Protective Filtering

Publication date: April 5, 2019

The cybersecurity threat landscape is now more difficult to navigate than ever before. With organizations of all sizes facing targeted attacks, cybercriminals developing increasingly sophisticated malware, and information technology infrastructures growing in complexity, it’s no longer advisable to rely on common sense alone to stay secure and protected.  

Protective filtering, which is content and traffic filtering whose goal is to cut access to cybersecurity threats, is a highly effective approach and an essential component of every successful cybersecurity programBy implementing protective filtering, organizations can avoid becoming victims of a broad range of cyberattacks and having to deal with their potentially devastating consequences.  

Prevent Cyberattacks 

Internet-connected devices are constantly sending and receiving packets of data, often acting as mere couriers, transporting data from one internet-connected device to the next without doing anything else with it. Cybercriminals are doing what they can to infiltrate this endless flow of traffic by sending spam and phishing emails masked as legitimated messages, pointing unsuspecting internet users to malicious websites using techniques such as DNS hijacking, or using someone else’s computer to mine cryptocurrency, an emerging cybersecurity threat known as cryptojacking.  

In fact, 50 percent of internet users receive at least one phishing email a day. That would be very alarming by itself, but research conducted by the European Network and Information Security Agency revealed that 97 percent of the people in the world are unable to tell the difference between a phishing email and a legitimate email. No wonder then that cybersecurity breaches are on the rise, with their average cost growing as well, reaching $3.86 million in 2018 

Protective filtering makes it easier for internet users to stay secure by blocking illegitimate content before it can cause any harm. Protective filtering is especially beneficial to organizations large and small because it effectively compensates for the lack of commonsense web browsing practices among employees. However, it does not replace cybersecurity awareness training. Instead, both protective filtering and cybersecurity awareness training are essential components of all successful cybersecurity programs, and they deliver the best results when used together.  

“When time is of the essence, as it is with stopping and minimizing phishing attacks, the integration of human intelligence with technology significantly and effectively expedites prevention, detection, and response,” said Eyal Benishti, founder and CEO of IronScales. Benishti isn’t the only person who shares this view. The IronScales 2017 Email Security Report revealed that 93 percent of cybersecurity professionals agree that humans and technology need to work side-by-side in order to better detect and respond to sophisticated email phishing attacks. 

Increase Productivity 

One extra benefit of protective filtering that all organizations can appreciate is its productivity-boosting effect. When an organization uses protective filtering to lock down websites that employees don’t need to perform their jobs, the organization can expect its employees to spend much less time on non-work-related websites.  

A survey carried out by Spiceworks revealed that 58 percent of employees spend at least four hours per week on non-work related websites when organizations do not restrict any internet activity. In other words, organizations that do not restrict any internet activity pay their employees on average around $4,500 per year just to browse the web for their pleasure.  

Included among the websites that organizations block most often are social media networks like Facebook, Twitter, or Instagram, illegal and inappropriate sites, online dating sites, but also personal email services, which are a common source of malware infections.  

Usability Versus Security 

 “Its evident web filtering is effective at keeping employees on task and reducing security risks,” said Peter Tsaisenior technology analyst at Spiceworks. “But in a world where IT professionals are constantly performing a balancing act between protecting networks and enabling and trusting employees to do their jobs, sometimes it’s not possible to block every potentially dangerous website. As a result, web filtering should only be one part of a multi-layered security strategy, instead of being viewed as a cure-all. 

Protective filtering always involves a certain tradeoff between security and usability. A tightly locked network may be very secure, but it’s also likely that it will be unusable, seriously hampering employee productivity. On the other hand, not filtering at all exposes employees to many cybersecurity threats that could have otherwise been easily avoided. Striking the right balance of security and usability requires a substantial amount of effort, but the results are worth it.  

Conclusion 

Protective filtering has become an essential component of every successful cybersecurity program because of its ability to cut access to the many cybersecurity threats that threaten internet users today. When implemented correctly, it can not only improve an organization’s security posture but also increase the productivity of its employees.

