CIO Solutions
October/November 2011 - Issue 24 
Find It Fast
Check with the Tech - Bandwidth Questions
CIO and NetApp Make a Video!
Move Update and Bake Off
10 Things Your Next Firewall Must Do
Next Generation DLP and Encryption
App of the Month - Amazon App Store
Product Review: Palo Alto Next Generation Firewall
Employee Spotlight: Nic Neilson
Quicklinks
CIO Logo 

CIO logo (small)

                  

CIO Solutions  

Website
       
Follow us on Twitter

 
Join Our Mailing List! 

 

Happy Autumn!

 

 

Click on the leaves below for a holiday quiz!

 

 

 

 

Here are the answers:

 

 

 

 

 

 Birthdays

 

 

Samantha - Oct 23

Chase - Oct 23

Jeff - Nov 1

Burt - Nov 16

Hannah - Nov 18

  

 

 

 

CIO Solutions will be closed on the following dates:

 

Thursday, November 24th

Friday, November 25th

  

To receive emergency support please call 805-692-6709 and select option 3 (emergency rates will apply)

UTM - Unified Threat Management

Dear ,
 

Every year we put more and more importance on data and security. We discuss with our clients the importance of workstation security, password management, keeping current with anti-virus and so on.

 

While these security items are very important we have discovered over the past couple of years that much 'bigger' conversations are needing to take place. 

 

These discussions have to do with the security of a network as a whole (instead of the individual pieces). This means talking about compliance requirements, visibility, application control, encryption services and control of what comes into (and leaves) your network. When these discussions start to take place a whole new world of technology is available.

 

In this issue we will discuss tools for controlling the data that comes into your network (traditional IPSs and Next Generation Firewalls) as well as appliances that can help with data that is leaving your network (Next Generation Email Security and Data Loss Prevention). 

 

The UTM (Unified Threat Management) discussion is one of many security considerations and has many options for implementation. Luckily, we have invested heavily in familiarizing ourselves with the available tools and have identified best of breed solutions that we can recommend to our clients.


Cheers,
John Petote
CEO, CIO Solutions

Check with the Tech -  Bandwidth

Check with the Tech   

Question: Is there a way to tell how much bandwidth my internet connection is taking up? Are there tools available to help manage my bandwidth usage?

 

Answer: The short answer is yes there are multiple tools available. The long answer is that sometimes such tools are provided by the Internet Service Provider (ISP) but usually, most businesses choose to have their IT Provider or IT Department implement and gather the data. An example of a bandwidth graph can be found in the screenshot below. This shows utilized bandwidth over the past 7 days. In order to enable such graphs you need have an IT resource configure your firewall to allow data collection and then configure some external software to poll the firewall and graph the results.  Almost all business-grade firewalls allow collecting this type of information.     

 

 graph

  

In addition to simply knowing how much bandwidth you are using, is the goal of understanding what applications or workstations are taking up the bandwidth. Currently, there are no standards on how to do this. Some firewalls support open standards and some do not. In addition, the open standards are not as robust they should be. This has opened the way for products that specialize in reporting on bandwidth usage by user and by application. Most of these devices do a whole lot more than just reporting on usage. They also focus on bandwidth control which includes monitoring bandwidth usage, identifying malware and viruses, and prioritizing bandwidth and web site access. As these technologies are integrated into Firewalls they are being given two names which basically mean the same thing, "Next Generation Firewalls" and firewalls that provide "Unified Threat Management."  
 

Eric Egolf
Eric Egolf

 

 
CIO Solutions and NetApp Make a Video!

 

CIO and NetApp have partnered up to produce the below video.

 

Check it out!!

 

CIO Solutions/NetApp
 

Updates

 

We have moved and are now settling into our new home.

 

Just a reminder, our new address is:

 

150 Castilian Drive, Suite 100

Goleta, CA 93117

 

All of our phone numbers as well as our PO Box have stayed the same.

 

If you are in the area come and say hi!

 

We will be planning a customer appreciation and 'office' warming event sometime in January.

 

Thank you for your patience and flexibility during this transition.

 

 

 

The 2nd Annual Bake Off will be taking place on December 3rd. We will announce the winners in December's newsletter.

 

10 Things Your Next Firewall Must Do

 

1. Identify and control applications on any port

2. Identify and control circumventors

3. Decrypt outbound SSL

4. Provide application function control

5. Scan for viruses and malware in allowed collaborative applications

6. Deal with unknown traffic by policy

7. Identify and control applications sharing the same connection

8. Enable the same application visibility and control for remote users

9. Make network security simpler, not more complex with the addition of application control

10. Deliver the same throughput and performance with application control active

 

Click here to read more about Next Generation Firewalls and how they can make your network more secure and easier to manage.  

 

Next Generation DLP and Encryption - A Review

 lock

 Organizations are under increased pressure to protect private data. The number of government and industry regulations is growing and the requirements (and the punishments) are becoming more severe.

 

To protect private data, the IT industry has several major technologies at their disposal. Two of the most important are Data Loss Prevention (DLP) and encryption.

