Posts

Inspect Everything, Protect Everything: Next Generation Firewalls for Network Segmentation Inspection

Most of us would reach into a cookie jar full of delicious, just-out-of-the-oven, chocolate chip cookies without a care in the world, or any doubt that we should simply enjoy the euphoric chocolaty goodness.

But what about germs? Did everyone wash their hands before reaching into the jar? What soap did they use? How do you know if your delicious cookie hasn’t been infected? It’s not like you can force someone to stand guard with a bottle of hand sanitizer to ensure that everyone is disinfected before they reach their hand into the jar. Or can you?

Your network data is a lot like that jar of cookies. You want to ensure it is available for those trusted to be able to enjoy and use, and you want to keep it safe from infection. You also want to be able to see who else is reaching into your cookie jar, and make sure they aren’t eating all the cookies. You want to make sure you are protected from cookie thieves and other crumb snatchers.

The practice of architecting a network with different zones and segments based on usage, function, or location (for instance, configuring different network zones or VLANs for different uses such as isolating DMZ from LAN traffic) is nothing new. It has been a long standing cornerstone in any enterprise network. Over the years this segmentation theme has grown drastically in some enterprises, such that different hallways or floors of buildings are isolated on specific VLANs, or printers and servers are on different VLANs than end-user workstations. In some cases, there could be further segmenting of various WIFI networks, VoIP networks, or public accessible kiosks. In the Internet of Things model, everything needs to be connected, but, for controlling the connectivity, network segmentation is still a vastly favored and effective method.

However, there is a flaw to this mindset that many network admins and architects have overlooked, and that is the evolving security threat landscape. Most networks using forms of VLAN segmentation have deployed these VLANs on high-performance-core network switches to support the vast demand of connectivity and throughput performance. As such, the most common example one might see of this configuration is several VLANs combined with Layer 3 IP Interfaces built on the core switch. Once this is configured, it enables users to route directly over the switch from user networks to the server networks. While this is traditionally a very effective and standard approach to network communications, it has become an effective way for malware to communicate as well. In this approach, as there is typically no access control between the end-users and server segments, exploits, trojans, and malware can pass freely from zone to zone.

Consider the data as the cookies, and the server zone in which they sit as the cookie jar. You need to make sure every user that reaches their hand into that jar has used hand sanitizer to make sure they are not passing off any infections. You need to make sure the users reaching into that jar are who they say they are, and that they aren’t stealing your favorite cookie. You cannot rely on simple network access control or stateful packet inspection via access list on a core switch to protect your cookies. The threat landscape has evolved, and stateful rules that would permit file share access would also permit communications for the latest ransomware exploits. Don’t let the bad guys hold your cookies hostage.

By deploying the SonicWall Next-Gen Firewall with advanced Gateway Antivirus, Access Control, Application Inspection, Intrusion Prevention, and Advanced Persistent Threat Protection, in combination with a network architecture crafted for segmenting different network zones, you can successfully ensure that everyone’s hands have been disinfected. Keep your cookie jar clean from the latest botnets, exploits, intrusions, and malware. Read more on this topic with our “Executive Brief: Why you need network security segmentation to stop advance threats.”

The “Aha” Moment. Say Yes to Security and Collaboration.

In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.

But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.

Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.

What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.

This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.

For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.

So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.

Top Reasons to Update to SonicWall SonicOS 6.2.5 for Better Network Protection

Like many people, I sometimes pass over or delay software updates, but this one was different. The new SonicOS6.2.5 adds so many critical new features and so much functionality that I updated my SonicWall TZ firewall the moment it was available.

The new SonicOS 6.2.5 also gave me a chance to make more sense out of my network. My wife works from home, so our network carries both business and personal traffic. SonicOS 6.2.5 adds support for SonicWall X-Series switches on the SonicWall TZ300, TZ400, TZ500 and TZ600 next-generation firewalls. So by replacing my old switch with a SonicWall X-Series switch, I now have a secure network that will allow me to expand as I add more technology. Plus, I am confident that both our home and business data is now protected with the same security engine that is used by governments, colleges, hospitals and banks.