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Related Posts


Posted by Jason Firch in Cyber Security

Next-Generation Firewalls

Publication date: April 3, 2019

Technology is advancing at a rapid pace, and those who want to retain a competitive edge must embrace modern solutions. The relentless evolution of the threat landscape, which has become significantly more heterogeneous, is fueling the need for a new generation of firewalls, one that’s capable of looking beyond the perimeter of the network and offering more than protection based on ports, protocols, and IP addresses 

Called the Next-Generation Firewall, or NGFW for short, these application-aware firewalls blend the capabilities of traditional firewalls with true application awareness to deliver a comprehensive detection and enforcement system in which every network device becomes a point of enforcement. Explained below are the key features of NGFWs as well as their benefits.  

The Difference Between Next-Generation Firewalls and Traditional Firewalls 

The fundamental task of a network firewall is to act as a barrier between a trusted internal network and an untrusted external network, typically the Internet. Traditional firewalls accomplish this task by filtering traffic based on ports and protocols. They tend to come with network address translation (NAT) functionality to hide the true address of a device connected to the network and make internal resources publicly accessible 

Traditional firewalls come from a very different era, and they are no longer effective at managing traffic and coping with the many challenges presented by the current threat landscape and the rise of online applications and SaaS services. Not only have cybercriminals evolved their techniques to circumvent the all-or-nothing approach of traditional firewalls, but most security threats now come from inside the network 

Next-generation firewalls overcome the limitations of traditional firewalls by including the traditional firewall functionalities, such as port/protocol inspection and network address translation, and adding application identification and filteringSSL and SSH inspectionintrusion preventionmalware filtering, and the ability to use external intelligence sources, among other things.  

  • Application identification and filteringInstead of just filtering traffic based on ports and protocolsNGFWs can identify and filter traffic based on specific applicationswhich allows them to effectively prevent malicious applications from evading traditional traffic filtering techniques by using non-standard ports 
  • SSL and SSH inspection: Because NGFWs often include a full web proxy service that can sit in the middle of an encrypted HTTPS session, they can inspect SSL and SSH encrypted traffic and provide extra protection from malicious applications that use encryption to hide their activity from traditional firewalls.  
  • Intrusion prevention: NGFWs are able to perform sophisticated intrusion detection and prevention, which is why the term unified threat management (UTM) is sometimes used to describe them. NGFWs with intrusion prevention capabilities use signatures to identify network activity that resembles known and generic attacks.
  • Malware filtering: Ideally, malware should be filtered out before it has a chance to enter the network, and NGFWs with malware filtering using basic signature-based analysis accomplish just that. While simple malware scanning using signatures has its limitations, it’s a good first layer of protection against generic attacks.  
  • Bringing intelligence from outside the firewall: NGFWs can receive dynamic information from a cloud server to help it detect malicious applications by looking for unexpected activity, such as a web server creating outbound connections to strange IP addresses.  

An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated,” explains Gartner in its IT Glossary.  

Benefits of Next-Generation Firewalls

By bundling traditional firewall functionality with intrusion prevention and malware filtering, next-generation firewalls are able to provide much more comprehensive network security while reducing infrastructural complexities and largely removing the need for a separate security solution. With fewer infrastructural complexities, operational expenses can be greatly reduced, and the entire infrastructure becomes more robust.  

Streamlined infrastructure additionally brings greater network speed because data doesn’t have to travel through multiple protection devices and services, all of which promise a different throughput, which may or may not correspond to their real-world performance.  

Most importantly, NGFWs have the necessary application awareness that’s so important in the day and age of cloud computing and sophisticated cyber attacks. Blocking common application ports or services on a network is no longer enough because network connectivity has become significantly more complex, requiring granular control and the ability to set policies depending on the user and the application. 

Conclusion 

Even though traditional firewalls and next-generation firewalls have identical purpose—to act as a barrier between a trusted internal network and an untrusted external network—they accomplish it very differently.

