COVER STORY unified against security threats -...

4
4 UNIFIED AGAINST SECURITY THREATS Pleasanton Unified School District deploys a unified threat management solution to manage traffic and keep network predators at bay. COVER STORY T o properly combat today’s army of sophisticated network security threats, a growing number of organizations are recognizing the benefits of deploying a unified threat management (UTM) approach right out of the gate. Since 2004, UTM has gained widespread recognition as a primary network gateway defense solution. e evolution of the traditional firewall into an all-inclusive security product, UTM encompasses multiple security functions within a single appliance, including network firewalls, network intrusion prevention, gateway antivirus, gateway antispam, virtual private network (VPN), content filtering, load balancing, data loss prevention (DLP) and on-appliance reporting. Traditionally, these functions were handled by more than one system. Integrating multiple security capabilities into a single device allows an organization to purchase and use fewer appliances, eliminating the cost of building layered security with separate solutions. In addition to the bundled pricing advantage, many organizations find it easier to deal with one vendor for purchasing, support and ongoing maintenance. ese are among the reasons that the Pleasanton Unified School District (PUSD) chose SonicWALL E-Class NSA E7500 and deployed SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention. Installed in the northern California district almost two years ago, the solution is providing protection against both external and internal attacks across its 15 campuses. Safeguarding some 15,000 students in nine elementary, three middle and three high schools, SonicWALL delivers intelligent, real-time network security protection against a comprehensive range of potential enemies, including viruses, spyware, worms, Trojans, software vulnerabilities, backdoor exploits and other malicious code. As an added layer of security, the solution provides application-layer attack protection against external threats, as well as against those originating inside the network. SonicWALL closes potential backdoors by inspecting a multitude of email, web, file transfer and stream-based protocols, as well as instant messaging and peer-to-peer applications. PUSD added content filtering service with SonicWALL’s CFS Premium Business Edition, which provides advanced features such as the ability to block more than 50 categories of web content and to enforce custom policies for different user groups on the network. “We are using it to make sure that we are in compliance and blocking

Transcript of COVER STORY unified against security threats -...

Page 1: COVER STORY unified against security threats - CDWwebobjects.cdw.com/webobjects/media/pdf/solutions/security/... · unified against security threats ... solution to manage traffi

4

unified againstsecurity threatsPleasanton Unifi ed School District deploys a unifi ed threat management solution to manage traffi c and keep network predators at bay.

COVER STORY

To properly combat today’s army of sophisticated network

security threats, a growing number of organizations are recognizing the benefi ts of deploying a unifi ed threat management (UTM) approach right out of the gate.

Since 2004, UTM has gained widespread recognition as a primary network gateway defense solution. Th e evolution of the traditional fi rewall into an all-inclusive security product, UTM encompasses multiple security functions within a single appliance, including network fi rewalls, network intrusion prevention, gateway antivirus, gateway antispam, virtual private network (VPN), content fi ltering, load balancing, data loss prevention (DLP) and on-appliance reporting. Traditionally, these functions were handled by more than one system.

Integrating multiple security capabilities into a single device allows an organization to purchase and use fewer appliances, eliminating the cost of building layered security with separate solutions. In addition to the bundled pricing advantage, many organizations fi nd it easier to deal with one vendor for purchasing, support and ongoing maintenance.

Th ese are among the reasons that the Pleasanton Unifi ed School District

(PUSD) chose SonicWALL E-Class NSA E7500 and deployed SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention. Installed in the northern California district almost two years ago, the solution is providing protection against both external and internal attacks across its 15 campuses.

Safeguarding some 15,000 students in nine elementary, three middle and three high schools, SonicWALL delivers intelligent, real-time network security protection against a comprehensive range of potential enemies, including viruses, spyware, worms, Trojans, software vulnerabilities, backdoor exploits and other malicious code. As an added layer of security, the solution provides application-layer attack protection against external threats, as well as against those originating inside the network. SonicWALL closes potential backdoors by inspecting a multitude of email, web, fi le transfer and stream-based protocols, as well as instant messaging and peer-to-peer applications.

PUSD added content fi ltering service with SonicWALL’s CFS Premium Business Edition, which provides advanced features such as the ability to block more than 50 categories of web content and to enforce custom policies for diff erent user groups on the network.

“We are using it to make sure that we are in compliance and blocking

04c-07c GSO122004.indd 1 4/26/13 12:50 PM

Page 2: COVER STORY unified against security threats - CDWwebobjects.cdw.com/webobjects/media/pdf/solutions/security/... · unified against security threats ... solution to manage traffi

5

all inappropriate material using the filtering system,” reports IT Director Chris Hobbs, who joined the district several months ago.

