The latest news about Bandura Systems.

Guest Blog: Reducing Your Network’s Attack Surface. By Charles J. Kolodgy IDC Research Vice President, Security Products

August 2, 2014

The Internet has revolutionized the way we communicate. “Reach out and touch someone” was AT&T’s tagline in the 1970s. With the Internet you can literally connect up with anyone on the planet. However, the Internet has its dark side. It contains unsavory characters who use the technology to perpetrate crimes.

Security technologies are fielded to guard against cyber threats, attackers and criminals. However, advanced threats are making network security more difficult. This arms race has increased security solution complexity. This impacts IT performance and complicates management. For example, managing firewall rules is difficult, time-consuming, and open to errors.

With this background, one question consistently asked is: “What simple actions should I take to address my IT security pain points?” The simple answer is to reduce your attack surface. You really don’t want everyone to reach out and touch you. Network security is easier to manage if you only deal with the traffic you care about. With greater front-end control over the network traffic, your security tools can be more effective.

There is a product that offers this capability — the PoliWall from Bandura. The PoliWall appliance is positioned in front of the firewall to restrict traffic based on geo IP location and by IP Reputation Blacklists. Configuring the block list by country is done by clicking on the world map within the management console. Block China, for example, with a single click.

The Poliwall is inserted into the network without having to reconfigure other network devices. The PoliWall is efficient because it doesn’t care if the traffic is good or bad. It doesn’t need to scan every packet to hunt for malicious payloads; it just applies the appropriate rule. It’s like a magnet that pulls all of the ferrous metals out when you are just looking for aluminum.

That’s a somewhat simplistic metaphor, because the PoliWall is much more intelligent. It can be configured to block a whole country’s IP range down to blocking a single IP addresses, or grant an exception that can allow a single IP address. It can be configured to take into account the IT resource group the traffic is destined for, such as VPN, webmail, or web server. This allows VPN traffic from a blocked country while prohibiting webmail.

The PoliWall doesn’t just deal with inbound traffic, but also with outbound. The data breach at retail giant Target, for example, involved the exfiltration of stolen credit data to criminal elements outside of the U.S. PoliWall can be used to restrict who you reach out and touch. If your network has been infected by bots or zombies, you can discover and prevent their communications when they attempt to call home. The IPs for many botnet command-and-control servers are identified within IP blacklists, and may also reside within countries that are blocked under policy. By controlling what goes out of your network, you can protect against some forms of data leakage.

The PoliWall has other useful purposes beyond reducing the attack surface. One is bandwidth prioritization. Bandwidth usage can be throttled to set limits on how much bandwidth may be consumed by any country. This can improve business operations by ensuring that critical systems receive the required bandwidth. It can also help to mitigate a distributed denial-of-service (DDOS) attack. If you are being attacked, you can prioritize countries most important to your business. Again, the PoliWall doesn’t need to know if the traffic is malicious or not — it just allocates bandwidth to important connections and everything else is dropped before it hits the network.

The bottom line is the PoliWall is a solution that controls from where you want to accept and send traffic. It can actively reduce your attack surface, improve network performance, and provide valuable threat intelligence.

Our Partners