By combining traditional firewall functionality with other kinds of network device filtering, NGFWs are able to achieve the granular control needed to cope with the challenges of the current threat landscape, making them a right choice for all businesses and organizations that can’t risk taking any chances when it comes to cybersecurity.

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Related Posts


Posted by Jason Firch in Cyber Security

Benefits of Developing a Technology Strategy

Publication date: November 27, 2018

Benefits of Developing a Technology Strategy

Most organizations do not have a long-term technology strategy. Often, they have a one-year plan at best. However, shorter-term plans on their own are not sufficient for aligning an organization’s technology with business objectives as that is not their purpose. The difference between a short-term plan and a long-term strategy is that the former focuses on the technology, while the latter focuses on the business and its goals. It is important to understand that the sole purpose of leveraging technology is to meet business needs in order to achieve the organization’s mission. A well-developed technology strategy offers many benefits to an organization. These include:

Alignment with Business Objectives

Technology is not simply there for convenience, but rather it should be directly associated with business needs. A technology strategy ensures that the business needs are fulfilled by directly linking objectives of the technology strategy to business needs.

Development of Long-term Vision

A technology strategy ensures a long-term vision, focused on the future that looks into the horizon to try to predict what the organization’s business needs will be based on the market and competition. While at the same time understanding that change will take time, and is achieved through series of milestones, objectives, and goals.

Increased Operational Efficiency

When technology is aligned with business needs and implemented at the right time, there are direct efficiencies that are gained. These efficiencies can be in the form of increased employee output (production, performance, etc.), improved customer communication (response, experience, etc.), and enhanced team collaboration (sharing information, solving problems, etc.), all of which make an organization more agile.

Competitive Advantage

An organization that can operate more efficiently by strategically leveraging technology, inherently gains competitive advantage. Competitive Advantage can be in the form of higher sales and profits (in commercial businesses), or progressing the organization’s mission (in non-profit, advocacy and research organizations).

Technology is a fundamental part of business, it has resulted in the emergence of new business models and changed customer experiences. In order for organizations to compete in today’s world they must operate at the speed of business or risk becoming obsolete. As such technology must be part of every organization’s business strategy.

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Related Posts


Posted by Jason Firch in Technology Strategy

Implementing a Technology Strategy

Publication date: November 27, 2018

Implementing a Technology Strategy

The first step in implementing a Technology Strategy is to develop a team. This team is typically led by the CIO/CTO of an organization, however organizations that do not have internal resources in technology positions can fill this role with external consultants with technology expertise. The team must also consist of individuals from various functions across the organization who are passionate about technology and will serve as advocates to the rest of the organization.

The next step is to thoroughly define the organization’s business objectives in order to align the technology strategy. Once long-term business objectives are clearly identified, then a plan needs to be developed that exactly defines what needs to happen over the next three years. Note that a one or two-year plan is not going to result in a technology transformation on its own, as large-scale changes always take longer than expected.

Once a detailed plan is drafted, the technology strategy should be aligned with the organization’s technical architecture. The organization’s long-term technology strategy will not be realized if the underlining IT infrastructure cannot support it. Therefore, ensuring an architecture roadmap is developed, is critical to successfully executing the technology strategy. The architecture roadmap will provide a technical perspective on the maturity of existing applications and hardware infrastructure. It should consider when software and hardware might reach end of life, as this will be a factor when implementing new technologies.

Next it is important to prioritize technology initiatives strategically. No matter what the size of an organization, there are usually never enough resources and funding to meet every demand. Ad-hoc projects will pop-up during the planning process, and each business function within the organization will have their own “special projects”. It is thus important to make strategic choices in the allocation of resources to achieve planned end results and organizational objectives.

The final step is to go out and sell the new Technology Strategy to the organization. This step requires a comprehensive plan as to how the strategy is going to be shared with leadership, executives, and staff, including engagement, communication, and messaging. This process will require repetition to ensure all functions within the organization are on the same page on the overall timetable of the Technology Strategy. Once this has been achieved, Technology Strategy is ready for execution.

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Related Posts


Posted by Jason Firch in Technology Strategy