Here are a few reasons this update makes sense for any small business:

  1. The TZ firewall does not slow my network down.
  2. I manage everything from the TZ firewall, including the switch and my SonicWall SonicPoint access points
  3. Protection, protection, protection. At the National Retail Federation show in January, I (accurately) predicted 2016 to be the year where businesses will be hit with ransomware attacks. One of the strengths of  SonicWall is how fast it protects me from all new malware (in this case, ransomware). I continue to make backups, but I feel confident that I will not get breached by this particularly insidious type of malware.

And here what is so exciting about this new release for the distributed enterprise:

  1. With GMS, you can centrally manage the entire network infrastructure of a single site (and all distributed remote sites) including firewalls, switches, wireless access points and WAN acceleration devices. Being able to see what is happening on your network and pushing consistent policies to all sites is a compelling reason to upgrade.
  2. Multiple enhancements for more efficient inspection of encrypted traffic (TLS/SSL) with easier troubleshooting, better scalability and enhanced ease of use. Encrypted traffic is on the rise (50% surge according to 2016 SonicWall Security Annual Threat Report). It’s time to up your game and avoid a costly compromise or denial of service.
  3. With SonicOS 6.2.5,  SonicWall firewalls have achieved the prestigious Department of Defense (DoD) certification based on stringent security requirements. If a product with a firmware version is qualified for use by DoD, then it’s a safe (pun-intended) reason to upgrade your products to 6.2.5 now.

There are also additional improvements that anticipate the dynamic malware business. In our recently published Threat Report, we noted a substantial rise in encrypted communication. This is great for your privacy, but it also gives criminals a very easy method to penetrate networks. Most firewalls either do not inspect encrypted sessions or have this feature turned off a big mistake! An easy way to bypass your network’s security is by sending encrypted malware. Encrypted malware is a reality, so be better prepared with this new OS release. With this new release, the improved user interface makes it easier to set up and manage, especially when it comes to excluding inspection on traffic (such as Google searches).

Building a secure network is something that everyone should insist on. With the new SonicOS features I am a little bit closer. The addition of X-Series switch support to the TZ line (and it is only the TZ300, TZ400, TZ500 and TZ600 products at this time), my network is easier to manage, less complex and more secure.

My friend, Sathya Thammanur, product manager for SonicWall TZs, talked in more detail about the new features of SonicOS 6.2.5 in his recent launch blog. If you are looking for more information his comments are a great place to start or you can download our whitepaper: The Distributed Enterprise and the SonicWall TZ – Building a Coordinated Security Perimeter. If you are ready to upgrade your network, give us a call to explain how security does not have to cost you a lot of money or give you a big headache. As the security officer of your small business, your home or your distributed enterprise, SonicWall has a solution to make your life easier.

Chocolate and Network Security: A Match Made in Heaven

I’ve just finished lunch and something is missing. It was a good lunch too: grilled cheese sandwich and lentil soup (a nod to the chilly, blustery Spring morning outside). I liked my lunch, but now I want a little”¦ I don’t know”¦ a little something. What I’d like, truth be told, is a little bit of chocolate. Maybe a small chunk of Ghirardelli’s mile, or whoa ““ how about a lovely Lindt Lindor truffle? Yes, that would be just the ticket, but alas”¦ there’s no chocolate in the house.

And what, you may ask, has this to do with Security?

Everything. I assure you. Everything.

Let’s say you’re a distributor of fine chocolates, candies, gourmet sauces and other foods for the discerning palette. Let’s say you’re business is expanding by leaps and bounds, and your IT infrastructure is increasingly at risk, as you get hit with various malware events. No one really thinks of the critical role that IT plays in under-girding the success of gourmet food, but as wholesale and retail provider, First Source, knew ““ without a sound and safe infrastructure, they were going to be in trouble. But not only did First Source need an updated security infrastructure to better protect against threats 24×7, they also needed this to happen while improving the speed and quality of its order processing.

As a chocolate craver, let me tell you, I’m so glad First Source put SonicWall Security’s mobile and network security solutions and gourmet food together.

Over a period of 18 months, First Source designed and deployed a company-wide SonicWall next-generation firewall solution “” including firewall appliances at each remote location “” to act as the gatekeepers for the First Source IT infrastructure.

