As workers find new and creative ways to use the web, organizations struggle to maintain control of the corporate network while empowering employees, partners, and other stakeholders with access to critical functionality. A staggering number of new applications have emerged and the number grows daily. Complicating matters is the fact that what is considered a "good" versus "bad" application is no longer a clear-cut issue. Some applications are intended purely for business purposes and are carefully designed to minimize security risks and maximize productivity. At the other end of the risk continuum are applications programmed to steal data, corrupt computers, and disrupt network activity. A huge variety of applications fall into the gray area between these extremes.
While IT administrators were once apt to deny access to applications whose origins were found in the consumer world, such an approach is increasingly problematic. After all, applications such as Facebook have proven quite valuable for many in the business world, particularly sales and marketing groups. In fact, 1.5 million local businesses maintain active pages on Facebook. (For this and other interesting Facebook facts, see http://www.digitalbuzzblog.com/facebook-statistics-stats-facts-2011/). At the same time, Facebook games can be productivity zappers, and if they contain malware, they also pose a security risk.
This evolution is causing administrators to reassess how they configure firewalls in protecting the corporate environment. A few years ago, IT administrators could deny access to applications by defining firewall policies blocking certain ports or protocols. But because many applications today appear as web traffic over port 80 or 443, this approach is no longer sufficient or effective. As a result, administrators have lost a fair amount of control over the applications being used across the enterprise.
Instant Messaging (IM) and peer-to-peer (P2P) applications are prime examples of why new levels of control are required. The first generation of these applications could be regulated through basic access control lists (ACLs) based on fixed or limited destination ports and readily identified registration servers. Second-generation applications used dynamic ports and registration servers that changed addresses frequently or were mirrored so extensively as to render ACLs less effective for blocking applications. The current generation of IM and P2P applications often act like web traffic and, in many cases, dispense with registration servers altogether. As a result, they are increasingly adept at evading firewalls. In fact, some applications – including Ultrasurf, Skype, and Winny – dodge security technologies by design. Clearly businesses need to closely control access to these applications, especially those organizations bound by certain industry regulations.
The timeline below helps illustrate what capabilities today's security professionals seek in a solution.
To secure today's corporate environments and take back control, administrators need to identify and determine whether applications are being used for legitimate business, are malware, or fall in the gray area in between. In the latter case, IT professionals need the ability to control who can access the applications and for what purposes. Web 2.0 applications such as streaming media and audio can consume large amounts of expensive corporate bandwidth. Plus, corporations in regulated industries may need to restrict the usage of Instant Messaging because they cannot comply with requirements for electronic message retention. As part of a security and regulatory compliance posture, a corporate acceptable use policy, or a combination of the two, organizations must control employee use of the full range of applications.
The web is the primary source of security threats to organizations today, and web applications are often the main focus of attackers. At the same time, social networks are growing rapidly and new Web 2.0 sites are cropping up left and right. Users are often still unsure of how to exercise the appropriate levels of privacy on such sites. As a result, hackers find it convenient to use social networks as a launch pad for social engineering attacks against employees in an organization. Users are more likely to trust a link to a site when it is provided by a connection in their social network, not realizing that such accounts can easily be spoofed or faked.
Given that web traffic and web applications are the source of so many security risks, IT administrators can cut down the potential threat vectors by limiting their users to only those applications that are necessary for business purposes.
WatchGuard continually evolves its solutions to keep pace with the newest challenges facing organizations of all sizes. WatchGuard’s XTM appliance v11.4 (and higher) includes Application Control capabilities that empower administrators to exercise fine-grained control over hundreds of applications, and understand which applications are being used and by whom.
The WatchGuard Application Control is a fully integrated security subscription for all WatchGuard XTM appliances. It provides global and policy-based monitoring and blocking of over 1,800 unique web and business applications for greater productivity and enhanced security. Administrators can enforce acceptable use policies for users and groups by category, application, and application sub-functions. For example, they can define a policy that allows the marketing department to access Facebook, but not Facebook games.
Using over 2,500 signatures and advanced behavioral techniques, Application Control also gives the administrator real-time and historical visibility into the use (or attempted use) of applications on the network. This level of control and visibility helps organizations enforce acceptable use policies that are mandated by industry regulation, legal and political jurisdictions, corporate goals or culture, and the like.
Within the WatchGuard XTM configuration tool, the administrator sets up a global policy or a more granular one covering specific users, groups, networks, or other criteria that determines which applications can and cannot be used. In real time, WatchGuard XTM with Application Control then inspects traffic crossing the appliance and determines which application is producing the traffic. Signature-based technology combined with an engine that assesses application behavior enable the appliance to identify applications with a high degree of accuracy. The appliance enforces the policy defined by the administrator and logs its actions for review. The administrator can log into the reporting GUI to see application usage, such as which applications users ran (or attempted to run) and the top applications used across the business.
By employing Application Control from WatchGuard, organizations will realize a variety of benefits. In addition to regaining control over the corporate environment, IT administrators actually have more power over applications than in the past. As a result, they can keep pace with the ever-evolving application universe and satisfy corporate and user demands. In fact, by applying policies that control application usage, administrators ensure employees and others can conduct their work as needed, that they stay focused and productive, and avoid potential legal problems associated with the use of unauthorized applications. Just as important, with comprehensive application control in place, organizations can be certain of limiting their security risks and preserving corporate bandwidth for applications and usage consistent with corporate objectives.
As employees, partners, and others within the corporate environment have ready access to a variety of applications, organizations must find ways to balance user needs with security. Now that so many applications defy clear-cut categorization, IT administrators require new levels of control over which applications are allowed and by whom.
This type of application control is available in the WatchGuard XTM firewall today. WatchGuard delivers it as part of a full-featured firewall that includes all the functionality needed to easily, comprehensively, and cost-effectively secure the corporate environment. In addition to advanced application-based policy construction and enforcement, XTM supports all of the traditional port- and protocol-based configurations that administrators are familiar with, along with critical networking features, including dynamic routing, WAN failover, and load balancing. A drag-and-drop VPN method makes it easy to create site-to-site tunnels for secure connections between locations. Moreover, a suite of interactive, real-time monitoring tools save time and make it easy to see at-a-glance information about user, network, and security activities.
Find out more about WatchGuard Application Control and the XTM family of network security appliances, visit www.watchguard.com, contact your local reseller, or call WatchGuard directly at 1.800.734.9905 (U.S. Sales) or +1.206.613.0895 (International Sales).
« Return to top »
WatchGuard continually evolves its solutions to keep pace with the newest challenges facing organizations of all sizes.
Application visibility and control is critical to the health of your network and your business. Learn how Application Control from WatchGuard makes enforcing acceptable use policies simple.
With so many anti-spam products on the market, how can you be sure you're getting the best solution for your business network? Find out the right questions to ask.
WatchGuard has deployed nearly a million integrated, multi-function threat management appliances worldwide. Our signature red boxes are architected to be the industry's smartest, fastest, and meanest security devices with every scanning engine running at full throttle. Why buy WatchGuard? Find out here.