 

DLP solutions help organizations prevent private data from leaving their networks. Private data leaving the network through email can be scanned by a DLP solution. Upon identifying private data (by matching keywords, phrases, hashes or some other pattern) a DLP solution can take action. It can either block the data from leaving the network or encrypt the data so that it leaves in secure format that only the intended recipient(s) can access.

 

Encryption is an essential componenet of DLP. Without encryption, a DLP solution's only means of protecting private data in transit would be to block it entirely. This appraoch is unreasonable in today's hyperconnected world. Encryption is what DLP and secure messaging viable for businesses today.

 

While DLP and encryption sound like a no-brainer, there are significant challenges when implementing these technologies. Once encryption is implemented the data becomes inscrutable to network monitoring tools and therefore the more network traffic that's encrypted, the less network traffic can be optimized for performance. Best practice calls for automatically and selectively encrypting data. This way encryption is triggered by defined policies which are based on message content as well as the identities of the sender and the recipient.

 

These two technologies DLP and encryption can be combined into one appliance which simplifies implementation and management. It is important that the appliance discover and encrypt email messages, enforce detailed policies and alert security officials to potential data leaks and other email security threats.

 

For more information on DLP and encryption solutions please email us.

 

App of the Month - Amazon App Store (for Android)

  

 The Amazon Appstore for Android is a place where you can get a great paid app for free every day, see app recommendations based on your past Amazon purchases, and shop using Amazon's secure 1-Click payment technology. You can also test apps on a simulated Android phone using a feature called "Test Drive." You can shop from your computer or directly from your phone or tablet.

 

Our recurring "Free App of the Day" promotion gives all registered users an opportunity to get a new paid app for free every day.

 

To purchase app from the Amazon Appstore and install them to your Android, you will need to have the Amazon Appstore app installed on your device. To get this, follow the instructions on this page. To purchase paid apps, you will need to have an Amazon account set up with either your credit card or bank information (or both). All paid app purchases will be automatically charged to the card associated with your account, and you will receive a receipt for each app purchase.

 

Product Review: Palo Alto Next Generation Firewall

Palo Alto Family

 What is a Next Generation Firewall? How does it differ from a regular firewall? These are the questions that are starting to emerge in enterprises around the world. 


According to Palo Alto, in order to be classified a Next Generation Firewall (NGFW) the appliance must meet five main requirements:

 

1. Identify applications regardless of port, protocol, evasive tactic or SSL

2. Identify users regardless of IP address

3. Protect in real-time against threats embedded across applications

4. Fine-grained visibility and policy control over application access/functionality

5. Multi-gigabit, in-line deployment with no performance degradation.

 

This might seem like a tall order to fill but Palo Alto offers a range of NGFWs that meet all of these requirements.

 

The main short-coming of traditional firewalls (or Intrusion Prevention Systems (IPS)) is that their effectiveness has drastically eroded in the face of more complex and evolving threats. With threats being introduced into networks from a variety of sources (applications, encrypted traffic, etc.) it is important to reassess whether or not you want to have a variety of appliances on your network or consolidate into a NGFW which will provide all the functions of a legacy IPS plus the more granular control for applications.

 

To summarize, the advancement of threats dictates a new set of requirements for complete intrusion prevention (not just intrusion detection). While NGFWs should include the traditional set of IPS requirements they should also address the new types of threats organizations are seeing. These requirements can be broken into three separate high-level considerations:

 

1. Control - Shrink the attack surface by limiting the scope to the applications that you actually need and use.

 

2. Protection - Prevent all types of threats by expanding the horizon of vulnerability exploits (viruses, malware, botnets, dangerous URLs, phone-home behavior, tunneled applications, encrypted traffic, compressed traffic and files, etc.). Allow more granular control of applications and the use of them (limiting apps to certain users, controlling bandwidth usage, disabling certain application features, etc.)

 

3. Performance - Do all of the above at multi-gigabits per second throughput with low latency with real world traffic and with full scanning enabled to protect both servers and clients.

 

Click here to read more about Palo Alto's Next Generation Firewalls

 

Employee Spotlight: Jason Coltrin, Remote/Field Engineer

  

Nic NeilsonFull name:  Nicolas Neilson

 

Family Info: I'm married to Kala, another Santa Barbara local. We are planning on having kids someday.

  

Where did you grow up? Santa Barbara, CA

 

What do you like best about SB? I like that there is a 15 minute drive from the beach to the top of the 'mountains'.

 

When did you start working at CIO? April 2010

 

What is your position at CIO?  Remote Network Engineer (Central Support)

 

What do you like best about working at CIO? I like the people that I work with.

 

Dreams/aspirations: I am currently working on an Associates Degress in Computer Networking. Once I have that complete, I am going to go after some industry certifications.

 

Favorite color:  Black

 

Favorite Food: Something spicy

 

Favorite Book/Movie:  Lord of the Rings

  

Motto/quote: 'Don't worry, be happy'

 

Interesting facts: I am one of the few technical people at CIO who is not an avid gamer.   

 

CIO Solutions does not knowingly participate in SPAM. If you wish to be removed from this list, please follow the link below and you will be taken off this list. Thank you for your interest in our
e-Newsletter. 
Share