Why Intelligent Layered Security?
The security landscape grows more complex and dynamic each day. A parade of newer technologies, such as instant messaging, wireless networks, and advanced Web services, are continually being deployed in businesses, presenting further opportunities for hackers to exploit. Security threats have increased in sophistication, frequency, and complexity as we have seen hacking become increasingly driven by fraud and organized crime. Today, virtually all attentive system administrators understand that the traditional stateful packet inspecting firewall is insufficient protection when working alone.
Many vendors today offer Unified Threat Management (UTM) appliances, which incorporate multiple security functions including firewall, VPN, spam filtering, antivirus, and intrusion prevention. These functions typically work independently, and do not integrate in a way that enables you to leverage information about one layer to make other layers more effective (Figure 1). Configuration can be complex, and logging information from different functions can be inconsistent. This translates into greater complexity, leading to a higher likelihood of misconfiguration, and ultimately, poorer security. Moreover, these systems are not designed with extensibility in mind; thus they can’t rapidly evolve or extend defenses as new threats appear.
flexible enough to defend against the threats of tomorrow. Addressing this need, WatchGuard® created the Intelligent Layered Security (ILS) architecture. This technology provides the best defense possible against today's complex and rapidly changing threat environment. This paper describes our unique approach, and explains why it delivers better protection than other UTM implementations. The ILS model is currently deployed on our Firebox® X Core™ and the Firebox X Peak™ UTM appliances.
Intelligent Layered Security Architecture: Overview
The WatchGuard ILS architecture consists of six security layers intelligently cooperating with one another to dynamically detect, block, and report on malicious traffic, while passing benign traffic through as efficiently as possible. This design results in a superior system, capable of defending networks against both known and unknown attacks without sacrificing performance.
For this discussion, a layer is a logical construct that defines a conceptual boundary between components of a network’s security infrastructure. We're regarding each different type of security technology as a separate layer. The ILS engine is the central nervous system of the architecture. By designing each layer to take advantage of and reinforce the capabilities of the other layers, and by exchanging information about the traffic being processed between the layers, it provides maximum protection, reliability, and performance. Let’s look at an overview of each layer:
1. External Security Services, providing technologies to extend protection beyond the firewall, and information which empowers the end user/administrator to be more efficient
2. Data Integrity, validating the data packet integrity and packet protocol conformance
3. Virtual Private Networking (VPN), ensuring secure and private external communications
4. Stateful firewall, restricting traffic to those sources, destinations, and ports which are allowed by the security policy
5. Deep application inspection, ensuring conformance with application layer protocol standards, blocking dangerous files by pattern or file type, and blocking dangerous commands and modifying data to prevent leakage of critical system information
6. Content Security, analyzing and regulating traffic for appropriate content, including services as diverse as Gateway AntiVirus (AV), Intrusion Prevention Service (IPS), spyware protection, spam protection and URL filtering
Although there are six distinct layers identified in this model, there are many functions and capabilities in each of these layers which are designed to cooperate with and pass information to other capabilities either within the same layer or at different layers. All the layers are designed to be easily extensible as new security functions are required to handle new threats.
Whether a WatchGuard firewall with ILS is deployed at the network perimeter as an endpoint device, or at the core of the infrastructure, it provides key security capabilities vital to a protecting the network. Details of these capabilities are given in the section of this paper entitled, “Intelligent Layered Security Architecture Details.”
Intelligent Layered Security Benefits
The layers of the ILS architecture are designed to work together to provide:
Better Security
Zero day protection - blocks many threats inherently, no ‘window of vulnerability’ exists for these threats
Proactive identification and blocking of attackers - Identifies attacks and attack behaviors, and drops subsequent attacks from the same site