And wouldn’t you know it – the SonicWall solution has not only boosted the company’s security, but having site-to-site SSL VPN access with load balancing and high-speed internet connections has allowed the company to increase efficiency and collaboration too (read what other benefits First Source experienced here >>)

In almost every industry, in almost every location a solid secure infrastructure under girds almost all aspects of our lives. Even my chocolate cravings”

Three Reasons to Simplify Your Network Infrastructure

You have a growing business, so you need to add more connections: PCs, cameras, or even another location. As you grow, your IT infrastructure is getting complicated, and with every new branch office complexity becomes an issue. As this network grows, there are additional challenges when adding more connections that need to be managed by the firewall. For organizations with multiple remote sites, such as retailers and distributed enterprises, there could be hundreds of consoles to manage, leading to uncontrollable complexity and spiraling costs. Whether it’s scaling to expand a small business or already overseeing a large enterprise, managing the security of an entire distributed network necessitates a simpler and more consolidated approach that can work within tight budgets.

This seems to be a common theme for many companies, ranging from a single store to a large multi-store chain. As I see it, the challenge is the need for a simpler, more centralized approach that allows you to:

  • Securely grow the business
  • Manage security, wireless, cameras, VoIP, networking and WAN acceleration infrastructure through a centralized management console.
  • Create and deploy consistent security policies, across multiple branches or locations

Traditionally, you rely on your network expert to build out a network consisting of several dumb switches that only increase complexity and cost. This is especially true when configuring distributed networks, as each piece requires multiple consoles, increased overhead costs and the potential for misconfiguration and non-compliance. Managing success should not include dealing with increased complexity and less security.

SonicWall’s solution solves this challenge with a converged infrastructure approach. For a single installation, SonicWall lets you add more connections that are managed by the firewall, thus, delivering greater flexibility to apply granular security controls. SonicWall provides a single solution to connect all your devices, whether they be PCs and printers, or Power over Ethernet (PoE) devices (such as wireless access points and cameras). For remote installations, SonicWall’s solution lets you deliver consistent security policies that can be viewed under a single centralized management console.

To learn more about how you can grow your business while reducing complexity, click here to read our executive brief.

Managing the Madness of Multiple Management Consoles with SonicWall TZ Firewall and X-Series Switches

With fast emerging technologies, challenges of network design in distributed retail store locations is becoming huge. As retail store and distributed enterprise environments evolve, the underlying network infrastructure must evolve with the transformational changes to embrace new technologies such as mobile and digital media which aim to improve customer experience. Embracing new technological changes in a retail network needs to be carefully thought through by raising the following questions:

  1. Is the network infrastructure scalable?
  2. With the increased scale, is the network still secure?
  3. Are the operating costs increasing with the network expansion?
  4. Above all, is there still sanity prevailing in the management of such an evolved network?

The ultimate goal of a network design for any distributed retail location is to create a smart, flexible and easy-to manage platform that can scale to the specific needs of each site, while helping the organization reduce costs and risks. Typical solution of solving any network design expansion is to throw more capacity at the problem. As support for new technology and devices arise, there is overinvestment with added complexity. A new paradigm shift is necessary that can provide a converged infrastructure, simple & easy-to-use management, lower operating costs and can scale to a retail store site’s specific business need.

Let us start by understanding a typical retail store network. A retail store has many components: Point of Sale (POS) devices that require network access to process orders, multiple PoE powered devices such as IP cameras, Network devices such as storage servers & printers, multiple internal backend networks that employees need access to and above all a Guest WiFi requirement that retail customers can benefit from. Taking these attributes into account, a typical retail store design gets broken up into:

  • Multiple internal networks for employee access (for example Sales, Engineering, Finance)
  • Point-of-Sale (POS) network
  • Network devices ““ PoE Cameras, PoE/PoE+ driven Access Points, Storage Servers & Printers
  • Wireless Networks ““ Corporate internal wireless, Guest wireless

The retail network design needs to be secure, fault tolerant and interconnected. Security is typically offered by next-generation firewalls, switches provide the interconnectivity and wireless is offered through multiple access points depending on the store location size. With a scattered management design, an IT administrator is faced with the challenge of managing the network through multiple management consoles. There is the added operating cost of licensing for the various management consoles. A certain madness starts to prevail with the varied management solution as we consider troubleshooting issues in such a network.

