Today we are kicking off our “A Look Inside Security Tools” (ALIST) series, starting with Rob Andrews, System Engineer from Sonicwall. Over the next several weeks, we will be interviewing technical sales professionals from leading security monitoring tool companies. But don’t worry, this will not be a straight product pitch. We do offer each subject to share an elevator pitch about their flagship product, but we will also delve into a range of security topics associated with virtualization, cloud computing, and “Golden Eggs”.
ALIST: Rob Andrews of Sonicwall
So let’s get this ALIST party started…
Name: Rob Andrews
Title/Role: System Engineer
Company: Sonicwall
Product Focus:
UTM Firewall
SSL VPN appliances
Email Security
Secure wireless
1. What is your company’s flagship product, and why is it important for security purposes?
The Sonicwall NSA E7500 is our enterprise class UTM (Unified Threat Management) Firewall. It combines firewall, routing, IPS/IDS, gateway anti-virus, gateway anti-spyware, content filtering, IPSEC, and SSL VPN capabilities into one slim 1u chassis. It’s the only appliance on the market that can deliver nearly 2 Gbps of UTM scanning at its price point.
2. What areas of security are most important to you professionally, and which do you enjoy working with most?
I suppose I am a bit biased, but I really enjoy working with my company’s products, but more specifically the Sonicwall NSA firewalls and SSL-VPN. Building a secure network requires the basic building blocks – firewall and secure remote access. Essentially, these devices are the gateway to your “kingdom,” and the network admin holds the “key”.
I find it gratifying in knowing that I control and safeguard access to my resources including where, when, and how; and I think a lot of other IT admins do as well. Keeping undesirables off my network, whether it is due to access controls or threat prevention mechanisms (i.e. IPS), helps me sleep at night. Sonicwall’s browser based management of the NSA line makes it super simple to configure firewall rules, intrusion prevention/detection policies, content filtering, and routing. I find anyone that used to have to manage a PIX falls in love with the simplicity and power of our GUI.
3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
I have two common scenarios I’m engaged with. Almost everyone knows they need a firewall to build a secure network, but how to decide on correct model, features, capacity, and functionality is where I assist. There are a lot of 5+ year old firewalls installed out there that don’t meet the demands of today’s requirements, i.e. throughput, IPS, etc.
The other is when customers need to deploy a VPN solution. Many folks are using an IPSEC solution for VPN access, and they’ve discovered that it doesn’t meet their evolving business needs for things like granular access control, end point interrogation, and browser-based access. I find many customers have an idea of what they’d like for VPN access but aren’t entirely sure how to meet their requirements.
4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
I just had this debate internally with some colleagues. Some are on the side that cloud infrastructures have more sophisticated individuals maintaining and looking at the security stack, while companies that house data internally have limited IT staff, so the “cloud” is therefore it is more secure. On the other side of the fence, some argue that you are entrusting your data to a third party who may promise the world in security, but in the end, you have no real way of auditing what they are doing. For most folks, it’s a balancing act. If you have no idea what you are doing or how to properly secure your data (and possibly want someone else to blame when things go wrong), using cloud services is something you should consider. If you’re on the opposite end of the spectrum…you have the tools and skill set…my recommendation is to approach cloud services with caution.
When it comes to virtualization, I’ve seen some folks take an interest in virtual firewalling. I’d have to say this market is still relatively young and fits a certain niche of customers. The issue with running a VM firewall is its overall performance. If you are only using the VM firewall to do stateful inspection, it may not be such a big deal for you. However, we know that most attacks are buried in the payload of allowed traffic. To do DPI (deep packet inspection) effectively, you need a dedicated UTM appliance so you can see reasonable levels of network performance. We discovered long ago that x86 processors don’t scale well for UTM scanning.
With regard to Social Media, it is and will continue to be a source of malicious attacks and other threats. I’m seeing more and more organizations restrict access to Web 2.0 sites with highly positive results, such as reclaiming network bandwidth and employee productivity. We’ve already seen numerous issues with threats being propagated through Facebook, Myspace, and Twitter. Anytime you have a place where you get a lot of traffic and information is easily and quickly distributed, there is room for the unscrupulous to take advantage. This is part of the reason I limit my social networking consumption. There are others, but that’s another story for another day.
5. Tell me what your most pressing security concern is over the next 1-2 years.
I have two concerns for your consideration.
The first how to get customers off old insecure technology. I find far too many customers relying on antiquated, insecure, or (even worse) technologies that they believe are secure which, in fact, are not. Unfortunately a lot of organizations are resistant to change, whether that be due to lack of expertise, laziness, budget, etc. In the end, technology and threats evolve. You either keep pace, or you find yourself a victim or a target of attack. For example, I recently worked with an organization that insisted on using WEP to secure their wireless infrastructure for hundreds of users. Never mind the fact that WEP can be cracked in seconds by almost anyone.
Fallacy: Linux and Mac OS are inherently more secure than Windows
The other is what I would consider the “head buried in the sand” syndrome. Too many individuals believe Linux and Mac operating systems are secure by default and don’t require any safeguarding. Unfortunately, this myth is also further perpetuated by the media i.e. the Mac/PC commercials on TV. The worst part about this is the false sense of security it brings. Attacks and vulnerabilities have already been demonstrated against these systems. While these platforms may not have as many vulnerabilities as Windows, they still have their own issues. As Mac continues to gain popularity, I’m confident we will be seeing more and more security issues for it.
6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
For more “mainstream” type news, I use iGoogle and have about a dozen different gadgets that provide news feeds. I also visit slashdot.org and hackaday.com on a daily basis, and Sonicwall has an internal daily news bulletin with information from various sources that goes out to all employees. The folks over at insecure.org have a few different RSS feeds I subscribe to as well.
It’s almost alarming to see the rate at which vulnerabilities are discovered. If I want to read something on the plane, I’ll pick up a copy of Hakin9 or 2600. Finally, I occasionally frequent sites like securitytube.net or the forums at remote-exploit.org.
7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
UTM should be on everyone’s checklist when it comes to firewall security. There are far too many threats that are being propagated out there, because regular stateful firewalls are letting them through. Securing your network is much more than closing ports, it’s also inspecting the allowed traffic through. The best analogy I can use is a trip to the airport. Would you let everyone that holds a boarding pass through security? Or would you want to scan the payload of the passengers to ensure nothing malicious was brought on board? Of course, we all know the answer there. This same approach needs to be taken for your network.
___________________________________________________________________
The Anue Systems Team wants to thank Mr. Andrews for jumping in as the first ALIST-er. We are still accepting requests to take part in this program from qualified technical sales / SE professionals at leading security tool vendors. If you wish to be considered for inclusion, please contact Tommy Landry at tlandry (at) anuesystems (dot) com.
