You are here: Home » Archives for January 2012

The First Step to Network Security

In our years of experience providing high quality perimeter protection and web security services, we at Digital Scepter have given businesses of all sizes the insight and expertise they require to navigate the complex – and often dangerous – arena of network security. Whether you hope to combat the threats of malicious attacks or employee misuse, and whether you use firewall hardware to mitigate incoming traffic or control access to applications and services, keeping your network secure is possibly the single most important task for any network administrator – and as 2012 gets underway, now is the right time to fully examine your existing security setup.

It can be difficult for organizations to know where to begin when it comes to improving their network security. How do you choose the right kind of perimeter protection solution for your unique business needs? Where should you focus your budget and attention to improve security dramatically, at a cost that makes sense for you? Learning which technology and policies you need to implement on your network is a process that begins with accurately assessing your existing network infrastructure.

At Digital Scepter, we encourage every organization to have a detailed breakdown of their network. Across hardware and software, creating an asset list is the first step in better understanding the security needs of your network, what you are doing to meet these demands, and how you can improve your network to keep your mission-critical or confidential data safe.

Read more

Posted by youngcopy | Filed Under Network Security 

Digital Scepter Becomes a Palo Alto Networks Platinum Level Partner

For anybody who is involved in the complex world of IT or network administration, keeping up with the latest and most revolutionary technology is incredibly important. In network security and perimeter protection, threats such as malware become increasingly sophisticated, and the methods by which your users circumvent your acceptable use policies become even more difficult to detect. The only way to keep your network security current is to implement the most recent advances in firewall and access policy devices.

Palo Alto Networks next-generation firewalls are specifically designed to correct the inadequacies of more traditional port protocol firewalls in combating the latest security threats. While a conventional firewall allows security rules to be established based on port number alone, PAN perimeter protection facilitates true granular control. Using unique technologies called App-ID, User-ID, and Content-ID, Palo Alto Networks firewalls accurately identify which applications are being used on your network, who is using them, and the specific data that is being transferred. Armed with this information, your organization is better placed to win the war against malware and network misuse.

At Digital Scepter, we quickly identified hardware from Palo Alto Networks as being the future of the firewall, and invested our resources into becoming a leading provider of Palo Alto Networks firewall devices. Now, as a result of our longstanding relationship with Palo Alto Networks, we are proud to announce that we have become a certified Palo Alto Networks Platinum Level Partner, marking our ongoing commitment to delivering the best network security in the marketplace.

Read more

Posted by youngcopy | Filed Under Palo Alto Networks Platinum Partner 

Securing Your Data Center with a Next-Generation Palo Alto Networks Firewall

Whether you are in control of an enterprise data center that keeps your employees connected and productive, or you run an Internet-facing data center that supplies remote functionality to hosted users, one thing is consistently true: your business is at constant risk. The movement of traffic into, out of, and throughout your network poses the immediate threats of misuse and malicious attack; therefore, monitoring and controlling your network data with the best firewall protection available should be at the forefront of your network design priorities.

With network technology advancing at such an astonishing rate, keeping your business protected against the latest dangers can feel like an overwhelming, time-consuming, and often confusing process. In the past ten or so years, the number of counterproductive ways for employees to spend their time online has dramatically increased, with the dawn of social media and browser-based entertainment marking a downturn in workplace productivity. Online trends have also had a significant impact on Internet-facing data centers, where hosted accounts have more sophisticated ways to breach acceptable usage policies.

In this article, we discuss how the more traditional port protocol firewall device is no longer able to keep up with the recent trends in Internet use, and how – for dependable protection – the Palo Alto Networks (PAN) next-generation firewall provides the robust security your network requires. We also explore how the advanced technology within a next-generation perimeter protection device can help keep your business connected, available, and productive at all times.

Read more

Posted by youngcopy | Filed Under Palo Alto Next-Generation Firewall, Resource Center 

Application Visibility and Control

Do you know with certainty what applications your users are running on the network? Just because your firewall is only allowing, say, ports 80, 443, and 53 doesn’t guarantee that only web browsing, secure web browsing, and DNS query traffic is passing thru your firewall!