With the newly launched SonicOS 6.2.5, SonicWall Security launched a special feature, X-Series integration, that allows for a simplified management of secure converged infrastructure across a distributed retail network by integrating SonicWall X-Series switches into a single consolidated management view that already controls SonicWall firewalls, SonicWall SonicPoints (wireless access points), and SonicWall WAN acceleration devices. Using SonicWall Global Management System (GMS), SonicWall now offers a compelling single-vendor, consolidated secure management solution for distributed retail networks. If you are an existing customer and partner looking for the latest release notes, they are posted here: https://support.software.dell.com/sonicwall-tz-series/release-notes-guides

To learn more about the design of a scalable secure retail network, download our Tech brief: Scalable, consolidated security for retail networks.

Next Steps to Defend Against Cyber Attacks

Whenever I start to write about cybersecurity, something else comes up. I wanted to write about last week’s cybersecurity-focused Executive Orders ““ we’ll get to them shortly ““ and then I read that in an IRS hack last month, stolen social security numbers enabled attackers to get more than 100,000 E-file PINs. The IRS says, “No personal taxpayer data was compromised or disclosed by IRS systems,” and is notifying affected taxpayers. This follows a hack reported of employees at Justice and DHS, in which the attacker used social engineering, reportedly impersonating a government worker, to gain access to agency information.

These incidents just don’t stop, do they?

Which brings us to the two new Executive Orders. One establishes a Commission on Enhancing National Cybersecurity, the other a Federal Privacy Council. And they’ve been signed into existence during the same week that the White House submitted its budget proposal for federal FY 2017, including requests for $19 billion for cybersecurity as a whole, with $3.1 billion dedicated to getting rid of older, less secure systems. While agreement on and approval of budgets is, let’s face it, problematic in the current political climate, getting funding for cybersecurity is less problematic than for many other areas. Across the board and across the Executive branch and the Congress, leadership understands and generally supports cybersecurity initiatives, understanding the very real costs of inaction as shown by the two news items I mentioned.

The Commission on Enhancing National Cybersecurity’s mission is to “make detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices.” There’s a lot in that mission statement that’s worth pointing out. The Commission’s scope covers both public and commercial sectors, specifically mentioning state and local government along with the feds. It’s about partnership and collaboration, and about protecting privacy as we improve cybersecurity. It’s specifically tasked with strengthening identity management, cloud computing, and laying a cybersecurity foundation for the Internet of Things. The Commission will reside in the Department of Commerce and be supported by NIST, and will have until December 1 of this year to complete its activities and report out to the President. That’s a lot to ask for in ten months of work; here’s hoping that the Commission employs some variant of Agile methodology ““ as the Federal CIO did quite successfully last July with the 30-day Cybersecurity Sprint ““ in order to accomplish its mission.

While the Commission is time-delimited, the newly-established Federal Privacy Council is not, and I think that’s a good thing. The point of the council is to serve as an interdepartmental support, coordination, and collaboration mechanism for privacy standards among Cabinet department and the larger federal agencies. It will be chaired by OMB’s Deputy Director for Management and largely comprised of Senior Agency Officials for Privacy. The Council, as described in the EO, seems to be about breaking down barriers when it comes to sharing best practices and lessons learned, and reducing duplication of privacy-related efforts across agencies.

More cybersecurity funding (hopefully), more collaboration across government and industry, more coordinated and focused efforts on privacy. All three of these items are needed and appropriate steps toward improving our cybersecurity.

SonicWall Security is here to help government and industry decrease their cybersecurity risk, update older infrastructure, and improve privacy protections. Follow the links to learn more about our SonicWall One Identity solutions for identity and access management and SonicWall network security solutions for greater performance and deeper network protection.

Are School-issued Mobile Devices Safe to Use on Off-campus Networks?

A few weeks ago my eldest son was given a Chromebook by his school which he brought to the house to do his homework. Before the Chromebook, he did his homework on the PC I had set him up with in his room. The nice thing about that is I have a firewall with a content (aka URL or web) filtering policy in place so I have control over the websites he can access since he’s getting to the internet through our home network. But not everyone has a firewall and/or content filtering to protect their kids from inappropriate and potentially harmful web content.

Schools providing K-12 students with mobile devices so that they can access content over the internet has grown over time as administrators, teachers and parents see the benefits of an untethered learning environment. A Project Tomorrow report indicates that almost half of the K-12 teachers surveyed said that their students have regular access to mobile devices in their classroom. Some of those devices are school-issued. However as students enter high school more prefer to use their own personal mobile device in the classroom whether it’s a laptop, Chromebook, tablet or smartphone.

