The overwhelming consensus: There’s a cybersecurity skills shortage. Some surveys have identified the cybersecurity skills gap in slightly more than half of surveyed companies, while other studies calculated the deficit higher and more dire, with those lacking cybersecurity expertise registering in the high-sixties or seventies percentile. Why is this important? In a survey, ESG found […]
In our digital world, we tend to talk about the cloud, automation and virtualization as if every business professional and organization is consciously adopting virtual assets and deeply indoctrinated and invested in these technologies. Let’s face it… the cloud and virtual machines (cloud-hosted computers, databases and servers) are predominantly a large-enterprise, high-tech or platform-provider perspective bias, and those of us with a technologist bent tend to assume that every real-world company is digitally transformed in this regard.
However, it’s not so simple when you look beyond basic business network computing, Internet access and mainstream cloud app usage (AWS and Office 365).
Today’s reality is most network IT teams are still forced to patch and reconfigure hardware and software on an as-available human-resource basis versus leveraging automation as a way to try to stay ahead of evolving threats. For most companies, physical equipment is still predominant. It’s often still on premises, whether that’s a regional office or small branch office.
Most companies are still managing firewall hardware; some even have no firewall at all. They still treat network and security management as if the perimeter is ‘fixed in place,’ and trust their users will log into the company VPN when outside the fixed LAN security perimeter.
Meanwhile, end-user employees, coated only with antivirus protection, are roaming on their portable devices, connecting on this network host to that IP address. Ahh, digital business transformation… Your people want to expand their connections and help you to grow your business, but this wandering presents big IT security risk. Denial of service attacks, ransomware, phishing, identity spoofing, and increasingly sophisticated malware can breach and then tunnel into your digital network like a worm through an apple.
Digital transformation is an ongoing journey, a continuum, not a lasting status that an organization one day crowns itself with and then uses to rule over the market for many years while everyone else uses less-advanced tools. Because of this fluctuating landscape, small and midsize organizations can take giant leaps via digital-economy equalizers in the cloud that enable them to catch up or achieve strategic edge.
One of these digitally transformational accelerators is network- and security-as-a-service. There’s an IT skills shortage; network and cybersecurity expertise (the two often go hand in hand) are in short supply.
With an estimated 74% of organizations affected by a cybersecurity skills shortage, it’s ‘Advantage Hackers.’ One recent study reported 94 percent of IT security professionals believe the advantage has tilted to cyber-adversaries over cyber-defenders. (ISSA and ESG.)
This can lead to struggles in defending against the latest, most sophisticated cyber-attack or cybercriminal methods as well as the inability to patch software and hardware vulnerabilities rapidly. It can also leave your enterprise employees, workstations, networks and servers reliant solely on one or two static barriers, instead of a sounder, multilayered security architecture.
Exacerbating this cybersecurity skills shortage is network complexity, product overlap, and product fatigue. As the workforce becomes more distributed, network endpoints are moving and changing, making them difficult to inventory and manage. Meanwhile, backhauling all branch office and remote worker traffic through the core network is many times more expensive than providing these individuals with direct Internet access, and can introduce QoE latency. From both a business access and security perspective, small network and IT teams just can’t keep up across the many products, pieces of computing equipment and user access needs they have to manage across distributed sites.
Help for the network IT staff can come from automation and the cloud.
Security as a Service (SECaaS) for the Changing Network Architecture
What is security as a service (SECaaS) and why is it so important in a network without boundaries world?
At a high level, SECaaS is a rapid deployment that immediately solidifies both your network perimeter and lateral traffic security. It accomplishes this by providing key advantages over traditional IT security deployments.
- Speed. With advanced cybersecurity skills in low supply, do you wait for the on-device reconfiguration to be performed, or do you deliver advanced security agents that don’t require routine in-house patch releases? SECaaS is distributed network security protection in minutes versus weeks or months.
