White Paper

Internet Gateway Security:

A state of the nation 2014

Executive Summary

0121 248 7931

www.icomm.co.uk

Icomm Technologies Limited 45-55 Camden Street, Birmingham, B1 3BP.

[4283/FIREWALLWP/20140814/LH]

With cyber attack methods growing increasingly

sophisticated many traditional internet gateway
solutions are no longer fit for purpose. This
whitepaper reveals just how many organisations
are leaving themselves vulnerable to cyber
criminality by keeping hold of their legacy firewall.
We also examine how modern gateway security is
providing an appropriate defence to these more
complex threats and discuss what organisations
should consider when refreshing this technology.

White Paper

Internet Gateway Security: A state of the nation 2014

Introduction
Barely a week goes by without the media reporting a new cyber threat which is capable
of causing havoc. There are constant warnings of various forms of sophisticated malware
which have already infected thousands of computers across the UK. GameOver Zeus,
Cryptolocker and Shylock are just a few to hit the headlines this year.

Many organisations are not

upgrading their firewalls

Once networks are infected, these types of malware can give cybercriminals the ability
to steal corporate, personal or financial details, encrypt files and hold them for ransom or
extort money from companies through denial of service (DoS) attacks.
The exact nature of the threats detailed in these media reports may change but the
accompanying quote from a relevant security expert is always the same, in order to
protect yourself, keep your security defences up to date. The three core pillars of
those defences include end point protection, gateway defence and software
patch updates.

of SMBs lack
knowledge of
firewall refresh
cycles

Companies may be updating their client anti-virus and are regularly patching software,
but the Icomm Technologies Survey 2014 has revealed too many organisations are failing
to address the final pillar by not upgrading their firewalls as part of their internet
gateway security.
In recent years cybercriminals have evolved their tactics in order to evade detection by
traditional firewall defences. Yet in many cases, the companies they target have not all
kept pace with this and some are still relying on legacy solutions which are no longer fit
for purpose.
These organisations now need a next generation firewall which has the capability to
go deeper and inspect all traffic, regardless of the port and protocol. A modern firewall
solution can inspect even encrypted traffic and detect those threats.
Next generation firewalls are now also protecting businesses against the potential
security impact of modern technology trends, such as the consumerisation of IT and cloud
computing. These solutions can also provide granular control over website and application
usage, to ensure bandwidth is always available for the most critical business functions.

Approximately

782,240
UK businesses are at risk with old or
untested firewall technology

one sixth

of companies
have never tested their firewall

Icomm Technologies Limited

45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk

White Paper

Internet Gateway Security: A state of the nation 2014

Next generation firewall: an imperative

It is a disturbing fact that the methods deployed by cyber criminality will continue to
become more sophisticated. As a result, no one is 100% safe from attack.
Even the biggest technology firms such as Microsoft, Apple and Facebook - who you
would think could adequately defend themselves - have admitted to breaches.
From a financial and reputational perspective, the consequences of these attacks can be
huge. In one of the largest global incidents to date, US retail giant Target saw the personal
and financial details of up to 110 million customers compromised.

A firewall older
than 3 years is
not fit for purpose

It is not just large companies being targeted, however. Research, by security firm
Symantec, has shown that 30% of all global cyber attacks are actually aimed at small
businesses - where defences are perceived to be weaker. Smaller targets may be less
lucrative to cybercriminals but it requires less effort to attack several soft targets than one
which is large and well protected.

The security solution

The persistence of the threat, coupled with the increased complexity of these attacks,
has meant modern firewalls are now required to do much more than simply check where
traffic is coming from and going to. Cybercriminals have now found ways to con and trick
their way around these traditional defences.
What is needed is deep packet inspection and that is what a next generation firewall
provides - it digs further down to check for a virus or an intrusion, said Mark Lomas, IT
consultant at Icomm Technologies.

No one is

100%

safe from attack.

