Today’s ever evolving threat landscape requires evolving technology and practices. Web 2.0 technologies have made interactivity a reality—and transformed how the web is used. They also have forever changed the security landscape for both individual users and enterprises. One popular technique employed by Cybercriminals is to lure users into “liking” a particular Web 2.0 page, claiming that the user will see a shocking photo or read a dramatic news story.
Let’s introduce you to Application Control and Enforcement. Application-driven security policies at the network level are required to protect your environments from emerging threats. Migrating away from the antiquated standard of using just ports and protocols to using applications needs to happen now, if not yesterday. The problem that has evolved over the past decade is that most applications are now cloud connected, and software developers and application producers know that organizations allow port 80 to the Internet; therefore, there have been a deluge of applications that run on port 80 and other common ports (such as 443). This has allowed applications to run under the radar on most port/protocol firewall deployments. Let’s discuss what it is and why we should use it.
Application control allows organizations and administrators to control network traffic based on an identified application. Applications are usually identified in a number of ways including signatures, protocol decoding, decryption, and other heuristics. Once an organization can successfully identify the applications traversing the network, administrators can then safely enable those applications and migrate the network to the desired “Zero Trust” model. This should be the goal for all security warriors everywhere.
Now let’s talk about why we should use it. Traditionally, when we created security policy, the defining variables would have been port and protocol. A common rule that we see would to allow TCP protocol on port 80 from the trusted network(s) to the untrusted network(s). In doing so, the thought was we are allowing “HTTP,” since it default standard ports happen to include port 80. But are you aware that HTTP isn’t the only application that uses port 80? Making the assumption that TCP port 80 is solely HTTP traffic could lead to trouble. Rather than creating a policy to allow the aforementioned, we should create a policy that allows “web browsing” based on the match criteria listed above. In addition to allowing web-browsing, you will also be able to gain visibility into what other applications are running on port 80, and then mitigate according to your security policy. Doing this will ensure that only sanctioned applications will traverse your network.
Application control on the network has come a long way in the last decade. For example, we have the ability to allow certain components of an application, and deny others. Let’s pick on Facebook. Your marketing department needs access to Facebook to be able to post however they don’t need the integrated chat, video, etc. These components can be a data leakage risk. By leveraging application control, we can only allow the functions of Facebook we want, while denying the functions we don’t want. Sounds too good to be true, right? Well, it’s true and it’s awesome. Of course, you will have to employ in-line decryption so you can break apart some of these applications, but that will be covered soon in another blog.
NETSource offers a wide range of security products specifically tailored to improve your security posture. We call it “Secure By Design.” Our team delivers a complete end-to-end solution to include security, network, compute, storage, and services leveraging local resources for faster response. NETSource cultivates and maintains relationships with “Best In Class” IT Vendors, including emerging and disruptive technologies. We pride ourselves on taking an IT agnostic approach to solving customers’ challenges and or needs.
About the Author: Jeremy Homan is Solutions Architect at NETSource. He is a motivated and passionate IT professional with real world experience designing networks and security solutions for businesses based on today’s issues with tomorrows solutions.