of centralized storage in the Unitrends cloud. Businesses can use the cloud to store essential data such as evacuation plans and emergency contacts. In the event of an outage or disaster, users can access the data remotely from a computer or mobile device. According to a 2014 Preparedness Benchmark Survey conducted by the Disaster Recovery Preparedness Council, more than 60 percent of respondents do not have a fully documented disaster recovery plan. Unitrends BC/RD Link is an industry-first, saving companies countless hours and thousands of dollars for those that fall within that 60 percent. 

The BC/DR Link helps users to:

• Build BC/DR plan with the best practices in mind while incorporating the latest business continuity disaster recovery methods, offers guidance through the process, and offers plenty of room to attach instructions, checklists, and floor plans.
• Allows the opportunity to connect the right people by giving everyone DR instructions remotely to spring into action as a well -coordinated team in the event of an outage or disaster.
• Securely links key people to the DR plan from any mobile device with the use of mobile checklists. 

Businesses can leverage Unitrends’ new hybrid cloud Disaster Recovery as a Service (DRaaS) offering if they are looking for increased storage in the cloud and white glove disaster recovery service. Unitrends’ DRaaS utilizes the company’s proven ReliableDR, Unitrends Enterprise Backup and Unitrends Bridge technologies and delivers recovery services for business continuity and protection of heterogeneous physical and virtual applications and infrastructure.

To get started with your FREE BC/DR planning, please visit: https://bcdrlink.com/

Veeam Management Pack v7 for System Center Now Available

Veeam recently announced the general availability of Veeam Management Pack (MP) v7 for System Center. This product includes the full capabilities for VMware vSphere and Veeam Backup & Replication along with new Microsoft Hyper-V support. Formerly known as Veeam Management Pack for VMware, Veeam MP v7 offers new features and functionalities such as unique in-context dashboards, real-time performance from the hypervisor and enhanced visibility for proactive monitoring.

An improvement over the previous free Veeam MP v7 for Veeam Backup and the full version of Veeam MP Editions, Veeam now offers three editions to better meet customer needs. Veeam Backup FREE, Veeam Enterprise Edition, and the Veeam Enterprise Plus Edition. The Enterprise edition is a scaled-down version for businesses that do not need all the features and functionality of Veeam MP v7 Enterprise Plus edition.

Highlights of Veeam Management Pack v7 for System Center include:

• Veeam Task Manager for Hyper-V – A look at real-time information of the memory CPU consumption for the host and the virtual machines (VMs) running on that host through an in-context dashboard. 
• Capacity planning widgets – Proactive monitoring allows users to quickly view the state of a cluster on compute or storage capacity and predict how long current resources will last based on historical data. This ensures adjustments can be made before compute and storage resources run out. 
• Heatmap widgets – A color-coded, drill-through dashboard view to see how an environment is performing on varying performance counters and for clusters, hosts, and VMs to research deep into the different objects and detect future issues.
• Top-traffic light widgets – Shows various counters and the state of the counters based on user selected parameters on a color-coded dashboard. 
• Hybrid cloud reporting – Provides capacity planning for hybrid cloud. The reports analyze the environment and recommend the cloud Infrastructure as a Service (IaaS) resources needed to run the workload either for VMware Hybrid Cloud Service (vCHS) or Microsoft Azure.

Delivering multi-hypervisor management and data protection management with application to metal visibility, the Veeam Management Pack v7 is the best third-party management pack for System Center with improved functionality, insight, proactive monitoring, extensive reporting, and additional tools to bring ease to any data center.