If you have not refreshed your firewall within the last three years the chances are that you
are using a legacy firewall which is no longer fit for purpose.
In response to these evolving threats, security firms have rolled out firewalls in the last
few years which offer a more advanced defence. As cybercriminals are now capable of
smuggling malware passed traditional firewalls by burying it within encrypted traffic,
these solutions now provide SSL decryption and inspection.
Today, up to 35% of enterprise traffic is secured using the Secure Sockets Layer (SSL)
protocol. Cybercriminals know this, and they have begun to use SSL to hide their attacks.
Organisations which are still relying on legacy firewalls with no or limited SSL Inspection
capabilities can be compromised, said Florian Malecki, International Product Marketing
Director at Dell Security.

30%
small
BUSINESSES

of all global cyber attacks

are aimed at

Icomm Technologies Limited

45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk

Internet Gateway Security: A state of the nation 2014

White Paper

Case Study
One potential consequence of
sticking with your legacy firewall
Icomm Technologies was privy to a damaging cyber attack on a small
business, which had been taking an if its not broke, dont fix it approach
to firewalls. With a legacy solution in place, which was incapable of deep
packet inspection, the companys defences proved ineffectual against the
attack. The company later approached Icomm for help.
The business found itself at the mercy of an aggressive hacker who
encrypted vital files and promised to expose sensitive information to the
companys entire email contact book unless 500 was paid into a specified
bank account.
A word file left on the business owners computer read, You have been
hacked. Inside a menacing message threatened: I do not require to do
much more work on my part to ruin you.
The hacker, who was clearly well practised in this form of extortion,
cheekily demanded that the business quote a reference number when
making their payment.
This situation could have been avoided if the business had upgraded to a
next generation firewall beforehand.

29

have no plans to, or

claim they will never,
update their firewall

Icomm Technologies Limited

45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk

Internet Gateway Security: A state of the nation 2014

White Paper

Too many still at risk

As more high profile cyber attack incidents have hit the headlines, there has been a
dawning realisation within organisations that they really need to take cyber security
seriously.
The Icomm Technologies Internet Gateway Security Survey, which was conducted with
more than 500 IT executives within small and medium sized businesses (SMBs) in the UK,
revealed that most have taken action by refreshing their firewall.
The study showed that 61% firms have upgraded their firewall protection within the last
30 months - 41% have done so within the last 18 months. However, the results also reveal
that many organisations are still relying on traditional solutions.

one
in six
SMBs have never

tested their firewall

The survey found 14% of organisations have not, or are unsure whether they have,
upgraded their firewall since 2009. This means one in every seven SMBs in the UK is likely
to have inadequate protection against the attack methods currently being deployed by
cyber criminals.

Testing
It is one thing to deploy a next generation firewall but it is another checking the solution
is actually doing its job. It is recommended that companies check their firewall with
penetration testing at least once a year on average. For companies storing sensitive
information, such as their customers personal or financial details, this might take place
quarterly.
A lot of people seem to think because they have a firewall they are fully protected when
they might not have the right policies in place. Penetration testing is important to ensure
everything is working as it should, said Malecki.

one seven

in
SMBs have inadequate protection

As Verizons recent Data Breach survey has shown, when a business is compromised it can
be a long time before that is discovered and quite often it is the third parties doing these
penetration tests that are the ones who are finding these breaches.
The Icomm survey found that more than three quarters (77%) of SMBs do carry out a
penetration test at least once a year - almost half (48%) test twice a year or even more
frequently. However, the study found that a worrying 16% have never tested their
firewall. This means that nearly one in every six SMBs in the UK has no way of knowing
whether their firewall is working or not.