- Cost. The cloud empowers organizations, large and small, to more easily and rapidly facilitate less-expensive remote-office activation and branch-to-Internet connections. In this cost-efficient environment, SECaaS enables organizations to receive advanced security capabilities previously accessible only to deep-pocket large enterprises, and to do so without myriad tool acquisition and maintenance costs.
- Network Performance. You don’t have to compromise on security or performance as you migrate some of your traffic off the private network and into the cloud. Conduct your traffic with greater precision and quality of service, taking advantage of less-expensive yet high-performant network transports while orchestrating and automating advanced network security across distributed domains.
- Advanced Protection Against Targeted End Users. Firewalls do a good job of protecting the perimeter against north-south invasion, but when something inevitably does slip through the cracks (perhaps by compromising a device outside the firewall or VPN), it can spread laterally like wildfire. Secure your flexing and fluxing network, with always-on protection at the endpoints, which also defends against lateral movement leading to widespread infection, hijacks or outages.
- Central Management. Hackers prey upon inconsistent security policy enforcement across distributed network infrastructures. SECaaS enables central enforcement of policy, which is automatically applied throughout the entire distributed network, strengthening protection and closing loopholes.
- Simplicity. Whether you’re a managed security service provider or public or private network operator, OPAQ brings automation, easy orchestration and simplicity to your complex distributed network or networks. This IT service agility also makes it easier to meet regional and vertical compliance regulations.
Security-as-a-service can lead to easier, more holistic network security coverage for digitally transforming managed service providers and enterprises alike.
Visit our security-as-a-service (SECaaS) page.
Ahh, the firewall… that invaluable tool which monitors and protects traffic to and from an organization, as employees and servers communicate with the Internet and other networks or devices.
What would we do without them? Firewalls can block unauthorized access and inspect packets and prevent malware from infecting your network. A company might have an enterprise firewall at its headquarters office in Austin, TX, and another at its branch office 1,200 miles away in Charlotte, NC, and use these firewalls to enforce traffic and security policy across its network and access points. It might open a new office location in Chicago, IL, and equip that location with a third firewall and integrate it into the traffic and protection scheme. Or, conversely, the company might turn to a cloud firewall model to eliminate the amount of investment in physical security equipment and maintenance at its various sites. Either way, the company is taking prudent steps by incorporating firewall protection to help keep its electronic databases and other assets safe from infection, corruption, misuse, theft or ransom.
But what about a company that has only one office and 50 employees distributed across the country, most of whom travel extensively and are out of the firewall’s protective range? Do we expect them to log into the VPN when they work from their home offices or while visiting a client or attending a conference? Do we trust that they will log in? Does an enterprise-firewall-with-VPN strategy do much good here? And what if this small company doesn’t have the servers, routers and other equipment in its HQ office and instead leverages infrastructure in the cloud? Is a firewall appliance or cloud firewall really the most appropriate security solution for this type of organization?
Consider this: Firewall appliances at each office are there to protect the resident users, equipment (physical and virtual), and data. If your organization becomes so distributed as to have only a few people in the office and your server and database equipment in the cloud, the whole premise of the enterprise firewall loses its purpose. With intellectual property no longer on the premises to protect, it’s smart to consider a strategy in which network and security policy follow your employees wherever they are and wherever they go as they access private enterprise data from the cloud, and share data with one another.
Security at the Endpoint
Endpoint security is a strategy in which organizations or individuals attempt to stave off cyberattacks by fortifying remote equipment with on-device cybersecurity protection. Typically, this protection consists of antivirus software and scanning and complements a firewall. But when the firewall and VPN are eliminated from the equation, endpoint security must be stronger.
Cyber-attacks target individual users and their workstations via ransomware, Web browsers, document viewers, and multimedia players that download and execute content from the Internet in the hope of gaining a beachhead into the corporate environment. One wrong click or download by the end-user and the infection can spread laterally (east-west)… within the firewall… and across the internal network. No longer limited to big organizations and brands, SMBs are in the crosshairs of cyberattacks, with 43% of cyberattacks worldwide targeting small businesses.