Did you know that:

  1. Instead of establishing new server port numbers, legitimate applications are now designed to run over standard, commonly allowed ports. For example, Dropbox uses ports 443 and/or 80 to allow users to upload and download files to their cloud-based storage service. Do you know with certainty that your employees aren’t uploading sensitive corporate data to Dropbox?
  2. Many applications are designed to dynamically probe your firewall to find an open port. For example, each time Skype starts running it probes your firewall to see what ports are open and then communicates over this port. If you then close the first port Skype picks, Skype will then move on to the next open port. It is impossible for a traditional firewall to block Skype unless you close every port on your firewall!
  3. Malware often communicates over ports 80, 443, and 53. For example, Conficker relies on port 80. (Source)

Traditional stateful-inspection firewalls will permit all the aforementioned traffic, both legitimate and malicious, because stateful-inspection firewalls only make decisions based upon port numbers and session state – they are not capable of looking at the application layer data which is needed to identify the true application.

The bottom line is this:

Do you really know what applications are running on your network?

And if not, how can you be sure that malicious, tunneled communication isn’t occuring on allowed ports?

Many firewall vendors claim to identify networked applications, however their solutions include a ‘bolt-on’ approach that is not only complex to manage and dramatically reduces throughput, but they simply are not effective in correctly identifying the applications. Digital Scepter can demonstrate true application visibility and control using a Palo Alto Networks next generation firewall which correctly identifies the applications which are passing traffic, regardless of protocol, port, or evasive tactic. In addition, a Palo Alto Network firewall can even identify applications running inside encrypted SSL tunnels. And once you can identify the application, you have the power to either permit or deny this traffic or you could rate-limit it.

Correctly knowing all the applications would be the first step in creating a positive security model, where you permit only known, desired applications and deny everything else. Using a positive security model implemented on a Palo Alto Networks next generation firewall dramatically reduces risk because malware and other risk-inherent applications would not be permitted, even if they communicate over permitted ports. In addition, zero day malware would be blocked as well since it would not be identified as an allowed application.

Contact Digital Scepter today and let us help you identify and secure your networked applications with a Palo Alto Networks firewall!

Posted by admin | Filed Under Palo Alto Networks, Solutions 

Palo Alto Networks HealthCheck

What is a health check?

Digital Scepter’s certified network security engineers are Palo Alto Networks experts. They will access your firewall via a secure remote connection to tune and verify your firewall settings to assure you that the devices are updated, configured correctly and giving you the return on your investment that you need. It’s also a good time to consider new design options for your network in the future.

Benefits

  • Fix issues before they turn into problems
  • Proactive analysis of firewall policies, log files and settings.
  • Reduce management costs and put time back into your day
  • Ensure settings and policies are compliant with the latest best practices and threat signatures.

HealthCheck program includes:

  • Analysis of firewall settings and policies to trojans, phone-home and other attacks
  • Software ands subscription update settings and verification
  • Review of HA configurations and perform scheduled testing
  • Check and report on firewall traffic statistics for growth planning
  • Check and report on VPN and Global Protect
  • Evaluate security, captive portal and QOS rulesets
  • Evaluate and adjust URL filtering profiles
  • Deliver system reports of application use, URL categories and threats found
  • Recommend actions based on findings

Subscriptions

Available one-time, monthly or quarterly.

Posted by admin | Filed Under Palo Alto Networks, Services 

Securing BYOD

We are seeing a rapid proliferation of employee-owned mobile devices such as smartphones, tablets, and of course, laptops. Many of these employees are demanding that their devices be allowed onto the corporate network via wireless connectivity – whether it be simply for web browsing and checking email or to access work-related corporate applications and/or data. This is so common now that a term has been coined: ‘bring your own device’ or BYOD.

These issues need to be addressed when implementing a BYOD network:

Cost/Benefit Analysis Because your employees simply demand access to network resources using their personal devices isn’t a good enough reason to do allow it. What are the real benefits, and can you place a dollar figure on them? Will higher productivity result? Can the company save capital costs by not having to buy mobile devices for their employees? How much will it cost to support these mobile users, including product solutions you may buy?

