Curing Social (Media) Anxiety

With or without management’s acknowledgement, workers increasingly rely upon social media platforms such as Facebook, Twitter and now Google+ to build professional relationships, work collaboratively and connect with consumers. Despite their benefits, these applications also introduce a range of security threats — including malware, clickjacking, phishing and spam.

The simple solution is blocking employee access to social media sites. However, there are a number of reasons why that ultimately is not the wisest move.

The truth is that the genie is out of the bottle when it comes to social media. Regardless of corporate policy, consumers will continue to use these sites for communicating, interacting and sharing their experiences and opinions — positive or negative — about any product or service. Blocking employee access denies them access to important avenues for customer connections, market intelligence and recruiting.

“There is ample evidence that blocking access to these applications is counterproductive, but IT managers can’t blindly allow them to run across their networks, either,” said Cindy Burns, Network Engineer, Milestone Systems. “The trick is finding a way to safely enable social applications without compromising security.”

Gaining Control

Through its partnership with Palo Alto Networks, Milestone Systems gives customers the ability to safely explore the benefits of social networking applications. Palo Alto’s next-generation firewalls provide fine-grained control over these applications, allowing organizations to block risky activity on a site without blocking the entire site.

For example, an organization could give its marketing group “read-only” Facebook access for monitoring marketing efforts — without the ability to post personal status updates or comment on friends’ updates. The same organization could give its communications team full use of Facebook, including applications and chat, in order to communicate with journalists, while giving human resources staff complete access for recruiting purposes only during certain hours of the day.

“Our message to IT professionals is ‘Yes, you can.’ Yes, you can safely enable applications like Facebook in your workplace. Yes, you can reap the rewards of social networking while mitigating the risks. Our next-gen firewall is the great enabler of Enterprise 2.0 apps,” said René Bonvanie, vice president of worldwide marketing, Palo Alto Networks.

Traditional firewalls classify traffic by port and protocol, but modern applications are capable of hopping from port to port, using encryption and non-standard ports all as a means of evading traditional firewalls. As a result, more than a third of all network traffic is comprised of hundreds of applications that can evade the controls of conventional security solutions.

“Most organizations have attempted to regain visibility and control over these new applications by enhancing their traditional firewalls with a variety of devices such as intrusion detection and prevention systems, proxies, URL filters, data leak prevention devices and web antivirus devices,” said Burns. “Not only do these devices not solve the problem, they increase complexity and cost.”

A New Approach

Palo Alto Networks firewalls are different because they have been built from the ground up during the Enterprise 2.0 era. Because they begin with an entirely original approach, they aren’t merely trying to retrofit old technology with new fixes.

“Palo Alto Networks has fixed the problems associated with traditional firewalls by combining three identification technologies that provide visibility and control over applications, users and content, Burns said. “App-ID identifies exactly which applications are running on the network, as well as the associated risks, so administrators can deploy comprehensive application usage control policies for inbound and outbound traffic. User-ID integrates with enterprise directory services to link network activity to users and groups—not just IP addresses—for application visibility, policy creation, logging and reporting. Content-ID combines a real-time threat prevention engine with a comprehensive URL database to detect and block a wide range of threats, limit unauthorized transfer of files and data, and control non-work-related web surfing.

This technology runs on a high-performance, purpose-built platform based on Palo Alto Networks' Single-Pass Parallel Processing (SP3) Architecture, which enables high-throughput, low-latency network security, even while incorporating unprecedented features and technology. As a packet is processed, networking functions, policy lookup, application identification and decoding, and signature matching for any and all threats and content are all performed just once. This significantly reduces the amount of processing overhead required to perform multiple functions in one security device.

In addition, these firewalls use parallel processing hardware to ensure that the Single Pass software runs fast. Separate data and control planes means that heavy utilization of one won’t negatively impact the other

“We recognize the need to enable social networking applications for business opportunities while limiting their functionality for those who would use them primarily for personal reasons,” said Burns. “With the kind of granular control delivered by Palo Alto Networks’ next-generation firewalls , IT security managers are better equipped to prevent leaks of corporate data, improve worker productivity, and reduce security threats such as malware and viruses that increasingly use Facebook and other applications to invade the enterprise.”

When you're ready to talk about enabling social networking safely, call Milestone Systems: 877-771-9510