Strong endpoint protection doesn’t replace all rationale for firewall use, but it can supplant traditional firewall and VPN strategies in certain scenarios.
- In organizations in which many IT applications (e.g., Office 365 and Salesforce) and/or sensitive digital assets are no longer hosted in internal network datacenters. Often, traffic from remote workers is backhauled over the VPN to an enterprise control center, from which it is then routed back over another VPN connection to IT services in the cloud. This method of backhauling traffic is expensive, unreliable, and slow.
- In organizations in which there are few or no company offices, and employees operate outside any firewall protection… Here, the workforce is largely distributed and transient, connecting to enterprise apps hosted in the cloud. In this scenario, endpoint protection needs to be more advanced and adaptive than static antivirus and firewall protection, and the flexing protection must be always-on.
- In small organizations consisting of an owner and one or more 1099 employees, where workstations are limited to computers located in remote offices. Firewall and VPN protection for these companies may seem heavy-handed, while host-based antivirus and scanning may not be enough to enforce security concerns and Zero Trust best practices.
In these scenarios an organization wants to be able to protect its remote workers from cyberattacks, protect these users’ connections to Internet and cloud access points, and prevent the spread of malicious code or file-less malware. The firewall becomes obsolete in some environments, and the VPN impractical. Strong endpoint protection and network segmentation become a smart, effective defense.
OPAQ Endpoint Coverage
OPAQ Endpoint Protect provides easy-to-deploy advanced security-as-a-service for your distributed endpoint users. Organizations can employ it as a complement to the firewall or when firewall or VPN protection doesn’t make sense – for example, small offices of 25 to 50 users.
OPAQ secures remote workers and the private network from the latest threats. Security follows users wherever they go – whether they are in a coffee shop, inside an airport or on a plane or train. The protection goes beyond host-based antivirus signatures and scans and includes:
- Network intrusion prevention and detection (IPS/IDS)
- Network anti-virus/malware/spyware
- External IP inspection and filtering
- Network URL inspection and filtering
- Zero-Day protection
- Internet exposure minimization
- Protection from both DNS- and Web-based assaults.
Meanwhile, OPAQ Endpoint Control governs your lateral traffic, providing secure access control and network segmentation. Using OPAQ Endpoint Control, organizations can place sensitive IT applications on the open Internet or in the cloud, while ensuring that only authorized users can access those applications. It can also be used to lock down internal networks, closing off unnecessary avenues for lateral movement by attackers who have compromised devices behind the corporate firewall.
Firewall displacement: Is a physical firewall at every office a waste? Are your remote users not logging into the VPN? OPAQ offers always-on advanced protection that doesn’t require your staff to invest and maintain the equipment.
Tightened endpoint security. Endpoint Protect ensures that every Internet connection initiated by the endpoint goes through OPAQ’s security cloud. This model provides affordable cloud-delivered enterprise-grade security for organizations that previously couldn’t afford or manage advanced security.
Stopping stowaways. The best approach to distributed security is to segment internal networks using software to contain the spread of attacks. OPAQ Endpoint Control is a network segmentation solution that gives you the visibility to see suspicious activity, quickly search for malicious network processes across your user base, and stop all network communication from infected endpoints.
Backhaul offload. Many organizations today are stuck backhauling full tunnel VPN traffic from remote workers to their enterprise. IT applications are increasingly hosted in private clouds, which are reached over endless VPN connections. Using OPAQ Control, organizations can break free from this inefficiency, moving to a model where trust is anchored in the user and the device, rather than the network they are on.
Security cannot be a static defense. To protect remote workers harnessing the cloud, leave the firewall behind and leverage strong, smart endpoint protection that is always on and evolving ahead of the latest threat.
