With massive breaches affecting everything from retail establishments to Hollywood stars, one has to wonder if there is a better way to protect data in transit and at rest, and if anyone has discovered a process to make that become a reality.
Sophos, known for its desktop security products and cloud-based security services, is aiming to build a more secure cloud by acquiring Mojave Networks, a San Mateo, California-based startup that came to market with cloud-based security solutions.
Mojave fills an important hole in the Sophos product lineup, which only just recently moved into cloud-based security. With the acquisition, Sophos aims to integrate Mojave's primary services into a unified cloud security platform — those services include cloud-based network security, cloud-based app security and Mobile Device Management (MDM).
The combination of Mojave's offerings with Sophos's cloud, mobile cloud protection systems and its network/end-user/server protection products (appliances, virtual appliances and software) should help Sophos to deliver cloud-based security that is always up to date and can deal with the latest unified threats.
Other companies looking to play in the unified, cloud-based security space include Cisco, Symantec, Dell, and numerous antivirus vendors. However, IT pros have long had to turn to cloud services vendors, along with firewall vendors and antimalware vendors, to hobble together a solution that offers something akin to a complete security solution. If Sophos can pull off the integration of Mojave into its cloud security offerings, the company may be able to offer the unified security nirvana that so many are seeking.
The advantages offered by security services unification cannot be underestimated. First and foremost is the ideology of a unified security dashboard, which eases deploying security across multiple platforms, devices and connections. What's more, better reporting naturally follows a unified management system, where all the bits and pieces of security are well aware of each other and can offer a better look at how things are secured.
Nevertheless, what security vendors claim and what the real-world challenges do not always jibe, which begs the question: What should unified security offer and why?
- Antimalware: One of the first elements to look for in a security package is how it deals with malware. Better products include everything from link scanners to antivirus tools to real-time (cloud-based) updates.
- Antiphishing: One of today's biggest security problems is phishing, where embed links in emails can be used to launch malicious websites that gather information or install spyware on systems. Beyond educating end-users not to open suspicious emails, it is critical to have a service (or software) that detects phishing attempts and puts a stop to them.
- Content filtering: One of the best ways to limit a user from visiting a malicious site is by leveraging content filtering, where websites are blocked based upon ratings/content and so forth. If a user cannot access a malicious site, security is vastly improved.
- MDM: For organizations that place workers in the field, it is critical to have control of the devices they use remotely or while traveling. A good MDM system will enforce passwords, keep data encrypted and provide a way to either wipe a lost device or help to locate it.
- SQL injection protection: Many breaches come from a blunt force attack, where malicious code is inserted into a database, forcing the database to return results that may reveal private information. A device or cloud service should be in place to prevent that from happening.
- Advanced Persistent Threat (APT) protection: APTs are one of the latest maladies to impact network security. Those engineered attacks may knit together many smaller attacks on what may seem to be unrelated systems to sneak malware past traditional security products. Unified security can effectively combat APTs by putting the pieces back together, validating or blocking the code.
- Antispam: Spam can be a major security problem for most any email user. Preventing spam from entering the network proves to be a key capability to protect end users and their resources, and it is best done before the email enters the network.
- Firewall: Multiple firewalls can provide layers of protection. A unified offering can tie together a next-generation firewall at the edge of the network with a locally installed desktop firewall to plug any potential holes. However, local firewalls need to be managed to be effective, and that is where a unified security package comes into play.
- Intruder detection and prevention: Keeping unauthorized users out proves to be one of the better ways to prevent data loss and compromises. An effective security system is able to work hand in hand with security directories, firewalls and VPNs to make sure the user is actually the intended user. This works better when managed under a unified system, which could also leverage two-factor authentication and enterprise level LDAP/ADS type directories.
- Wi-Fi security: Hotspot connectivity is often overlooked. Whether or not that hotspot is internal or located in a coffee shop isn't the real issue — the real issue is how the traffic travels via the hotspot. Encryption combined with SSL or VPN services becomes a must-have to protect data in the ether; a unified security package should provide the software to secure Wi-Fi traffic and detect when traffic is traveling in the clear (unprotected).
Only by combining the above into a centrally managed offering can one hope to achieve true unified security. After all, security is made up of many moving pieces, and without management some of those pieces are bound to fail.
Hopefully, by Sophos combining what were once separate security offerings into a unified platform, the company can lead the way for competitors to identify those same threats and help to bring forth multiple competitive offerings that can only improve security.
Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MCNE, MCSE, A+, N+, L+, and Security+.