In an earlier blog I wrote about five things K-12 schools should look for in a network security solution. One of those is web filtering. K-12 schools need a URL filtering policy in place that includes technology to protect students from inappropriate or harmful internet content if they want to be eligible for discounts through the government’s E-rate program, also known as the Schools and Libraries program. While most schools have a filtering policy in place to protect students when they’re in the classroom, what happens when they take that device home? Does the mobile device have some way to enforce the policy beyond the school’s network perimeter?

This leads me back to the story about my son’s Chromebook. Without some mechanism in place that blocks access to inappropriate websites when the device is outside the firewall he could take the Chromebook anywhere there is a Wi-Fi connection and have unrestricted internet access. From a parent’s point of view, depending on the student’s age that’s probably not a good thing. From the school’s perspective, administrators don’t want to be viewed as the provider of a tool that enables children to look up inappropriate videos, images or text without some form of control in place.

One solution school IT administrators use to solve the problem is to force all traffic from the device back through the school’s firewall once the device connects to the internet. The nice part about this approach is that the school can use the same policy whether the device is inside or outside the firewall perimeter. There is some downside though. Routing all traffic from every school-issued device regardless of its location back through the school network consumes valuable bandwidth which can be costly.

A unique solution SonicWall offers is our Content Filtering Client. Residing locally on the Windows, Chrome OS or Mac OS X mobile device, the client extends web filtering policy enforcement to devices used outside the firewall perimeter. Administrators can apply the same policy or a different one depending on whether the student is using the device is being used inside or outside the network. The device will also switch over to the inside policy once it reconnects to the school’s network. The combination of the Content Filtering Service and Content Filtering Client provides “inside/outside” web filtering coverage.

If you’re an IT director or administrator with responsibility for implementing network security and content filtering across the school district and would like to learn more about Dell SonicWALL Content Filtering Services and why they are an essential component of your network security strategy, read our technical white paper titled “K-12 network security: A technical deep-dive playbook.”

Three Core Network Security Tips From a K-12 IT Expert

Every moment of every day, anyone or any organization, government or institution – including K-12 – can fall victim to the latest threats and cyber-attacks. If you’re accountable for the network security of an entire school district, you know your success rests largely on everyone understanding and staying current with today’s complex and dynamic risk environment and how to avoid it.

K-12 IT expert Larry Padgett bears this out: “The most important thing is to get everybody to agree that technology security is everyone’s game, everybody on campus, and every division, department and schools must be fully engaged. Otherwise, it is going to be very difficult to be successful.”

Larry is the Director of IT Infrastructure, System Support, Security, and Governance for the School District of Palm Beach County (SDPBC). A career technology leader for more than 29 years, Larry oversees an IT infrastructure that is considered larger than the Coca-Cola® Company in terms of the number of ports and how his networks are laid out. SDPBC is one of the largest school district in the United States, with 187 schools and 225,000 thousands user accounts under management, including students, faculty, and general staff.

I had the privilege of meeting Larry at the 2015 SonicWall World Conference in Austin, Texas, where I had the opportunity to ask him specifically about the things that he is doing differently that allowed SDPBC to be successful.

Larry explained how security vendors typically talk about security as a layered approach but it can’t end there. He then described SDPBC’s winning approach to security rests on three core pillars: people, process and technology.

You must identify those who are, and who aren’t, fully engaged in exercising cyber hygiene within your district. You are responsible for every PC, servers and applications on your network. You’ll need to know if you are getting support from the board and leadership level down to everyone in the district.

People

  • How do you know if they are knowledgeable about security?
  • Can they identify the risks?
  • Do they all understand the risks?
  • What trial and test do you have in place to measure how knowledgeable they are about security?

If they’re not all engaged, you’re simply not going to be as successful as you could be. If they’re not as knowledgeable as they need to be, you would want to start discussing security as an everyday topic in your staff meetings, in the classrooms and, more importantly, in your executive and board room discussions. If security isn’t one of the top topics on the board agenda, you have much important work to do to get their buy-in, because nowadays, security is a key risk metric. Your ultimate goal is to get everybody to agree that security is everyone’s game so they become proactively involved in helping your institution be successful.

Process

When there are people involved, you also need to have processes in place that would allow you to make sure that you are doing the right things, that they are doing them well and that what they do is actually effective for the state of business you’re currently operating in.