Learn more about OPAQ EndPoint Protect
Read about Securing Remote Workers
So you want to modernize your organization to capitalize on all the leading-edge advantages of the digital era, big data, cloud efficiencies, AI, leading business apps, and partner and customer relationship opportunities? Achieving this business IT transformation requires a strong dose of change management including a willingness to transition on-premises servers to the cloud and switching from Web browser-only services to mobile-friendly apps and sites that facilitate new and more distributed connections. However, these promising modern system architectures won’t pay off without high-performance, highly scalable yet affordable networks to support them. Hence, a move to modernize networks and utilize the cloud is under way.
Why is the cloud so important in network modernization and wide area network (WAN) optimization? The biggest advantage is it enables organizations to leverage what’s already out there (namely, flexible networks, high-value application infrastructures, multitenant shared services, and outsourcing opportunities) so you don’t have to build or invest in the WAN infrastructure yourself.
But the underlying technologies in today’s network infrastructure consist of a hodgepodge of components such as traditional IP routers, multiprotocol label switching (MPLS), and software-defined networking, all of which offer differing ways of transporting data, creating a massive amount of complexity for organizations and managed service providers alike.
MPLS is a network technique that directs data from one node to the next based on the quickest path instead of relying on referencing IP routing tables. But when it comes to security and traffic orchestration in the cloud, MPLS is not fast, flexible or straightforward, requiring branch office-to-Internet service requests to pass through a core network before being delivered. This creates additional traffic over expensive MPLS lines, a utilization that doesn’t take advantage of the whole agile and ubiquitous nature of today’s cloud-centric business model.
A different networking approach drawing attention is software defined wide-area network (SD-WAN). SD-WAN is a transport-agnostic overlay that can route any type of traffic (LTE, 3G and broadband, as well as traffic over private MPLS circuits). The SD-WAN approach provides a network management and control layer to orchestrate ‘backhaul offload’ and WAN optimization. It should figure in enterprise considerations when trying to achieve faster deployment timetables for branch enablement and realizing cloud benefits such as availability and cost. But, as SD-WAN starts to complement today’s private MPLS networks and traditional IP routing, organizations should also consider a number of security questions.
Don’t Forget to Modernize Security as You Modernize Your Network Strategy
Just as there are compelling reasons to modernize your system architecture, business computing methods and networks, there are also compelling reasons for modernizing network security.
As you shift from backhauling all or most of your traffic through the core network in favor of more direct branch to cloud pathways, you are potentially losing some elements of centralized network and security policy.
SD-WAN – as a central enterprise WAN-traffic controller from which to easily apply policies across all devices – is not a security technology, per se. It allows you to avoid the cost of backhauling traffic through the core network, but with that comes the challenge of implementing enterprise-grade security policy across a distributed network.
So what do you do? Do you trade off some security at the branches by plugging in an SD-WAN device that offers only basic protection? Or do you pay for truck rolls (i.e., technicians to install and configure edge devices at every office) and then bear with lengthy deployment cycles? Do you team up with a managed security provider?
This is where the notion of security as a service (SECaaS) and network service insertion from the cloud can come in handy. With a single network and security cloud, you or your managed service provider can simply throw the switch to deploy smart centralized network policy and security at the branch level, extended VPNs, and mobile outliers. This cloud-based security approach, while reducing vulnerabilities at the branches and among mobile/remote users, can also reduce deployment times by up to 91 percent.
Five Key Security Considerations for SD-WAN and Hybrid Cloud Networks
A new white paper from OPAQ discusses five security imperatives companies should keep in mind as they modernize their network infrastructure. A few of these important considerations are to:
- Modernize security as you modernize your network. SD-WAN is a modern transport system, but isn’t necessarily an advanced security system. Protect your digital assets and your information with security solutions such as next-generation firewalls and leading-edge endpoint protection.
- Secure your branches as you enable them. As you fortify distributed users with direct access to Internet information and apps, the implementation of advanced security doesn’t have to create long delays and siphon from productivity.