Risk Awareness What happens when a smartphone with malware connects to your corporate network? Or an employee stores sensitive corporate data on their tablet and then the tablet gets lost or stolen? Or a competitor sits in your parking lot and tries to gain access via your wireless network? What if an employee maintains a home backup copy of their smartphone containing corporate data and then leaves the company? Does IT and upper management buy off on the additional risks posed by a BYOD network? Compliance, Rules, and Regulations. Is your organization under strict compliance and/or regulation regarding electronic data and transactions? Are mobile devices specifically addressed in these requirements? If not, how do you insure that your BYOD solution still satisfies a governance audit?

Network Achitecture If not properly implemented you could find that adding mobile devices will result in a ‘dissolving network perimeter’. How will you adapt your network architecture and defenses? Do you segment mobile users to a particular VLAN/subnet and apply additional security controls? Which devices are capable of encrypting data in transit thru a VPN? Device security controls. Addressing the network architecture is only one component of securing a BYOD network – you also need to secure the devices themselves. Do you require device encryption, endpoint health checking (e.g. Anti-virus), user and/or device authentication? Do you need to have remote control over the device such as removing/installing applications, monitoring running applications, or even terminating an application in real-time ?

Segmentation How will you handle scenarios where users have personal data and then they attempt to store corporate data on the same personal device? Do your IT policy (or compliance requirements) require these two types of data to be segmented? If so, do you have the ability to do a selective remote wipe of just the corporate data compartment?

Guest/Partner Access Does it make sense to allow business partners access to this BYOD network? If so, how are they authenticated? Do you need to provide guest access? What are the provisioning steps for business partners and/or guests?

Policy The allowed devices, device operating systems, users, applications, and access to corporate data need to be cleared spelled out and communicated to employees. What are the consequences for users who disobey the policy? Employees must agree to the policy in writing BEFORE being allowed on the BYOD network.

User education How will users be informed of the additional risks inherently present, as well as best practices to mitigate these risks?

Rollout How do you push out an agent or a certificate if the chosen security solution requires it? Are certain devices/user groups supported first?

Monitoring How do you best verify that legitimate users are accessing legitimate corporate resources using BYOD devices? Are you taking inventory of both authorized and unauthorized devices found on your BYOD network?

Incident Response No system is 100% secure, so there will be incidents no matter how effective the security prevention program is. What will be the response when a security incident happens on a BYOD device – will it differ from the response of a corporate-owned device on the wired network?

Digital Scepter has cost-effective solutions to address these issues, including network access control (NAC) and mobile device management (MDM) solutions. In addition, we recommend implementing a next-generation firewall such as Palo Alto Networks to provide complementary security to these BYOD solutions. Each organization’s situation is unique, so contact Digital Scepter today and let us help you secure BYOD!

Posted by admin | Filed Under BYOD, Solutions 

Digital Scepter Achieves Palo Alto Networks Platinum Partner Status

Leading network security specialist Digital Scepter becomes a Platinum level partner in the design and deployment of Palo Alto Networks enterprise firewall solutions.

Murrieta, CA (PRESS RELEASE) December 6, 2011 – Digital Scepter, a boutique security integrator with a focus on offering quality network perimeter security systems, announced today that it has attained Platinum Partner status with next-generation firewall provider Palo Alto Networks. Awarded to partners who facilitate significant sales and demonstrate extensive expertise, this new recognition identifies Digital Scepter as an authority on the provision of all Palo Alto Networks solutions.

“This level of partnership with marks the next step in our ongoing relationship,” says Jon Robinson, Director at Digital Scepter. “Everybody at Digital Scepter firmly believes that Palo Alto Networks offers the best firewall solution, and that’s why we find ourselves recommending these products time and time again to our enterprise customers. People come to us for expertise and we knew very early on that Palo Alto Networks next-generation firewall solutions were set to change the face of firewall protection.”

