July 09, 2012, 2:17 PM — Back in 2008, guarding Motorola's perimeter was a lot simpler than it is today, recalls Paul Carugati, the
company's information security architect. "It was OK to just open up [firewall] port 480 [to network traffic],
because we knew that everything that ran over it was HTTP," he says.
But with the rapid growth of Web 2.0 applications, e-commerce environments and cloud services, he adds, "in
2010, that wasn't so true; in 2011, it wasn't true at all."
Management was continually questioning Carugati about the risk exposure related to a critical service or a
social media environment, and the possibility of infiltration of the company's data through social media.
Motorola's then-current firewall technology could trace users' IP addresses, but it could not track applications
and so was unable to monitor which ones were exposed.
[Also read The 7
deadly sins of network security]
To address the issue, Motorola's security department added a next-generation firewall
(NGFW) to its perimeter defense mix. In addition to traditional Level 3 and 4 firewall security, the platform
can track outgoing and incoming traffic at the application level. This has brought huge gains in visibility,
control and enforcement, Carugati reports. Now, it's clear "which apps are flowing through that egress environment,
including apps we thought we weren't allowing outbound and ones we didn't know about," he says.
That visibility enables the security team to enforce far more granular security policies at the application
level, rather than at the network protocol and port levels. Furthermore, management can now draw a far more
accurate picture of the company's social network presence and interactions, for risk assessment and compliance with
as PCI DSS, Carugati says.
NGFWs are just one way in which companies are revamping their defenses in response to new threat vectors that
have grown out of businesses' growing use of and dependency on Web applications, social media, cloud computing,
virtualization, wireless networks and mobile devices. These technologies continue to change the fundamental nature
of business computing and communications.