- Ensure that backhaul offload doesn’t open Pandora’s Box. Mitigate the risks of infection, costly viral lateralization attacks, and the compromising of sensitive data by passing any direct branch office-to-cloud traffic through an agile and virtual firewall and fully encrypted network. Easily segment your network to limit the spread of a cyberattack.
As you modernize your networks, make sure you protect your data, users and business reputation with a fully integrated solution that incorporates an encrypted software-defined network, next-generation firewall and endpoint protection capabilities that can be applied in a matter of minutes, long before that next truck roll.
Network modernization, like any wave of innovation, is multifaceted in its good intentions. It’s about rearchitecting your network so it is better able to handle increasing traffic and high-bandwidth-consuming apps such as video, ensure availability and quality of experience, flex for the delivery of new revenue-generating service offerings, and reduce network and application maintenance and overall costs.
The much ballyhooed yet still somewhat enigmatic cloud, with its highly virtualized and outsourced infrastructure, has already delivered some of this modernization by enabling organizations to offload some traffic from today’s predominantly hair-pinned and expensive MPLS-based WANs in favor of direct user access to Internet services. The cloud ecosystem offers other network modernization enablers such as shared service economies of scale, ready-to-leverage network capabilities such as automation, and transport independence (i.e., the ability to use broadband, LTE, Carrier Ethernet and MPLS “lines”).
Software-defined WANs (SD-WANs) could occupy a complementary network management and orchestration role to relieve some of the cost of (and dependence on) today’s rigid and expensive private networks. However, the path to network modernization is not all neatly wrapped and tied in pink ribbons, and uncertainty exists from a security perspective as well. Every time a user, whether stationed at one of your branch offices or remote, accesses the Internet directly he or she is potentially opening Pandora’s Box or letting sensitive data out. MPLS schemes require this sort of risky traffic to first pass through the core network for networking protocol and security application, which is a good thing, but at what cost? Traffic over MPLS lines can be dozens of times the Mbps/month cost versus broadband and the public Internet, so you want to orchestrate traffic in a way that reserves private lines for high-priority traffic and utilizes the public Internet for lower-priority interactions. Although SD-WAN may be ideal for this role and faster enablement of branch office and mobile workers through software-as-a-service, it is not an advanced security solution.
Advanced Security for SD-WAN and Cloud Networks
SD-WAN, which can empower organizations to exercise centralized SaaS control over traffic to and from the cloud and the WAN as a whole, poses some vulnerability issues. Centralized security is more difficult to administer when traffic isn’t backhauled to the data center or network hub, and malicious code and hacker schemes can more easily pass through to your distributed users undetected (north-south traffic).
What’s more, without the intervention of advanced security mechanisms, infections can more easily spread laterally – from user to user, system to system, and office to office (east-west traffic).
If you’re going to capitalize on the potential efficiencies of the cloud and SD-WAN controllers, you must first secure the egressing of traffic directly between the Internet and remote sites as well as protect against lateralization attacks. This can be accomplished through an advanced security solution designed for the cloud, which includes fully integrated next-generation firewall and endpoint protection as-a-service.
Secure Network Modernization Webinar
These and other topics will be explored during a webinar titled, “Avoiding the Security Pitfalls of SD-WAN and Network Modernization,” moderated by Security Now, and presented by Rik Turner, Principal Analyst, Ovum, and Ken Ammon, Chief Strategy Officer, OPAQ.
By attending this webcast, you will:
- Understand the top security vulnerabilities plaguing companies as they modernize their networks
- Learn how critical security vulnerabilities can be easily addressed with security-as-a-service
- Discover how cloud and automation are enabling companies to simplify their ability to modernize their networks and security
Employee Benefits Firm Replaced Hardware and Software with Cloud-Delivered Network Security to Achieve Superior Protection, Performance and ROI
OPAQ, the network security cloud company, today announced that customer Nyhart, a privately held employee benefits and actuary service company, has been recognized with a prestigious 2019 CSO50 Award from IDG’s CSO for its managed security project. Nyhart was selected for replacing its hardware and software security infrastructure with the OPAQ security-as-a-service platform to achieve Fortune-100 grade protection from threats, higher network performance and lower IT operating and management costs.
