Services Blog- Hummingbird Networks

Why a Firewall is No Longer Enough to Keep You Protected

Written by Jason Blalock | Feb 15, 2018 1:47:00 PM

Once upon a time, all a business really needed to keep its network safe was a good quality firewall, preferably a hardware firewall.  Sadly, those days are long past.  If you're still relying solely on a firewall, you're leaving a lot of holes in your network security - and cybercriminals are getting steadily more clever about exploiting those holes.

When clients come to us looking for an all-around security solution, we generally recommend Sophos products.  Unlike other networking hardware\software companies, Sophos specializes almost exclusively on security products.  Likewise, they design their equipment to coexist with most other network vendors and architectures.

A quality Sophos device can provide both physical and software protections against a huge range of attack vectors that otherwise could go overlooked,

Areas In Your Network That A Standard Firewall Won't Protect

1 - Endpoint security

That is, all your user-level computers and other devices.  The threat from viruses and malware is higher than ever, and most standard anti-virus suites only afford moderate protection at best.  They tend to be particularly poor about updating in time to protect against "zero day" exploits.  On the other hand, Sophos Endpoint Security is widely regarded as the premiere anti-malware solution on the market, with its only downside being that it's a bit tricky to configure.

2 - Ransomware

Ransomware is the big moneymaker for cybercriminals at the moment, and it continues to be a destructive and expensive threat to corporate networks.  Currently, Sophos has the most advanced anti-ransomware system on the market with a one-two combo of software services.  First is their "Sandstorm" service.  Sandstorm is a sandbox - an isolated virtual machine - which a Sophos security network will use to trap any file it suspects of being malware.  You then have the option of running that file within the sandbox, to safely observe its behavior.  If it's a threat, Sophos takes the information garnered and uses it to increase their detection routines further. 

But what if someone manages to bypass Sandstorm?  There's also "Intercept X," a service which specifically watches for and targets unauthorized cryptographic activity.  In many cases, it can intervene and revert damage done by a ransomware attack before it causes any problems. 

3 - Mobile Email

Mobile email is a huge challenge for network security because it's difficult to fully control what users do with their devices without removing most of their functionality.  Sophos offers a full-featured email gateway (which can also pair with Sandstorm) that scans and protects email being delivered to your workforce no matter where they are, or on what device.

It also incorporates a superior anti-spam filter as well.

4 - Big Picture Oversight

Finally, there's the matter of keeping an eye on your entire network and understanding how your various security systems link together and overlap.  Much like plate armor, a network security system is only as strong as its weakest gap between segments.  Sophos's "Central Endpoint Advanced" system provides this top-down, end-to-end overview of your entire network and lets you see exactly how secure you really are.

Looking For Other Options?

Sophos is generally considered the best choice, and they now include a range of products which are aimed at businesses of all sizes - even startups and SMBs.  However, there are still some other options.

If you invest in a Meraki network, you have the option of adding very full-featured software appliances, particularly with the Advanced Security License activated.  One particularly nice thing about Meraki networks is that they standardize coverage across the network, and are capable of auto-updating the moment a new security patch is released - with no need to manually intervene.  It keeps itself updated, worry free.

The other big option would be Cisco products.  The Cisco TALOS group is generally regarded as the best organization in the world for discovering, documenting, and immunizing against new malware in the wild.  So, Cisco security products benefit greatly from that association.  Their ASA Firewalls include full suites of security products nearly on par with Sophos, and of course tailor-made to integrate well with other Cisco products.

Want To Test Your Network Security?  Hummingbird Can Help!

Ultimately, when it comes to network setups, the proof is in the proverbial pudding.  It doesn't matter how much you've spent if there's still a gap in your security which can be exploited.  

Hummingbird Networks can provide full security probing and testing services, creating a simulated "live fire" environment which tests your security - but without any risk of actual harm done to your business.  There's no better way to truly find out how powerful your security system is than to allow experts to test how it performs when under attack.  If there are problems, we'll give you a full report with recommendations for fixes.

For a full network security assessment, contact Hummingbird Networks today!