May 17 2013

Schools Say Next-Generation Firewalls Simplify Security Management

Districts report more functionality, enhanced security and more visibility from the latest crop of firewalls.

Finding a firewall that can take on many functions streamlines management and reduces costs for the Albert Gallatin Area School District in Uniontown, Pa.

Chris Bolin and his staff of four deliver IT services for 4,000 students and 500 staff and teachers across 10 buildings. “We’re a large district, and we don’t have a lot of money,” the technology director notes. Deploying a Sophos Secure Web Gateway that serves as a firewall, web filter, antivirus/antispam device and wireless controller makes a huge difference in the services the district can deliver, he says.

“Before we went with Sophos, we were using a separate device for web filtering, virus scans and as a firewall,” Bolin says. “We’ve had wireless service in our high school and middle schools, but this let us roll out wireless to the elementary schools.”

77% The percentage of security professionals who believe that staff access to social networking sites increases the likelihood of an advanced persistent threat or other sophisticated malware attack on the organization

SOURCE: “A Prudent Approach to Next-Generation Firewalls” (Enterprise Strategy Group, January 2013)

Without the ability to add wireless service to the Sophos gateway, Bolin says the district wouldn’t have been able to afford wireless for the elementary schools. The gateway offers the IT group one centralized place to manage the district’s technology and network.

“It lets me do all the configuration and management centrally,” Bolin says. “It’s a major timesaver compared to managing three separate devices.”

John Grady, a research manager for IDC’s security products group, says IT managers such as Bolin opt for multifunction devices because they deliver high value at an affordable price.

“I see this as the gradual evolution of the UTM,” Grady says. “The latest devices offer better integration between technologies, as well as application control and the ability for systems administrators to set very granular policies for users or groups of users.”

Tighter Security, Greater Visibility

Ray Walls, senior network administrator for Mesa County Valley School District 51 in Grand Junction, Colo., says UTM devices provide his district with numerous benefits.

For starters, the firewall removes spyware and viruses before they reach the network. The management software also provides network traffic visibility from a central location that’s easy to manage. What’s more, the software makes it easy for Walls to set security policies.

“Another major benefit is that because we deployed a redundant device, we’re guaranteed high availability,” he says.

Walls notes that the district made the move to a next-generation firewall when it decided to increase the bandwidth of its network from 90 megabits per second to 500Mbps. The older gear couldn’t handle more than 100Mbps, necessitating the upgrade.

Mesa County Valley School District 51 uses the device to counteract spyware, as a firewall, gateway filter and for intrusion detection and prevention.

3 Elements of a Next-Gen Security Architecture

Jon Oltsik, a senior principal analyst for the Enterprise Strategy Group, advises organizations to adopt a broad, next-generation security architecture of tightly integrated network services that can be applied throughout the network.

Next-generation network security includes these elements:

  • Central management. A major aspect of next-generation security is the ability to centrally manage security policies, service orchestration/provisioning, monitoring and reporting.
  • Distributed policy enforcement. This capability expedites network security service provisioning throughout the network. For example, a systems administrator can deploy a firewall service at the network perimeter, in the data center, at remote offices or within a physical server hosting multiple virtual servers.
  • Any network security service in any form factor. Next-generation network security can be applied in any type of device or set of services, including fixed-function, multifunction or virtual appliances, or cloud-based managed services.