By Brian Schwartz, TierPoint Content & Social Media Marketing Manager
John Stoker, CISSP, leads a team of security specialists and systems engineers at TierPoint’s Liberty Lake data center located near Spokane, WA. In addition to providing cloud and colocation services, they offer a suite of managed security services performed at client locations including perimeter security, traffic analysis and Web filtering.
For this week’s FAQ Friday, I asked him about the FAQs and issues he hears about from customers regularly.
What do I do first?
Stoker says that a Next Generation Firewall (NGFW) at your network’s perimeter is the new minimum IT security requirement for organizations because that is the first entry point into your network. From there, clients can enable a lot of advanced security features, including intrusion prevention, gateway antivirus and DoS protection. Application control products are rising in prominence because they can analyze packets to determine what kind of traffic is coming through your network. This would allow you to see how much of your traffic is coming from social networks, multimedia streaming services or worse yet command-and control (C&C) botnet activity. It is useful information because it can assist in determining where certain breaches originated as well as providing details about your bandwidth utilization.
What is the most common thing clients often overlook?
“About half of all of today’s traffic is SSL traffic,” Stoker said. “I would say about 10 percent of all companies inspect SSL traffic. So it’s kind of like saying you’re going to leave two of your car doors unlocked and lock the other two.” Stoker says he thinks that many businesses need to be better informed about SSL and that the industry as a whole needs to do a better job educating them.
Stoker adds that businesses must consider how employees access network resources remotely. “We have seen examples of attackers gaining network credentials by targeting a user at home. While virtual private networks (VPNs) are helpful, they are not always enough. It is becoming more common for companies to introduce two-factor authentication to gain network access. This feature requires an additional credential beyond a user name and password such as a randomly-generated key code or biometric to authorize access.
How does cloud security work?
“Cloud security is like a car wash,” Stoker says. “The cloud sits in between the Internet and you, and when traffic passes from the Internet to you, it gets filtered and cleaned before it arrives at your perimeter. Instead of paying for security appliances in your data center, you rent the same equipment on a multi-tenant appliance inside the cloud. We get a lot of questions about these types of services partially because companies have to balance security needs with costs.” He says comfort levels in cloud security are increasing, but “clients want to know if it should be part of their mix. And if so, how much.”
Show me your creds
One of the first questions a security provider gets asked on a request for proposal is about their facility’s independent security and process certifications. Certifications are now mandatory to compete for infrastructure business, especially in heavily regulated industries such as health care and financial services. Prospects want to know that you have achieved significant certifications such as SSAE16 and SOC 2, Type II – not just to offer confidence that you can protect their data, but also because they are interested in managed services to help them achieve and sustain similar compliances. It is another way a client and infrastructure provider need to be in lock step when it comes to security and data management processes. Prospective clients want to see how you fit with them.
How can I use security analytics?
Finally, with big data being one of the larger conversations taking place in the industry, customers are naturally asking about how they can use data generated by their devices. “Security devices generate lots of actionable data,” says Stoker. They help you look both forward and backward. Using the right tools, you can predict suspicious or unintentionally risky behavior. You can also research root causes of breaches or monitor specific employee behavior if you believe inappropriate online activity is taking place. Part of how we help clients in this area is by partnering with several industry-leading and innovative security vendors, including Fortinet and Alert Logic. We integrate other notable third-party products on the backend of our managed security service as well to provide a complete reporting, analytics and availability monitoring solution.
Connect with John.