Q: With today’s evolving cyber threats, my IT service company is trying to offer our customers more proactive security measures beyond anti-malware and anti-spam filters. To really protect our customers, we want to offer a more sophisticated firewall solution. Once we choose a solution, how should we determine what policies we need to create for our SMBs?
Offering new solutions to protect customers from today’s evolving cyber threats is a smart way to both safeguard their business-critical data and grow your business. While every SMB may require different policies within their organization, there are certainly a few policies you can standardize on.
To help you determine which policies to put in place for your SMBs, we consulted Mark Ballegeer one of the systems engineers at Barracuda MSP. Based on his extensive background in and knowledge of firewalls, Mark offered these tips on how to easily define policies within your customers’ businesses.
Good security policies can prevent holes in the network
The first thing that you want to think about when you’re developing any sort of network security is establishing security policies. A security policy is a list of guidelines that are agreed upon within the organization about what is acceptable traffic and what unacceptable traffic looks like. Talk to your SMB customer, and figure out what they want the network rules to be for the organization. For example, your client might want to restrict access to YouTube, Netflix, or social media — however their business team might need to access peer-to peer applications like Skype, Slack, or file sharing services like Google Drive. Once restricted sites and policies are agreed upon, you can use your firewall to make those implementations.
Good grouping policies will take some of the complexity and confusion out of management, and allow administrators to more easily implement appropriate #security measures.
When implementing your security policies, you want to make sure all users are grouped appropriately and all access rights are at the proper levels. This typically depends on the organization. This could be done by department, such as finance, marketing, or it could also be done by geography if different countries or regions have different security requirements. Good grouping policies will take some of the complexity and confusion out of management, and allow administrators to more easily implement appropriate security measures. You don’t want any holes in your network that people can wiggle around in or that could cause trouble — and prevent anything malicious from happening.
Maximize your chances of preventing malicious attacks
To maximize your chances of preventing an attack and ensuring malicious attacks don’t get through to the network, make sure all of the firewall’s features are turned on. This means you should check that URL filtering, SSL encryption, antivirus, and Advanced Threat Protection are all active. You also need to be aware of what the typical traffic flow generally looks like for this SMB customer. The more aware you are, the easier it will be to spot suspicious or unusual traffic patterns within the organization.
A big piece of protecting networks in this day and age, is Advanced Threat Protection — which is found in numerous next-generation firewalls. Typically, this feature can test unknown traffic and send it up to the cloud to a sandboxing environment. From there, you can see what type of behavior it has and figure out what needs to be done about it. Should it be blocked? In the case of the Barracuda CloudGen Firewall, for example, if a threat is detected, it then becomes a known signature, and that information is synced with other devices. Once it is a known threat, it won’t be able to get in — and it won’t need to be re-sandboxed.
Defining policies for different verticals
If you have customers in a financial or healthcare vertical, they are going to need very strict, granular rule sets when it comes to different parts of the network — mostly due to regulations and auditing. As an MSP, you want to ensure that the policies you’re enforcing will help these SMBs comply with any regulations that need to be followed, such as PCI DSS or HIPAA. On the other end of the spectrum, maybe you protect more relaxed environments, such as a marketing company that needs to go on social media regularly. They will typically have looser policy standards than a healthcare organization.
You may ask, is there a one-size-fits-all when it comes to security policies? While most firewalls have a good set of default policies right out of the box, you should customize the firewall to the specific environment it will be protecting. Look at the patterns within the company — what sites are used often and what sites are not. Once patterns have been established, go in and tweak some of the rules, add new ones, and then streamline the network for your SMB customer. Some firewalls will allow you to be super granular, so you can add policies for individual users or departments. Take advantage of this where you can, and develop a granular approach.
The most important tip I can offer is to make sure your security capabilities are active. Without these functions turned on, you won’t get the full force of what your firewall can do. It’s surprising how many people forget to activate anti-virus or turn their URL filtering on. It’s a simple step — and can ultimately save you time and effort down the road.
While firewall policies aren’t one-size-fits-all, having a good understanding of the environment and the functions it needs to accomplish can help you create detailed policies within the organization. While someone in the healthcare industry might need more filters in place, someone in a different organization might need less. Take the time to evaluate each customer and put the necessary precautions in place to help them avoid malicious traffic or sites in the future.
Photo: bogdanhoda / Shutterstock.