Indeed, the appliance provides organizations with the ability to transparently enforce acceptable-use policies and block inappropriate and objectionable web content. Offering the control and flexibility to ensure the highest levels of protection and productivity, SonicWALL CFS prevents individual users from accessing inappropriate content while reducing organizational liability and increasing productivity.

When the system detects a web page not in the database, it dynamically rates and automatically populates the database for future access. Furthermore, the appliance combines a comprehensive, continuously updated database featuring millions of URLs, IP addresses and domains with a unique caching system that reduces latency to a fraction of a second — thereby reducing costs and extending protection. >

unified againstsecurity threats

CDWG.com | 800.808.4239

It also gives network administrators the flexibility to enforce custom policies for groups of users on the network.

reducing Bottlenecks, increasing Bandwidth

Jim Foster, a technology consultant at PUSD, says that prior to installing the SonicWALL E-Class NSA E7500 and SonicWALL content filtering services, the district relied on a combined firewall/content filtering system that had been in place for many years. “It was pretty obvious we needed a new solution,” Foster recalls, noting that the previous product was susceptible to performance issues. “You’re

always looking for bottlenecks in the system, and as more bandwidth was being pumped through, the box got overwhelmed and couldn’t keep up with the bandwidth requirements.”

With both students and faculty hindered by the painfully slow Internet, the district attempted to adjust the solution. But the only way Internet traffic could be accommodated, Foster recalls, was to turn off the product’s content-filtering aspect. “Only then would the bandwidth improve,” he reveals.

Concerned that its security solution was not earning a passing grade, PUSD turned to CDW•G to help determine an appropriate upgrade. In addition to seeking a more robust product, the district wanted a solution that could deliver high availability through redundancy. “So if we were to have a problem with one appliance, it would fail over to the other,” Foster explains.

The district ultimately chose the SonicWALL solution, which addressed all of the previous issues that had been challenging PUSD.

Chris Hobbs, IT Director, Pleasanton Unified School District, Pleasanton, Calif.

04c-07c GSO122004.indd 2 4/26/13 12:51 PM

Page 3: COVER STORY unified against security threats - CDWwebobjects.cdw.com/webobjects/media/pdf/solutions/security/... · unified against security threats ... solution to manage traffi

6

Unified Threat Management

seeing is BelievingSince bolstering its security solution,

PUSD has observed clear results. “We’ve really noticed an improvement in prioritization of traffic,” Hobbs says. “We have put some of the education apps being used by teachers into the highest priority bucket, and they are working much better.”

Yet another advantage has been the reporting capabilities that are available through SonicWALL. “With real-time reporting through the firewall, we are able to take snapshots of what we’re seeing,” Hobbs says. This option has been especially advantageous for the IT staff to prove the case for needing to upgrade district bandwidth — an endeavor that was recently approved for this summer.

“It was very useful being able to document the network traffic issues and say, ‘This is why we need to upgrade the bandwidth,’” Hobbs says. “We will be increasing it by tenfold.”

Although reaping tremendous benefits from SonicWALL, Hobbs acknowledges that there are still many elements within the solution that the district hasn’t yet initiated.

One of the biggest boons for the district has been the product’s ability to shape and prioritize bandwidth. “Our Internet connection is at 100 percent utilization all day long,” Hobbs explains. “We still do not have enough bandwidth, so one of the first things we were able to achieve with SonicWALL was prioritization to rank traffic and make certain things more important than others.”

Noting that every school in the district is accessing the Internet — and many students now bring their own devices to connect — Hobbs says that thousands of devices could be connected at any moment. “Now we are able to automatically and transparently direct all of that traffic through SonicWALL,” he explains.

And while PUSD plans to increase bandwidth in the future, the appliance is proving to be a much-needed fix until that time. “It’s challenging when you have a student watching Netflix while teachers cannot access their online lessons,” Hobbs says. “The product allows us to determine different priority levels and manage bandwidth without our having to outright block anything.”

Except for inappropriate content, that is. With the exceptional filtering capabilities of the solution, “We are able to avoid those inappropriate websites,” Hobbs reports.

Chris Rodriguez, a senior industry analyst with the business consulting firm Frost & Sullivan, says PUSD is among a growing number of school districts choosing to adopt a UTM strategy.

“The integrated approach offers a lot of value,” Rodriguez explains. “Being able to have a multifunction firewall and add in things like an IPS [intrusion prevention system] plus content and web filtering provides budget-conscious school districts with a lot of value by being able to integrate multiple network security technologies in a single box.”

An additional appeal, according to Rodriguez, is the savings on overhead, space and energy, resulting from the ability to deploy a single appliance. “Users are also able to consolidate security contracts and work with a single vendor,” he adds.

