The Porous Perimeter – Is perimeter protection dead?

by Juniper Employee on 10-28-2008 04:10 PM - last edited on 10-29-2008 09:58 AM

With our morning coffee, most of us have grown accustomed to opening the paper and reading about yet another gargantuan organization that suffered a devastating loss due to a security breach. The question that begs to be asked is whether we are any better off than we were 10 years ago? Are our organizations any safer from the evil that looks to sneak into our networks and do damage?

For certain, the types of attacks have grown in sophistication, and have changed in methodology, purpose and operation. At the same time, our networks have changed. Because interconnected networks are a prerequisite for doing business, our networks have become porous.  We allow a multitude of people onto our networks including partners, subcontractors, and guests. How is it possible to have perimeter-based protection if we don’t really know where the perimeter starts or ends? Do we need to re-evaluate our security posture because perimeter protection is dead?

Over the past five years, the sheer number of security incidents has decreased dramatically. While we have not eradicated bad things from finding their way to our network, perimeter protection plays a key role in this precipitous drop.

Security will undoubtedly remain a cat and mouse game between the hacker and security professional. Some hacking attempts will work and many will be stopped.  There is no silver bullet when it comes to security; it takes a multi-faceted approach that leverages information and collaborates to root out the newest threats that are just over the horizon.

No need to initiate CPR on the perimeter-based approach just yet, for it is just another weapon in our arsenal that effectively stops the bad guys from compromising our network and our business.

Stay tuned for our next discussion where we will discuss the evolution of the attack and what the hacker is after in your network; your greatest asset may be at risk. 
Message Edited by mrothschild on 10-29-2008 09:58 AM

Labels:
1
Comments
by Victorhud on 10-29-2008 08:47 PM

Only one comment.

 

If the security perimeter its deading,

Why Fortinet sales are growing at high speed (factory near collapse)  and the Fortinet appliances are  doubled or six times the bandwidth through. every 12 months(Ken Xie law)( e.g  FG310B, FG110C, FG5XXX)?.

 

Where are the past leaders of security firewalls?,

 

Why Juniper Networks dont include SSL support and P2P controlling in the UTM-SSG?

Why Checkpoint and Cisco UTMs products are so mediocres?

 

The king its dead, long live the new king, it?

 

 

 

 

 

 

 

 

 

 

 

0
by Super Contributor on 10-30-2008 05:47 AM

Hi Victorhud,

 

I think you misread the original article.  It doesn't say that perimeter defence is dead.  Quite the opposite.  After all, if perimeter defence were dead, I don't think Juniper would have invested in the SRX ;-)

 

What the article says (from my viewpoint) is that it is no longer sufficient (or practical) to simply put a big fast firewall at your border and relax.  There are too many interactions with customers, partners, employees, etc that require some kind of connectivity.  With that connectivity, your perimeter is moved to incorporate those connected devices.  But if you don't have complete control over those devices, the question is how do IT departments protect those assets, which they *do* control.

 

The challenge is now to police the perimeter but to still allow people in and out.  So what do you do?  You employ an internal police force (taking the analogy a little further) which watches over key assets and controlling access to those assets.  It can also watch the behaviour of devices on the net for anomalous behaviour and stomp on it when it sees that behaviour.  So, the perimeter is now extending outside your network to your partners, customers, home workers and also extending back into the network to devices actually connected to the network.

 

Rgds,

 

Guy 

0
by Victorhud on 03-27-2009 11:00 PM

Thanks Guy, you are right i missread the original article.

 

I love Juniper Network technology,but  whats about our products  in Security UTM Market?

