We’re all familiar with the cyber attacks on big-name companies and organizations that have made the news in recent years (for examplem Target and JP Morgan Chase). Although these scares may be effective at alerting other Fortune 500 companies to beef up their security, they tend to have the opposite effect on SMBs that often believe they are too small to make it onto cybercriminals’ radar.
The reality is that SMBs are targeted more often than enterprises. In fact, according to the Verizon Data Breach Investigation Report, 81 percent of all data breaches happen to small businesses. The Ponemon Institute’s 2016 State of Cybersecurity in Small and Medium-Sized Businesses report revealed that 50 percent of SMBs had data breaches in the past 12 months that involved customer and employee information. In the aftermath of these incidents, companies spent an average of $879,582 because of damage or theft of IT assets. Furthermore, disruption to normal business operations added another $955,429 to the cost, bringing the total loss to more than $1.8 million.
Almost always, the biggest security problem SMBs face is a lack of education about just how serious the situation is. Beyond that, however, inadequate and/or outdated security defenses are a major problem. Traditional firewalls are a good case in point. While blocking Internet traffic on network ports (such as port 21 for FTP traffic) was effective years ago, today it is akin to blocking the wind with a screen door. Here are three reasons you should be replacing your SMB customers’ legacy firewalls with next-generation firewalls (NGFWs).
Reason No. 1: Data Encryption Is a Double-Edged Sword
One of the most effective ways to protect data in transit is to encrypt it. This strategy has become so popular that as much as two-thirds of all North American Internet traffic could be encrypted by the end of 2016, according to a report from Sandvine. The downside is that it didn’t take hackers long to figure out how to exploit this security feature for their own purposes. By encrypting malware, for example, traditional firewalls, which rely on payload visibility, become less effective.
NGFWs, on the other hand, are able to gather headers and other unencrypted parts of the data stream, which enables security teams to analyze encrypted traffic more effectively. NGFWs also help security professionals ensure HTTPS requests aren’t coming from — or being directed to — suspicious locations.
Reason No. 2: Zero-Day Threats Are on the Rise
Traditional firewalls use signature-dependent IPS (intrusion prevention system) and antivirus engines. After a new virus or malware variant is discovered, the firewall vendor creates a new signature and then pushes it out to users so they can be protected from the new threat. The problem with this approach is that it only protects users from already-known malware signatures, not the new ones, called zero-day vulnerabilities.
Cybercriminals are releasing new malware variants into the wild at an increasingly fast pace. According to the 2016 Vulnerability Review by Secunia Research at Flexera Software, for instance, the number of zero-day vulnerabilities discovered in 2013 was 14. In 2015, there were 25 zero-day vulnerabilities discovered, representing a 79 percent increase.
NGFWs are not restricted to signatures like their predecessors are. These tools use cloud-based signature-less technologies to evaluate data flows, files and other bits of information. NGFWs analyze every file that tries to run on a PC and feeds that data into a threat intelligence network in the cloud, allowing them to quickly respond to the latest malware threats.
Reason No. 3: Being Proactive Is Always Better Than Being Reactive
In addition to the drawbacks already mentioned, legacy firewalls have limited visibility and alerting capabilities, which means that once a hacker goes through or around their security defenses, it can take a long time before the compromise is discovered. According to research from Microsoft, for instance, the average amount of time attackers reside within a network before being detected (a.k.a., the "time to detection" or TTD) is more than 140 days. During this time, cybercriminals can accumulate intellectual property and other valuable digital assets and plot out subsequent attacks.
By using advanced fingerprint and deep SSL encryption technologies, NGFWs can significantly reduce the TTD of a security attack or breach. Additionally, granular policies for specific application features (such as restricting unauthorized/personal cloud apps and/or social media usage) can be applied to user groups — or specific users — for added safety measures.
The security threat landscape has evolved significantly over the past few years. Not only are many of the legacy security tools, such as traditional firewalls, insufficient for defending against today’s sophisticated attacks, they often create a false sense of security. Rather than allowing your customers to take a “No news is good news” approach to security, educate them about their risks and help them transition to a better mantra, such as, “An ounce of prevention is worth a pound of cure.”
Neal Bradbury is Senior Director of Business Development for Intronis MSP Solutions by Barracuda, a provider of backup and data protection solutions for managed services providers, where he is responsible for generating greater business value for the company’s MSP partner community and alliance partners.