“There are features we’re not taking advantage of yet,” he confirms, noting that he plans to implement a content analyzer in the near future, and may experiment with some of the product’s data protection aspects.

The wide array of tools now available to IT managers like Hobbs is the result of the UTM market undergoing an evolution in recent years, according to Frost & Sullivan’s Rodriguez. “The advancement in these solutions has made them more appropriate for enterprise applications,” he reveals.

The need for an exceptionally robust and reliable product is underscored by the education community. “Schools certainly face a lot of challenges,” Rodriguez acknowledges. “They need to secure web applications, manage traffic, filter traffic and control data.

“There is so much traffic coming over the web now, you have to be able to identify within that traffic, what is Facebook, what are games,” Rodriguez continues. “Application visibility is critical, not to mention user identity between, say, administrators and students. And education is somewhat unique in the sense that it’s often an

04c-07c GSO122004.indd 3 4/26/13 12:51 PM

Page 4: COVER STORY unified against security threats - CDWwebobjects.cdw.com/webobjects/media/pdf/solutions/security/... · unified against security threats ... solution to manage traffi

7

CDWG.com | 800.808.4239

environment where you have a lot of unmanaged and managed devices.”

Indeed, one of the biggest security challenges facing organizations and educational entities alike is the explosion of the bring-your-own-device (BYOD) initiative, in which end users are seeking to connect to the network with their own personal devices such as notebooks, smartphones and tablets.

“BYOD [security] is a real problem that is being discussed by every type of organization,” Rodriguez points out. “Everyone is looking for solutions now.”

Luckily for PUSD, when it comes to pinpointing technology solutions appropriate for its environment, CDW•G is there to help.

“For most of my career in K-12, I’ve been working with CDW•G,” Hobbs says. “Th ey are very hands-on, they have tremendous networking knowledge, and they make things happen. My CDW•G account manager has been fantastic.”

From helping Hobbs get new products up and running to reaching out to vendors when the district is investigating new solutions, CDW•G delivers the support PUSD needs.

“Right now we are evaluating management solutions for Windows, and CDW•G was able to put us in contact with a couple of vendors selling the kinds of products we want to implement,” Hobbs says.

“Th e research that they do is great and really useful,” he adds. “Quite frankly, CDW•G saves me a lot of time.”

For example, Hobbs says that when he began to investigate products that could expand the district’s bandwidth — yet work seamlessly with its existing SonicWALL solution — CDW•G was his fi rst call.

“Th e support has always been fantastic,” Hobbs enthuses. “I have always been able to get my questions answered within minutes.”

HOW DEEP IS YOUR DEFENSE?

Is your organization properly prepared to thwart the 83 million — yes, million — known malware strains identifi ed by the security software company McAfee in its � reats Report for the fi rst quarter of 2012, not to mention the array of other potential network security breaches?

� e proliferation of trends such as social networking, remote access and cloud computing has not only blurred the network perimeter for many organizations, but invited an entire array of new potential entry points for malicious attackers. As such, it has never been more critical for IT leaders to proactively support a comprehensive risk management strategy.

With that in mind, CDW•G has formulated Defense in Depth, a series of strategies that collectively build a security protection plan designed to mitigate attacks from entering the network environment and corrupting systems and data. Far more than just a series of security software and appliances, Defense in Depth encompasses processes and practices that focus on ongoing protection, detection and reaction.

While it is important for organizations to deploy a suite of security products, it’s also imperative to understand where your most sensitive data resides; determine network vulnerabilities; and outline remediation actions necessary to minimize system and data threats. � ere are four key network areas to consider when developing a strong information security strategy: gateway and network, server, client systems and applications.

First, gateway and network protection is essential and should include antivirus, antispam, content fi ltering, intrusion prevention, fi rewall and virtual private network (VPN) services, along with network access control (NAC).

It is equally important to ward off server security attackers with tools like antimalware protection, authentication, IP security and content fi ltering. And because attackers often attempt to compromise client systems to gain access, it is also essential to deploy client-level protection such as antivirus, personal fi rewalls, threat protection and antispyware. Finally, to minimize threats to application security — where attackers can exploit vulnerabilities in code to access or manipulate the information within it — rely on fi rewalls and authentications and implement security policies to protect applications.

Your CDW·G account manager and certifi ed solution architects are ready to assist with every phase of selecting and implementing the optimal security solution for an IT environment. From an initial discovery session to understand your goals, requirements and budget, to providing vendor evaluations and recommendations, to the procurement and deployment of the fi nal solution, CDW•G will assist through every step of the process.

04c-07c GSO122004.indd 4 4/26/13 12:51 PM