Palo Alto Networks has fixed the problems associated with traditional firewalls by combining three identification technologies that provide visibility and control over applications, users, and content. App-ID identifies exactly which applications are running on the network, as well as the associated risks, so administrators can deploy comprehensive application usage control policies for inbound and outbound traffic. User-ID integrates with enterprise directory services to link network activity to users and groups—not just IP addresses—for application visibility, policy creation, logging and reporting. Content-ID combines a real-time threat prevention engine with a comprehensive URL database to detect and block a wide range of threats, limit unauthorized transfer of files and data, and control non-work related Web surfing.

Digital Scepter’s new status as a Palo Alto Networks Platinum Partner marks the most recent step in an ongoing process of growth based on gaining expertise in how best to use Palo Alto Networks next-generation firewalls. Digital Scepter has previously attained Accredited Configuration Engineer (ACE) status from Palo Alto Networks, certifying that the company has the relevant experience and expertise to implement any Palo Alto Networks solution. In addition, Digital Scepter currently holds Certified Network Security Engineer (CNSE) status, signifying the company’s deep, insightful understanding of the full Palo Alto Networks firewall range and making it a popular choice for consultancy and advice on the best firewall network design.

“Digital Scepter can provide customers with an overall, comprehensive service, and we have the certification to prove that we can do that every time,” says Robinson. “We have invested extensive resources into Palo Alto Networks protection, because we are completely confident that this is the firewall of the future. We are committed to giving our customers the highest quality products available, and as a result we continue to be committed to Palo Alto Networks firewalls.”

Digital Scepter has grown to become a leading reseller of perimeter protection technology because the company understands the threats of the technology world and is able to identify the best products to resolve these concerns. As a new Palo Alto Networks Platinum Partner, Digital Scepter is uniquely placed to remain a driving force behind the adoption of next-generation firewalls.

Customers who are interested in learning more about Digital Scepter’s range of quality network security solutions should visit digitalscepter.com for more details.

About Digital Scepter

Founded in 2007, Digital Scepter is a leading California based value added reseller (VAR) of network security systems including next generation firewall protection, web security systems, and intrusion prevention systems (IPS). Digital Scepter has extensive and authoritative understanding of the many threats facing businesses or institutions who connect to the Internet, and offer a range of services designed to identify security concerns and implement robust, dependable solutions. This is achieved through services including an Application Visibility Report and penetration testing, after which a suitable solution can be designed and implemented including products from leading vendors such as Palo Alto Networks, Zscaler, Tanium, Solutionary, and Trend Micro.

For more information about Digital Scepter, visit www.digitalscepter.com.

Media Contact:

Dave Young

Digital Scepter (Press: Young Copy)

1-678-500-9550

dave [at] youngcopy.com

Posted by youngcopy | Filed Under Press Releases 

How Windes & McClaughry Uses Zscaler For Productivity And Security

Providing business of all sizes with accurate and informative accountancy and consultancy services, Windes & McClaughry Accountancy Corporation handles sensitive data that needs robust protection against malware. Like many companies, Windes & McClaughry also depends on reliable access control software to enforce usage policies within the workplace.

The Diagnosis:
“When we began to search for a reliable, reputable web traffic security service, Zscaler was near the top of the list,” says Norm DuBow, Director of Information Services at Windes & McClaughry. “We did consider some other alternatives, but Zscaler was by far the best tool for the job. It is testament to the quality of service offered by Digital Scepter that Zscaler recommended the company specifically to discuss what we needed to put in place.”
“We have always enjoyed a close relationship with Zscaler,” adds Jon Robinson, Director of Digital Scepter. “We have a deep understanding of the most appropriate ways to deploy this kind of solution and are always happy to get involved in advising end-users on how to proceed.”
Designing The Solution :
“We did have a few technical and implementation concerns,” says Windes & McClaughry’s DuBow. “But Jon and Doug at Digital Scepter were responsive, helpful, knowledgeable and able to provide straight answers to our questions. That just left us with the issue of pricing.”
Since Windes & McClaughry was moving from another web security system to Zscaler, there was a need to discuss customized payment terms to avoid paying for both services at once. The team at Digital Scepter was more than happy to help.
“We pride ourselves on flexibility and came up with some payment terms that worked for Norm,” adds Digital Scepter’s Robinson. “From diagnosis to design, from implementation to payment, we are always determined to create a solution that really works for our customers.”
Execution and Implementation:
By choosing a reliable Zscaler solution designed and implemented by Digital Scepter, Windes & McClaughry is safe to do business without the threat of malware through employee misuse of IT equipment.

