February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Podcast with Mike Rothman: Five Reasons for Security From a Business Standpoint | Main | IRC Networks and Cybercrime »

June 25, 2007
Ramping Up Firewall Security

A new approach to improving system security is to improve firewall security. To do that, many vendors are looking to integrate IPS (intrusion prevention systems) with firewalls, essentially creating a smarter firewall.

According to this article at eWeek, this is in response to threats becoming increasingly complex and which keep attacking higher up the network stack, forcing firewalls to improve their management and configuration tools. But this all has to be done without taking a step back in terms of latency and throughput of basic firewall functions.

This is part of the trend of integration security products into a more complete solution for threat management, with Cisco’s ASA and Juniper’s SSG being good examples. This also comes in response to corporate users installing both business and personal applications that are often designed to circumvent legacy network firewalls.

In essence, enterprises have essentially lost control of their connections, which Palo Alto Networks, and it’s recently released PA-4000 series, can identify application traffic across ports, addresses. PA-4000 can open the SSL links to identify an application, or perform deep packet inspection, apply filters and enforce policies based on the application

Cisco’s technology also seeks to integrate reputation technology into a firewall. Said Tom Gillis, vice president of marketing for Cisco, "In the first release of that, which will be in the first half of 2008, [it] will allow you to provide visibility into these connections so you can see how many clients are in your network that are connecting to servers that are known to be botnet control nodes," Gillis said, adding that users would be able to block, throttle or deny connections considered suspect.

"Future firewalls are going to have the ability to route traffic through the appropriate scanning measure based on the reputation of the connecting server," Gillis said. "The firewall is effectively the traffic cop."

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2071

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map