The annual CSO50 awards recognize a select group of organizations for security projects that have demonstrated outstanding business value and thought leadership. Nyhart will be honored at a special awards dinner on April 10 during the CSO50 Conference + Awards at the Talking Stick Resort in Scottsdale, Arizona. A full list of the CSO50 Award honorees is posted online at: https://bit.ly/2za5PCv.
“Following a series of acquisitions, we recognized the need for more advanced protection against cyber threats than we were able to implement and manage with our in-house resources, so we set out to find an alternative,” said Dave Sherman, CIO of Nyhart. “The OPAQ Cloud has allowed us to replace a complex set of individual products with a single cloud service. As an added benefit, our locations are now connected over OPAQ’s high-speed, encrypted SD-WAN instead of much slower and more expensive MPLS links.”
Nyhart is headquartered in Indianapolis with offices in Chicago, Atlanta, San Diego, Houston, Denver, Kansas City and St. Louis. The company had been growing rapidly, both organically and through acquisitions, and its small IT department was stretched very thin supporting eight offices, with more planned domestically and internationally. A sprawling patchwork of networks, devices, applications and mobile users had become too complex to manage and protect. Nyhart eliminated an array of hardware and software products with OPAQ’s fully automated and orchestrated cloud platform.
“Like most midsize enterprises, Nyhart has limited security resources and expertise,” said Kenneth Ammon, Chief Strategy Officer of OPAQ. “The OPAQ Cloud enables Nyhart to consume Fortune-100 grade protection as a utility so they can invest in growing their business.”
The OPAQ Cloud protects Nyhart with best-of-breed security that includes fully integrated next-generation firewall, endpoint protection, web application firewall and Cloud SIEM capabilities. OPAQ’s fully encrypted SD-WAN also eliminates trade-offs between protection and performance across all of Nyhart’s distributed locations since more than half of the company’s traffic never touches the Internet.
“This year’s class of CSO50 award winners raise the bar on security innovation,” said Amy Bennett, executive editor, CSO. “While delivering business value and demonstrating thought leadership are the metrics on which they are measured, the greater value is in the peer-to-peer sharing of ideas across a range of industries, across company sizes, for-profit and not-for-profit, public and private. The magic really happens on the stage at the CSO50 conference when these projects are brought to life in presentations and panel discussions. It is an honor to give them the recognition they deserve.”
About the CSO50 Awards
The CSO50 Awards recognizes 50 organizations for security projects and initiatives that demonstrate outstanding business value and thought leadership. The CSO50 Awards are scored according to a uniform set of criteria by a panel of judges that includes security leaders and industry experts. The 2019 awards will be presented at the CSO50 Conference + Awards, April 8- 10, 2019, at the Talking Stick Resort, Scottsdale, Arizona.
CSO is the premier content and community resource for security decision-makers leading “business risk management” efforts within their organization. For more than a decade, CSO’s award-winning web site (CSOonline.com), executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Communications, Inc. Company information is available at www.idg.com.
I’m pleased to be writing this post as a member of OPAQ Networks, following the announcement today that FourV Systems has become part of the OPAQ family. Our two companies share a common focus — empowering MSPs and MSSPs with security automation to help them gain greater visibility and control while substantially simplifying the management of their customers’ network and security architecture.
FourV’s patented GreySpark solution provides continuous security metrics, compliance monitoring and reporting. And the OPAQ security-as-a-service platform integrates comprehensive enterprise-grade security capabilities with a private software-defined network backbone. Together, we’re delivering the single most effective and efficient tool that MSPs and MSSPs can use to:
- Identify what security controls should be prioritized;
- Manage and enforce best-of-breed network security controls; and
- Demonstrate and communicate the value of security services to technical and non-technical decision makers
Beyond this natural technology “fit”, several other factors convinced FourV’s management that we could achieve goals more quickly as part of OPAQ.
