How we handle security needs & ongoing security improvements. Part 2

Published: May 14, 2019 6 min. read
Svitla Team
By Svitla Team
Cybersecurity
How we handle security needs & ongoing security improvements. Part 2

In the first part of this series, we briefly discussed Svitla Systems’ recently received SOC 2 certification and its relationship to our internal information security program. In this part, we will talk about our infrastructure improvements and the benefits they bring to our company and customers.

Like many modern, nimble, and growing distributed organizations, Svitla takes advantage of public cloud infrastructure and many software-as-a-service solutions to virtually eliminate internal systems and their associated servers from our office networks. These systems traditionally require significant security protection and replacing them over time with SaaS solutions has made our network security simpler. The SaaS solutions also provide easier access for users across multiple offices and those working remotely, since they can connect directly over the internet. In general, this trend has reduced the need to monitor inbound network traffic from the internet or from other Svitla offices, since there is little on the office networks being accessed from outside.

Security attention is now focused on the opposite path - traffic originating in the office network accessing outside resources. An equipment refresh this year, the deployment of NextGen Firewall (NGFW) devices, is addressing this growing need and adding other new capabilities as part of the upgrade, providing more visibility into outbound traffic on top of traditional inbound security protections.

NGFWs provide quite a bit more functionality for security awareness and protection by going beyond simple protocol/port/IP address filtering to monitor traffic down to the packet level. The devices inspect both inbound and outbound packets to protect the network and ensure no malicious traffic originates from our offices. They also help prevent malicious responses like viruses and malware to outbound requests. The majority of outbound traffic today is HTTP/HTTPS and threats can be embedded within the packets sent and received via this protocol.  It is important that inspection also includes identity awareness for traffic to evaluate individual requests and determine the presence of a threat.

Cybersecurity Managed Services Require the Most Reliable Partners Explore how Svitla Systems can safeguard your business with expert cybersecurity management and innovative solutions. Contact Us

An important consideration for us when acquiring these NGFW devices is accounting for future growth and sizing the devices appropriately. It is vital that each device can handle the higher activity level generated by a larger number of employees in the offices as they grow. The incremental cost now of a larger device with more memory and a faster CPU is lower overall than purchasing a replacement device or using multiple devices in the future. The idea is to avoid a situation where the traffic overwhelms the device and internet access comes to a halt.  The workarounds at that point are highly undesirable: reconfigure to limit what is inspected to reduce the work for the device - reducing security at the risk of increasing vulnerability, or bypass the device entirely! Both completely defeat the purpose of having the device in the first place. Therefore, we considered the current pace of growth and projected the size of each office about two years out, then chose the devices which would support the predicted increased traffic.

We also chose to standardize these devices across all of our offices to make it much easier for our distributed team to provide support, particularly as we grow and add new locations. There is little need for “context switching” to an office-specific device from situation to situation, or learning a new device as a new one is put in service. The knowledge of how to configure a new device will already exist in the team and details on how to address particular situations will already be available at each location can benefit from the experiences and knowledge of the others.

Training. In order for our internal IT to be able to fully support the new devices, they are being trained to use the interface, the configuration options and capabilities, and how to utilize them in our specific environments. We have rolled out a training program incorporating many resources from the hardware vendor’s training and certification resources. The team will refresh their knowledge of general information security, the cybersecurity landscape, and specific details on recent threats and how to mitigate them. This will pay dividends well beyond the support of the devices and improve our entire firm’s security posture, benefiting all of our customers.

Additionally, non-security related benefits will be realized. One of the new devices was installed in an office earlier this year as a test, or proof-of-concept. It has already shown significant value, including some unexpected, non-security related benefits. The office has utilized a pair of internet service providers, each supplying significant bandwidth for our associates to use for their work, for quite a while. Internet performance was always good prior to adding the NGFW and rarely there were complaints about the internet. As a result, no difference in perceived speed or reliability related to upgrading the firewall device was expected. It really was not something we were even thinking of when we deployed the new hardware.

So it came as a big surprise when performance went down and complaints about the internet became common in the first few days after the install. The key indicators of the problem were SSH sessions into remote resources, which became completely unstable and would not remain available for longer than a few minutes at a time. An investigation into the problem revealed that it was not an issue with the device itself, but the ISPs and the stability of their service. The device was switching WAN access periodically based on the latency and bandwidth available for each connection. Major fluctuations in these values caused the device to cycle rapidly between the providers. The configuration was revised to take this into account and the issue disappeared. Further, the previous firewall appliance was not as efficient as the NGFW and had performed even worse when handling these fluctuations, so a noticeable performance improvement was finally realized after the configuration changes to the new device.

Svitla’s ongoing efforts to improve information security have been part of several different projects and decisions this year, including the equipment replacement upgrades described here. The standardization, performance improvements and additional security capabilities have already shown their worth, and this will only continue. In the next part of this series, we will discuss several customer-specific programs which we are now delivering based on using these new capabilities.

Written by
Mike Sweetman
How we handle security needs & ongoing security improvements. Part 2

FAQ

What is the basic of NGFW (Next-Generation Firewall)?

A Next-Generation Firewall, or NGFW, goes beyond the scope of a traditional firewall by inspecting both inbound and outbound traffic at deeper levels at the level of packet contents rather than only ports, protocols, or IP addresses. Its core function is to ensure no malicious requests from inside the network and reveal threats that might be masked within HTTP/HTTPS traffic. In addition to this basic feature set, NGFWs offer identity-based traffic inspection, enhanced visibility, and scalability appropriate for growing organizations.

What are some essential elements of a firewall policy?

A firewall policy should outline in its guidelines the comprehensive inspection of traffic, going beyond simple port and IP filtering to include packet analysis on both ingress and egress data. The policy should make sure that firewalls are capable of identity awareness for evaluating individual user requests inside common protocols, such as HTTP/HTTPS, wherein most threats hide. In addition, any strong policy must consider growth: can the firewall keep up as more traffic is allowed through it while still maintaining performance and maximum security?

What are the key features of a firewall?

Modern firewalls deliver much more than network access control. They provide for deep packet inspection at a granular level for both inbound and outbound connections with content-based intelligence to identify and stop malicious content, like viruses and malware, from entering or leaving the network. Other important features include Identity Awareness to evaluate threats specific to users, strong scalability when going through growth in an organization itself, and centralized management ensuring consistent security within a distributed environment.

What are the three main functions of a firewall?

Firewalls have three major duties: to observe and screen network traffic, to stop unapproved entry, and to find as well as block harmful content. They do this by looking deeply into data packets, making sure that only rightful traffic comes in and goes out of the network. This covers spotting and halting dangers such as viruses and malware, as well as stopping any unwelcome attempts to access internal resources.

What benefits do Next-Generation Firewalls provide to customers?

Next-Generation Firewalls provide end users with advanced security, enabling deep packet visibility on both ingress and egress traffic for threats beyond traditional port and IP filtering. They ensure that no malicious payloads, such as viruses and malware, originate from within the network, and also make sure that no harmful traffic moves from within the network. Also, it provides enhanced performance and reliability in dynamic network scenarios, plus eases management by providing standardization across several locations.