Hard line in protection

For security managers, safeguarding the business means constantly making sure they are fully up-to-speed on the very latest threats. As those threats are constantly changing, and growing ever-more complex, it's essential that security professionals constantly re-evaluate their protection regimes. They must be looking to change their approach and the tools they use to monitor and protect the company as new technology develops.

It's a fact that this whole process can be - and often is - overlooked, particularly when it comes to the ‘nuts and bolts' of IT security such as Internet filtering. It is all-too-easy to brush aside small problems until such time as they build up and start causing huge difficulties... perhaps significantly slowing down the network (which is potentially bad news for the business) or requiring extra processing power.

Traditional Internet filtering is usually ‘accommodated' by antiquated software-based technology which isn't always the best option for protecting employees from viewing violent or pornographic content, or accessing web sites that may harbour malicious viruses. The danger is that, because software-based filtering is dependent on the web browser being used, technology-savvy employees can potentially circumvent the security manager's controls by downloading a different web browser to surf the Internet (meaning that the software filtering will not apply).

However, new hardware-based filtering technology can prevent this as it removes any reliance on specific web browsers for web content filtering to work.

Headache for managers

The other consideration for security managers is that software-based filtering can also be a major headache to manage. The challenge has been that hackers and virus writers are continually finding new ways to create security threats. Those threats have become more complex, often bombarding the corporate network and chewing up the best part of a business' network capacity.

As this complexity continues to grow, the worry for security managers is that their software-based Internet filtering solutions will begin to struggle to process the increased amount of network traffic and, as a result, will use up more CPU cycles in processing information. In turn, as the CPU cycles increase, security managers will discover that, in order to maintain adequate levels of employee protection, they'll need to procure additional servers that will meet the software's increased processing needs.

The requirement for Internet content filtering is not something that will go away. In fact, the demand for it can only increase. Clearly, there needs to be a balance that will allow security professionals to protect employees from questionable Internet content without blowing the budget.

Hardware-based Internet filtering is one possible solution. It will allow security managers to filter the network traffic coming into and out of the organisation, at the same time preventing users from viewing questionable material. It can also protect employees from accidentally visiting web sites that - unbeknown to them - contain viruses which could be downloaded onto their computer's hard drive.

This type of Internet filtering will protect businesses against a wider range of more complex security threats - for instance, zero day exploits - than traditional software-based solutions. If, for example, a weakness has been found in an application that the business is using then it can block (at the Internet level) any network traffic which is attempting to exploit that weakness. This protects the business even if the application manufacturer has not yet issued a ‘fix' or patch for the vulnerability. Blocking traffic at the Internet level means that network performance is unaffected.

Extra degree of protection

As well as being easy to manage and highly scaleable, hardware-based Internet filtering affords managers increased flexibility when it comes to enforcing security policies

As this technology can block network traffic, based on the type of that traffic it allows businesses to enable web anti-virus blocking, HTML scanning for exploits and vulnerabilities, anti-spyware, anti-adware and blocking of illegal content. For busy security managers, this extra degree of protection can be a God-send, ensuring that they will not be in the firing line because an employee has been unintentionally exposed to undesirable Internet content.

By using hardware instead of software to filter Internet content, security managers can have peace of mind that they will not need to purchase additional processing capacity. Why? The hardware will have been designed with all the processing power it will ever need, making it more than capable of coping with either an increased number of users or enhanced Internet traffic levels as the business expands.

As well as being easy to manage and highly scaleable, hardware-based Internet filtering affords managers increased flexibility when it comes to enforcing security policies. For example, it can also be used to help businesses enforce their Internet usage security policy. Security managers can customise hardware-based filtering to prevent employees accessing e-commerce web sites such as eBay if this practice is either restricted, banned under the corporate security policy or otherwise discouraged because of the possible impact on employee productivity.

In addition, it adds another layer of protection to businesses by blocking access to external e-mail services such as Hotmail or Gmail where viruses can potentially be downloaded (and infect an otherwise secure corporate network).

By processing and recognising the type of traffic entering and leaving the corporate network, security managers may block employees from visiting or using these transactional or dangerous sites (not only by web site URL address, but also based on an analysis of the type of network traffic used).

Enforce your security policy

As the range of security threats continues to grow unabated in terms of both frequency and complexity, security managers will need to consider alternatives to traditional software-based filtering. Unless they reassess the way in which they're filtering Internet content, it will not be long before serious problems arise.

Adopting new technology such as hardware-based filtering can ensure that the business' IT systems perform at their peak despite the fact that there is much more information that needs to be filtered.

Importantly, this new technology can also help security managers maintain and enforce control of the company's overall corporate security policy, safe in the knowledge that there will not be any hidden extra costs a few months down the road. n