penetration tests should

happen at least once a year

Icomm Technologies Limited

45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk

Internet Gateway Security: A state of the nation 2014

White Paper

The refresh cycle

Like any element of the IT infrastructure, the firewall protecting an organisations network
should be refreshed periodically. Companies are advised to upgrade their firewall every
three to five years on average - as they would their servers.
This refresh is not just to ensure the solution in place is offering an adequate defence
against evolving threats, it is also about protecting performance. If a company is growing,
the organisation needs a firewall that can handle increased traffic and prevent bottlenecks.
The Icomm survey revealed the majority of firms acknowledge the need for this refresh
and have plans to carry this out within the next five years. The research did reveal,
however, that nearly a third (29%) say they have no plans to, or will never, upgrade their
firewall.
When asked how often they believed they should refresh their firewall, a quarter (25%) of
respondents replied at the end of its life.
Lomas said: It would be interesting to know when someone thinks their firewall is broken,
as its not a case of checking whether the lights are on.

Many refresh
their firewall
every five years

If you have a traditional firewall it will not be protecting you in the same way it was when
you bought it - so in my eyes it is already broken.

think a firewall doesnt

need refreshing

Icomm Technologies Limited

45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk

Internet Gateway Security: A state of the nation 2014

White Paper

What to consider when upgrading your Firewall

It is not unusual for businesses to acquire their firewall solution as an add-on, when buying
another solution. This one stop shop approach when procuring one of the key pillars in an
organisations security defences is questionable.
The level of integration a firewall needs with other elements of the IT infrastructure is
limited. Therefore, the purchasing decision should be independent to any other form of
procurement. Organisations are free to deploy a best of breed solution which offers the
deep packet inspection, with decryption and anti-evasion technology, mentioned above.

have no plans to
upgrade at all

Lomas said: We would always advocate a consultancy led approach to firewalls as some
vendors do offer a greater depth of solution than others. For some, security is their main
focus but there are others which are just filling out their portfolios.

Protecting productivity
Organisations should also consider technology trends, such as the consumerisation of IT
and cloud computing, which can impact on internet bandwidth. Next generation firewalls
are capable of protecting an organisations bandwidth performance by providing a
granular level of control.
This allows organisations to manage behaviour on certain websites or applications
and specify which teams or individuals are given access. For example, the marketing
department may be given permission to promote the business on consumer websites
such as Facebook and YouTube but at the same time a next generation firewall can curtail
any excessive video streaming or gaming on these platforms.
At times when there is excessive demand placed on the internet, a next generation firewall
can also take action to protect vital cloud applications and reduce the bandwidth available
to non-essential functions.
Malecki explains: If an England football game is on, some companies will be happy to let
their staff stream this but if this affected bandwidth it could prevent access to essential
applications such as Salesforce.com or another CRM system. A next generation firewall
will, however, allow you to reserve a percentage of the bandwidth for critical applications
to ensure the business remains productive at these times.

Icomm Technologies Limited

45-55 Camden Street,
Birmingham, B1 3BP.
0121 248 7931
www.icomm.co.uk

White Paper

Internet Gateway Security: A state of the nation 2014

Conclusion
Firewall manufacturers have been forced into taking some great strides forward in recent years, in response to
the nefarious activities of cybercriminals. But with approximately one in seven SMBs still likely to be deploying
traditional solutions, it is clear many organisations are still leaving themselves vulnerable to attack.
Furthermore, as IT consumerisation and cloud computing threaten to impact on crucial functionality, businesses
could well be losing competitive advantage by not deploying next generation solutions which protect
productivity.
With cyber attacks and internet usage both destined to grow rapidly in the coming years, the third of
businesses who have no plans to upgrade their firewall will also need to rethink their approach. Otherwise their
performance will suffer, or worse still they could leave themselves at the mercy of increasingly sophisticated
cybercriminals.

For further information and support on refreshing, testing and upgrading your
firewall, please get in touch with Icomm Technologies on 0121 248 7931 or at
www.icomm.co.uk

0121 248 7931

www.icomm.co.uk

Icomm Technologies Limited 45-55 Camden Street, Birmingham, B1 3BP.