OPAQ’s platform is built to address a market that we at FourV also believed is both underserved and critically important – the midsize enterprise. These companies often find challenges in applying the personnel and financial resources needed to acquire, deploy, and manage the type of security infrastructure required to properly fend off today’s advanced threats. OPAQ’s cloud platform levels the playing field, packaging their best-of-breed security platform in a way that is accessible for midsize enterprises while also making it simple for service providers to manage.
OPAQ’s leadership team and support teams are also extremely experienced in our space. Glenn Hazard and Ken Ammon certainly ‘get it’ when it comes to the intersection of business and technology needs of service providers and the midsize enterprises they support.
The FourV solution serves as a complementary addition to the OPAQ cloud platform. An assessment of the security operations performance and compliance maturity is often the first step MSPs and MSSPs need to take with their clients in order to provide trusted recommendations to reduce risk and exposure. We could not be happier that we are now a part of an organization whose platform enables those MSPs and MSSPs to meet the needs of their clients by giving them the ability to instantly deploy and manage enterprise grade security.
Want to learn more? See how simple it is to get started with OPAQ.
We’re thrilled to have announced our partnership with Palo Alto Networks, which opens up tremendous opportunities for our MSP, MSSP, and VAR partners to deliver enterprise-grade security-as-a-service from the OPAQ Cloud.
This is a huge deal. This agreement furthers OPAQ’s mission to provide fully integrated networking and enterprise-grade security as a simple, cloud-based service. It means that OPAQ partners are empowered with:
- A subscription model designed to make enterprise-grade security affordable and accessible to midsize enterprises. The traditional approach to security has put enterprise-grade security that midsize enterprises need out of their reach because it’s too costly and complex to manage. The OPAQ Cloud is a game changer – it makes enterprise-grade security accessible and affordable to midsize enterprises. This means new, lucrative revenue opportunities for partners.
- Fortune 100-grade network security that’s known and trusted. The OPAQ Cloud integrates best-of-breed security capabilities that are powered by known, trusted security technologies, such as Palo Alto Networks, and other industry leaders and unique OPAQ intellectual property.
- Cloud network engineered for speed, strength, and flexibility. OPAQ owns and operates its own private network backbone. In addition to integrating best-of-breed security capabilities into the fabric of the platform, OPAQ optimizes the speed and performance of network traffic by leveraging transit and peering relationships with world-class providers.
- Single interface designed for simplified management, compliance, and reporting. The OPAQ 360 portal provides a single pane of glass where all customer security policies and network traffic can be centrally managed and enforced — all without the cost and complexity associated with managing dozens of security products from multiple vendors.
We chose Palo Alto Networks because they are a proven technology leader in next-generation security technologies. Bringing Palo Alto Networks into the OPAQ Cloud makes enterprise-grade network security much more accessible for midsize enterprises and manageable for solution providers supporting midsize enterprises.
For more information on OPAQ’s partnership with Palo Alto Networks, read the press release here.
We are pleased to report that the OPAQ Cloud platform was recently named best (Platinum) Network Security/Enterprise Firewall solution in the 2017 GSN Homeland Security Awards for cybersecurity excellence.
The Awards are hosted by Government Security News (GSN) to recognize excellence and leadership in the Cyber Security and Homeland Security sectors. Winners were selected based on a combination of technological innovation, ability to address a recognized government IT security need, and flexibility to meet both current and future needs. Category winners were ranked with Platinum, Gold and Silver designations.
The OPAQ Cloud is tailored to meet the unique needs of State and Local governments, which face the same sophisticated security threats, like ransomware, as larger federal agencies, but tend to lack the resources and technical experts to adequately protect their networks.
The massive WannaCry cyberattack that infected computers in at least 150 countries several months ago is a good example. In the aftermath, many State IT officials said they often don’t have enough money to effectively fight sophisticated cyber threats. And the scale of that attack made them even more concerned.