  • What processes are you using?
  • Have you written them down?
  • How do you know if they are being followed?
  • How are they monitored and measured?

These are questions that enable you to think through all of the risks that you’re going to mitigate, and follow-through with implementing robust security policies and practices that can help put you in a better position for success.

Technology

Begin embracing a layered security approach as part of your defense-in-depth framework, because it provides you an effective and proactive way to help fend off today’s advanced threats. At a minimum, the top five security services that you must have as part of your layered security defense are:

  1. A capable intrusion prevention system with threat detection services that can provide complete anti-evasion and inbound anti-spam, anti-phishing and anti-virus protection
  2. SSL inspection to detect and prevent today’s advance evasive tactics and compromised web sites from sneaking malware into your network though the use of encryption
  3. Around-the-clock threat counter-intelligence for your next-generation firewalls and intrusion prevention systems, so you can receive the latest countermeasures to combat new vulnerabilities as they are discovered
  4. Email filtering and encryption to secure both inbound and outbound communications
  5. Security for endpoints, since most network infections begin with a compromised user device

Avoid Making a Costly Network Security Shortlist Decision

Living the life of a chief security officer (CSO), chief information security officer (CISO) or any title with the word “security” in it nowadays is surely a heart-wrenching experience each day. Far too often, yet another data breach in the news reminds you of the obvious notion that it’s not a matter of if but when you’ll be called upon to manage and contain a security incident in your organization. Regardless of its depth and severity, this has to be very disturbing and there seems to be no end. As a result, you find yourself regularly worrying if you’ve done a thorough job at vetting your cyber-defense system, and determining if it is really doing its job to prevent avoidable attacks on your networks. You understand the stakes. If any part of your security strategy is not functioning at its optimal level, you know your organization is susceptible to countless security risks. The bottom line is you don’t ever want to stand in front of the executives explaining why the company is breached, and dealing with the after-math as a result of a failure in one or more of your security layers. There is a way, however, to help you avoid such a disaster.

Limited resources and shortage of security staff can constrain your ability to carry out a rigorous vendor vetting process. The fundamental question then is what alternatives are there to help you efficiently select potential technologies that can put you in a position of strength and success against evolving threats. As a security leader, you’ve been down this road many times. You‘re aware that choosing the right technology partner with capable solutions to support your security strategy for the long-term is one of the most nerve-wracking but crucial task you must undertake. The range of capabilities and factors impacting your choice are overwhelming. You understand very well that making a poor choice could end up costing your organization millions in breach remediation expenses, immeasurable brand damage, loss of public confidence and possibly even your career. To help avoid such a costly decision when shortlisting possible vendors and their solutions for proof of concept (PoC) consideration or making the purchase, there are highly specialized market research companies that are well-recognized by the security industry for their reputable and impartial validation of network security quality and effectiveness that you can confidently use when making your selections.

The difficulty here is that there are many market research companies available. Most have specialization in a variety of technologies including network security. And to make things a little more complicated, each has it its own definition, criteria and approach to how vendors are evaluated and graded for their security effectiveness, performance and cost of ownership. The results often vary among them especially those that are vendor-sponsored research. Subsidized research and testing are always skewed to make one vendor’s product more favorable than its rival. And as such, these kind of reports lack objectivity, are seldom reliable from a technical perspective, and should not be viewed as serious research. So who should I depend on? Who do I need to stay clear of? Should I trust its finding completely? Where do I start? These are some good questions to help set clear direction and decision points. From our point of view, a good place to start is to give greater attention to independent research companies that are self-funded, has zero connection to any one vendor and focus exclusively on cyber-security. More importantly, you would also want the research to be fully verified by extensive public testing using different permutation of actual real-world use cases that best match your unique security environment requirements.

One particular company has differentiated itself in the IT security category over the past few years: NSS Labs. It is now broadly recognized as the world’s trusted authority in providing unbiased, independent, security product test reports and security intelligence services. NSS Labs reporting can help you shortlist vendors and their products based on empirical laboratory test results as opposed to fuzzy marketing, product surveys, opinion based analysis and/or peer-to-peer recommendation. The NSS Labs Test report is the ultimate validation of network security performance, resiliency and efficacy under various network traffic mixes and loads that mimic real-world use cases.  Download a free copy of the NSS Labs Test Report to gain knowledge of key performance indicators essential to the success of your cyber-defense strategy.