The world has gone app mad. Companies are rolling-out enterprise applications to drive productivity and make employees’ work easier, and employees have embraced, with open arms, a stunning array of apps to support their lifestyles.
These personal Web-based apps are intermixed with business-critical apps and work perilously alongside each other on the same corporate networks which are usually inadequately protected by app-unaware firewalls that just don’t have the capability to interrogate the traffic passing through.
“The problem with this is that, because the average firewall can’t understand the traffic entering and exiting the network via applications, malware, viruses and a range of threats are able to literally fly below the radar and get through, exposing the network and data to security risks,” says Brenwin Traill from specialist IT security company, Securicom.
He explains that firewalls typically-used by organisations today can’t interrogate app-traffic because, before apps, they didn’t have to, and they simply aren’t designed to.
“Previously there was no need to inspect the traffic to determine the application. Traditionally, a TCP port was reserved for a specific application, for instance port 80 was for Web sites, and port 25 was for e-mail.
“In recent years, with the explosion of multiple types of applications, developers have begun tunnelling multiple types of applications over single ports. For example, email, Skype, Web, banking, downloading and file sharing traffic can all work on port 80.
“The result is that we can no longer assume that port 80 is just Website traffic. Users can do everything through that port, from downloading torrents and sharing files to accessing databases and chatting over Skype.
“With all of these, different languages are being used in the connection and a typical firewall doesn’t have the necessary decoders to understand this non-Web traffic. This is obviously a risk to the network. To be effective against threats ‘undiagnosed and hidden’ in application language, firewalls need to have the ability to interrogate the traffic, identify it, understand it, and then apply company usage policy to it.”
Aside from being able to interrogate and understand the traffic, new generation, app-aware firewalls are equipped with greater processing power to match the demand required to monitor and understand app behaviour.
“In addition to being able to recognise and understand different languages, next generation firewalls also have additional tools in their toolkits which make them dramatically more secure than traditional firewalls. For instance, they can inspect and block suspicious app-traffic, stop attacks, look for spam, and block viruses,” he explains.
Traill says companies should already be looking at up-scaling their firewalls.
“The perception is that South Africa is five to 10 years behind the rest of the world when it IT-related threats and risks, but this is not the case. The gap has shrunk to the point that we are on par.
“We get the latest smartphones and technologies at the same time as the world does. We have access to the World Wide Web and we use the same applications that people in America download. We view new funny YouTube videos when they do too. We didn’t learn about Gangnam Style five years after everyone else, we were laughing with them.
“So, it goes without saying that companies here face the same risks associated with app usage that companies in developed countries do. Old firewall technologies typically used by South African companies just don’t measure up against the global threats inherent with using today’s plethora of applications. Next generation, app-aware firewalls are a necessity in today’s app-mad environment.
“And, it’s not to say new generation firewall technologies aren’t available here. They are,” he concludes.