Doug Robinson, executive director of the National Association of State Chief Information Officers (NASCIO) went on the record to say: “This is a big wake-up call because it is cyber disruption. States and local government need to address this because it’s a serious threat. We have urged states to take action immediately.”
There are many security products that try to do some really great things for state and local governments. However, many products and management systems are isolated and do not talk to each other.
This is why automation and orchestration are becoming a game-changing necessity for state and local governments. Leveraging automation can help state and local governments effectively detect and respond to threats at speed. This is what the OPAQ Cloud is designed to do — and it’s why we were honored with the GSN Homeland Security Award.
Business executives despise security – it’s often viewed as an impediment to growth and innovation – but they know they need it. On the other hand, IT security professionals thrive on security and an ecosystem of roughly 1,500 security product and services vendors that compete in a Zoolander-like fashion show, puckering up and striking poses every few minutes to show off their latest wares.
What organizations really need is a set of security functionality that works together to reduce the attack surface and reduce risk. This has traditionally been delivered through a multitude of products and services cobbled together with duct tape and fishing line, resulting in a massively complex and costly infrastructure. In addition to the massive costs, this approach continues to fuel the need for impossible-to-find security experts who can manage and maintain the infrastructure.
What more and more organizations are now realizing is that, rather than receiving the needed security functionality through an array of products and services, they can instead receive it from the cloud. Security-as-a-service not only frees up time for IT security professionals to focus on more strategic business initiatives, but it also reduces costs for business executives seeking to maximize every dollar invested in security.
As a result, what we’re seeing is an influx of IT security professionals picking up bolt cutters and snapping the chains of their traditionally product-centric approach to security. This shift is supported by a market study conducted by analyst firm 451 Research, where they sought to gain insight into the challenges and opportunities more than 300 US mid-tier companies face with respect to network security.
What’s Wrong with More Security Products and Services?
Nothing. As long as you have the personnel expertise, budget and time to dedicate to testing, procuring, integrating, refreshing and managing them. According to the study, more than 82% of respondents claimed they devote between 20 to 60 hours per week of in-house staff resources procuring, implementing and managing network security. The average mid-market organization invests an average of $461,000 per year on IT security, and nearly 40 percent of the total budget is spent on network security. These businesses also expect to increase spending on network security by an average of 10.9% over the next 12 months.
The reality is most mid-tier organizations lack the resources to keep up with this approach. Cloud, mobile and IoT adoption are only making this challenge more difficult.
Despite significant investment in network security, 63% of the respondents expressed having little to no visibility and control over all their distributed network, especially mobile devices, remote users, IoT devices and third parties.
According to the study, tackling these challenges are typically between 3-5 employees dedicated to IT security. This handful of employees are spending many hours managing the various traditional IT security products and services required to protect the network. Many organizations also rely heavily on contractors and part-time employees, as well as MSSP providers, which adds complexity to daily coordination efforts.
What’s keeping these organizations from advancing? 62% cited legacy IT. Challenges presented by legacy IT and personnel shortages are forcing organizations to look for new solutions to solve the network security and resource conundrums.
Nirvana: Automation and Centralized Security Control – From the Cloud
IT security professionals are increasingly looking to cloud-based services and new technologies to address business requirements and security challenges. In fact, two-thirds of the respondents indicated that they strongly prefer using a cloud-based security solution from a security-as-a-service provider for managing or co-managing their security. More than 70% of the respondents indicated they prefer security-as-a-service over on-premises or MSSPs.
The urgency around this shift is strong. More than 85% of the respondents in the study indicated that network security-as-a-service is “important” (within 12 months) or “critical” (within three months). Branch office enablement and optimization and threat management were cited as the main priorities for a swift shift to a network security-as-a-service solution.
The common thread between business executives and IT security professionals is that network security remains a significant business priority. The shift to security-as-a-service is not only about fleeing a complex and costly problem. It’s also about making a smart, strategic move to a delivery model that is strong and sustainable.