Page 127 - Security Today, March 2017
P. 127
James Weaver, Senior Product Marketing Manager for Avaya, points out that while IoT devices are relatively new to enterprises, they do pose a growing risk. “As IoT devices become more popular, we may find that they take the same path of BYOD where users, not IT, started placing them into the organization without IT’s knowledge.” He adds, “We will also likely see pressure from users to push IT to deploy the solutions quickly at the expense of security.”
So, what’s the answer? Should IT Managers declare Marshall Law across the board? That may give them more control, but they’ll increase their workload in the processes. It also limits usability. And even the most vigilant processes can’t protect from every mistake, every keystroke, or every threat.
“Typically there is a tradeoff between security and complexity — the more that you want to lock down areas of your network the more complicated the network and security systems become. This particularly becomes a problem when trying to scale out security solutions.” Mr. Weaver reports. “Many companies are now searching for solutions that minimize this tradeoff relationship as company’s security and IT staffs are already overburdened.”
Avaya offers a foundational approach to securing the Everywhere Perimeter with three synergistic capabilities that provide a unique foundational layer to enhance existing security solutions, such as virus scanning, firewalls, and intrusion detection. According to Marc Randall, Senior Vice President & General Manager of Avaya Networking, in his blog dated September 8, 2016, Avaya’s three pillars for securing the everywhere perimeter include:
Hyper-Segmentation
Greatly improving upon traditional segmentation, Avaya’s hyper-segmentation scales to millions and seamlessly spans the entire organization from data center to device. Once hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency.
Native Stealth
Unlike traditional technology, Avaya delivers hyper-segments that are not exposed to the vulnerabilities of Internet Protocol (IP). What this means is that in the event the organization is breached, for example, through the HVAC or an IoT network segment—the hacker is unable to see anything outside that segment, keeping them contained. Since intermediate networking nodes are ignorant of the content and do not rely upon IP-based reachability, these cannot be used as launch points for exploiting a breach.
Automated Elasticity
Avaya has pioneered the concept of network elasticity as an enabler for securing the Everywhere-Perimeter. An elastic hyper-segment automatically stretches services to the edge, only as required and only for the duration of a specific application session. As applications terminate or end-point devices close down or disconnect, the now-redundant networking services retract from the edge. It simplifies deployment of hundreds of segments for tens of thousands of endpoints.
Network security is a battle that will most likely grow in risk and sophistication in the years to come. Hackers are continually on the lookout for creative attack vectors, while ScanSource’s vendor partners are developing ways to thwart them at every turn. For its part, Avaya will continue to follow its simplicity- through-automation design principle as they expand their solution offerings for hyper-segmentation and IoT security. Furthermore, Avaya is also pursuing technology relationships that will enable secure transport of Iot traffic over internet-based connections and an ecosystem of partners to ensure flexibility and openness for its solutions.
* End-to-End Network Segmentation Research, Veraquest, August 2016
ScanSource Networking and Security Focus SPRING 2017 | 2