 

25 March 2009, IDC´s report about UTM (perimeter Firewall)  says:

Data in the latest IDC Worldwide Quarterly Security Appliance Tracker, March 2009, confirmed:

Fortinet is the overall leader in UTM factory revenue for all of 2008 and Q4 2008
I remember that Netscreen was the leader of Firewalls, the replacement for Firewalls are the UTM.
0
About the Author
  • Michael Rothschild is the Senior Manager of Solutions Marketing at Juniper Networks, responsible for security solutions for the enterprise. When he’s not busy helping customer’s understand the importance of a solutions focus to address the new security threats affecting business, Michael is a professor of marketing and volunteers as a paramedic.
  • Krishna is a Distinguished Engineer in the Service Layer Technologies group at Juniper. He's currently working on DPI technology initiatives in products targeted at service providers and enterprise markets. Krishna has 19 years of experience in data networking involving Ethernet, ATM, IP, Switching and Security technologies. He has authored 10 patents in the areas of switching, security and QoS. He was actively involved in the IEEE 802.1 and ATM Forum standards committees. Prior to Juniper, he was the co-founder and System Architect at Top Layer Networks where he played a pivotal role in bringing multiple products to the market. He has also held senior engineering roles at Digital Equipment Corporation and Fore Systems.
  • As a Solutions Architect and Leader of Enterprise Solutions Engineering, Lior Cohen is responsible for developing reference architectures and best practices utilizing Juniper products. He has been designing and building enterprise networks and security solutions for over a decade and has helped several Fortune 500 companies develop risk mitigation strategies and implement information security technologies. Prior to joining Juniper, Lior was Chief Technology Officer for a privately held information security consulting firm where he led multi-national consulting and auditing engagements for the financial services and real estate sectors. He also filled various roles at Check Point Software, including leading the company’s Solutions Center. He holds a Bachelor’s degree in Economics and Information Systems from Tel Aviv University.
  • Rich Campagna, Senior Product Manager in the Access Business Group is responsible for business strategies, product development, partner interactions and customer engagements to help drive the growth of Juniper Networks' Unified Access Control and SA Series SSL VPN solutions. Rich is also an avid snowboarder and motorcyclist (not at the same time).
About Technically Secure
Welcome to Technically Secure, the Juniper Networks blog dedicated to trends and innovation in the world of IT risk management and security. Here we'll offer technical perspectives on network security, covering things happening within Juniper Networks as well as issues across the industry as a whole. Our mission is simple: explore ideas, share information, and provide insight that will help you take a proactive stance on threat and risk mitigation.

Our primary objective is to explore technical IT security issues as business and technology challenges that could compromise the effectiveness of enterprises and service providers. We'll share our strategies for staying ahead of today’s rapidly changing threat landscape and focus in particular on innovation in network security technologies.

We’ve assembled a great team of bloggers to kick off these conversations with you, but we encourage your participation. If there's a topic that you'd like us to cover, let us know by commenting on the blog. We’re not just talking — we’re listening.

Our Bloggers Krishna Narayanaswamy,
Distinguished Engineer

Krishna is a Distinguished Engineer in the Service Layer Technologies group at Juniper. He is currently working on DPI technology initiatives in products targeted at service providers and enterprise markets.

Krishna has 19 years of experience in data networking involving Ethernet, ATM, IP, Switching and Security technologies. He has authored 10 patents in the areas of switching, security and QoS. He was actively involved in the IEEE 802.1 and ATM Forum standards committees.

Prior to Juniper, he was the co-founder and System Architect at Top Layer Networks where he played a pivotal role in bringing multiple products to the market. He has also held senior engineering roles at Digital Equipment Corporation and Fore Systems.

Michael Rothschild,
Senior Manager
Solutions Marketing

Michael Rothschild is the senior manager of solutions marketing at Juniper Networks, responsible for security solutions for the enterprise.

When he’s not busy helping customer’s understand the importance of a solutions focus to address the new security threats affecting business, Michael is a professor of marketing and volunteers as a paramedic.

Lior Cohen,
Solutions Architect

As a Solutions Architect and Leader of Enterprise Solutions Engineering at Juniper Networks, Lior Cohen is responsible for developing reference architectures and best practices utilizing Juniper products. In his free time, Cohen enjoys mountain biking and spending time with his children.

Rich Campagna,
Senior Product Manager

Rich Campagna,
Senior Product Manager in the Access Business Group at Juniper Networks is responsible for driving the business strategies, product development, partner interactions and customer engagements to help drive the growth of Juniper Networks' Unified Access Control and Secure Access SSL VPN solutions. Rich is also an avid snowboarder and motorcyclist (not at the same time).

Labels
Blogroll