“From start to end, Digital Scepter was genuinely interested in addressing our concerns,” says DuBow from Windes & McClaughry. “We received top-notch service from friendly, personable guys, who only offer well-chosen, quality solutions, set up on time and without any delays. Most importantly, we ultimately got a product that works well and does what we need it to.”

The Future:
With Zscaler now fully operational at Windes & McClaughry, Digital Scepter’s Jon Robinson remains in regular contact with the firm and is ready to help should any further issues arise.
“Things have been great since Digital Scepter’s services were implemented,” says DuBow from Windes & McClaughry. “Jon keeps in touch with us and it’s great to feel that should we need any more help with Zscaler – or any new information security advice – Digital Scepter is only a phone call away.”
To tackle your company’s information security challenges, contact Digital Scepter today by visiting digitalscepter.com or calling (888) 299-3718.

Posted by youngcopy | Filed Under Case Studies 

Making Sonoma County Office of Education More Secure With Palo Alto Networks

Helping 177 schools across Sonoma County to function cost-effectively while maintaining a focus on outstanding academic achievement, the Sonoma County Office of Education (SCOE) depends on its IT infrastructure at all times. Digital Scepter provides SCOE with the robust security and access control technology it requires in order to remain accessible to schools across 40 districts.

The Diagnosis:
“We always begin with a diagnostic session,” explains Jon Robinson, Director of Digital Scepter. “Our extensive experience with school districts told us there were two distinct goals that seemed clear from the start – implementing dependable security to protect against threats, and enforcing application control to meet with acceptable use policies.”
Designing The Solution:
“The Palo Alto Networks Application Firewall (PAN) was already on my radar,” says Dan Exelby, Technology Consultant at the Sonoma County Office of Education. “But Jon and the team at Digital Scepter were very supportive of my situation and enthusiastic about PAN.”
Naturally, SCOE’s next step was to look at competing quotes from companies that could supply similar solutions.
“We did look for competing quotes,” adds Exelby from SCOE. “But Digital Scepter gave us high-level advice on deployment at the best price I could find on PAN equipment.”
Execution and Implementation:
With the Palo Alto Networks Next-Generation Firewall decided on as the ideal method to combat security threats and control application use in this scenario, Digital Scepter drew upon years of experience to deploy the PAN solution at speed.
“PAN was quickly deployed as an inline security device behind our existing Cisco ASA firewalls,” says SCOE’s Exelby. “We were so pleased with our Palo Alto device acting as a threat prevention box behind our firewall that we have now replaced the firewall itself with Palo Alto hardware, simplifying the chain of connections out to the Internet. Digital Scepter helped us to implement this solution and recommended a consulting company to assist with the transition.”
The Future:
Today, SCOE runs a high-availability pair of PAN devices in active-passive mode, meaning that one device runs as a more advanced, “active” firewall, while the other runs in a broader, “passive” state. With the help of Digital Scepter, SCOE hopes to make its security even more robust over the next five years.
“In a year, we are hoping to make the switch to an active-active pair of devices, helping us to balance the traffic more effectively and improve overall performance,” says SCOE’s Exelby. “Digital Scepter will have a vital role to play in that process. Then, five years from now, we will be moving to the larger Palto Alto 5000 series hardware. We have big plans for our information security moving forward, and Digital Scepter gives us the confidence and additional support to make this a possibility.”
For your own information security needs, contact Digital Scepter by visiting digitalscepter.com or by calling (888) 299-3718.

Posted by youngcopy | Filed Under Case Studies