Feature Story

More feature stories by year:


Return to: 2012 Feature Stories


Jan. 3, 2012: Credit Union tech-talk

Compliant and InfoSecurity Applying the Right Resources

Most organizations make security a subset of compliance and focus most if not all their resources towards compliance. There are good and bad aspects about this. The bad aspects are related to the fact that security will most likely make you compli- ant, whereas compliance will not necessarily make you secure. Far too many companies, including many CUs, focus on com- pliance as a way to achieve security, and that is utterly wrong. Security is important; CUs need to stop worrying about com- pliance alone, and to make security a consequence of compliance, and finally start thinking in the opposite direction. If you tighten your security, you will be compliant! After all, that's all that your auditors are asking - be safe and protect your data!

I run into the question of whether organizations can implement security measures and systems in ways that actually enhance productivity with my clients on a daily basis, mostly with the web policy configuration. Because of fear, because of auditors' recommendations, because they want to keep their users from spending too much personal time on the Internet, they tight- en the web browsing so much that some necessary websites end up not working well, and they spend time troubleshooting why, and this strikes against the very thing they are trying to increase - productivity. Too often web filtering is seen only as a productivity enhancement tool, whereas it should be seen also and probably mainly as another tool in the arsenal for the fight against malware. Many very legitimate websites, which might be needed for productive work, are hosted on infrastructure servers such as akamai or aws and blocking those means causing yourself a lot of pain when the time comes that you need to actually legitimately access them.

Though I can't speak about enhancing productivity, I can cer- tainly make the case in favor of not hindering it. Though the topic of security versus productivity is always a difficult one, it is necessary to strike a balance. We in the security busi- ness tend to over-control. We need to learn that sometimes relaxing the noose may not cause any harm and may go a long way in increasing productivity and changing the users' perception of security more towards a much needed tool to protect their computers than an unwanted evil to be bypassed every time no one is watching!

Many credit unions simply do not have the time, manpower or expertise to tackle either their compliance concerns or maintaining their security infrastructure. At Network Box, we help by offering them the only UTM on the market that comes fully managed out of the box. Our security is structured in 3 layers - the Security Operations Center, where we monitor all our appliances globally to create real time signatures that are then PUSHed to the boxes within 45 seconds to reduce the time of possible exposure to the industry absolute minimum; the NOC, where we take care of the customer boxes by updating them, configuring them, ensuring everything is always running smoothly, and in conjunction with the SOC, ensuring the protection for our customers is always at top level; and finally the appliance, physical or virtual, sitting at the customer premises or in the cloud, doing the actual job of protecting the customer's network.

A NWB appliance features firewall, 2 inline IPSs, 3 tradition- al AVs and 1 real time AV (Z-Scan), 3 web filtering databas- es, proxy, QoS, and many, many other features which put the customer extremely close to complete compliance at the gateway. Add to this the monitoring, management, and all the other services we offer, and you get a solution that truly puts our customers in a strong security posture within the most stringent parameters of compliance.

Return to: 2012 Feature Stories