By Matt Piercy, VP and general manager, Zscaler EMEA

The business IT environment is changing rapidly and, as a result, today’s CIOs have to tackle a number of big challenges. 20 years ago, applications and data were stored on an individual’s computer. Today, cloud-delivered applications, services, and infrastructure are transforming business processes, services, and models.

Cloud transformation has turned what was once a predictable and tightly controlled ecosystem upside-down. In the midst of all this change, CIOs are under pressure to improve employee productivity, encourage standardisation throughout the organisation, and ensure any changes that are implemented drive cost savings. Indeed, CIOs have a big job on their hands as they attempt to recognise the importance of—and embrace—new technology that will help streamline business operations and keep the company competitive, while saving IT significant amounts of time and money.

Here are four key steps of a cloud transformation journey, and how CIOs can navigate these steps successfully:

Global collaboration

Improved collaboration is making its way into the CIO strategy, which isn’t surprising given the competitive advantage collaboration can bring. Creativity, innovation, and communication need to take place across the board. If a business doesn’t have the ability to share information and work amongst global teams, it is missing out on opportunities. Think of the ideas and knowledge that, if shared, could increase efficiencies, reduce costs, boost sales, and reduce customer churn. Collaboration is at the heart of today’s cutting-edge business, and CIOs need to ensure their technology encourages and simplifies collaboration at all levels.

Cloud security

Organisations everywhere are being challenged to reduce costs while increasing productivity and performance. To meet these challenges, CIOs are adopting a cloud-first strategy that utilises software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS). Motivated by the idea of migrating apps to public cloud providers like AWS and Azure and benefiting from increased accessibility, business productivity, flexibility, and cost-effectiveness, cloud migration seems to be a relatively straightforward way of enhancing performance and reducing costs related to hardware inventory and maintenance.

However, the success of a cloud-first strategy is dependent on tools that make a company cloud-ready. Legacy hardware appliances within offices and branches have limitations which are quickly reached when relying on them to support cloud use. These limitations can leave a company vulnerable in terms of security and stifled performance. CIOs can overcome this challenge with a unified cloud security solution with a full range of security controls that enable both secure internet access and secure remote access. With visibility into all traffic that’s moving across the network, CIOs can gain insight into every request—by user, location, and device around the world—in seconds.

Mobility

The number of employee-owned and managed devices, also known as BYOD, being used for work continues to grow each year. According to recent research, BYOD and enterprise mobility in Europe is projected to grow at a CAGR of more than 17 percent by 2023. The benefits of BYOD are well known. Not only does it enable and maximise a productive workforce, but it saves money by eliminating the need to buy individual employees their own devices. By allowing workers to use devices they enjoy and are comfortable with, BYOD also increases employee satisfaction. 

Bringing mobile devices into the workplace does, however, put pressure on CIOs to secure these devices as they access the internet, SaaS, and internal applications. Securing traffic to different types of apps is often complex for IT and forces end users to actually think about the location of apps and how to access them, which falls short of the seamless experience users have come to expect. CIOs need to ensure they are able to enforce security and access policies, regardless of device, location, and application.

Internet-first

Last on the list is an internet-first approach. The rapid proliferation of cloud services and SaaS applications is ultimately leading all businesses to rethink their traditional approach to web security. Moving to the cloud increasingly requires CIOs to create secure, direct-to-internet connections. As such, they are embracing software-defined wide area networking (SD-WAN) to drive network simplicity and reduce costs.

SD-WAN works by simplifying how traffic is routed in the branch, which makes it easy to establish local internet breakouts. Software-defined policies are used to select the best path to route traffic connecting the branch to the internet, cloud applications, and the data centre. By defining policies for all branches, organisations can easily deploy new applications and services and manage policies across many locations. CIOs need to make sure they are able to prioritise critical applications such as Office 365 over the likes of YouTube and streaming media, and that they have the ability to leverage multiple branch connection types, including broadband, LTE, and VPN over broadband, to allow a seamless user experience.

Recognising the importance of globalisation and shifting to more mobile-, cloud- and internet-based workloads, all the while navigating network and security challenges and concerns, is a common balancing act for today’s CIOs. However, by successfully taking these steps, CIOs can streamline business processes, enhance the user experience and, ultimately, boost business productivity.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

By Mathias Widler

Businesses have become painfully aware that conventional approaches — virus signature scanning and URL filtering — are no longer sufficient in the fight against cyberthreats. This is in part because malware is constantly changing, generating new signatures with a frequency that far outpaces the updates of signature detection systems.

In addition, malware today tends to be targeted to specific sectors, companies, or even individual members of a management team, and such targeted attacks are difficult to spot. It has become necessary to use state-of-the-art technology based on behavioural analysis, also known as the sandbox. This blog examines how a sandbox can increase security and it looks at what to consider when choosing a sandbox solution.

The sandbox as a playground against malware

Zero-day ransomware and new malware strains are spreading at a frightening pace. Due to the dynamic nature of the attacks, it is no longer possible to develop a signature for each new variant. In addition, signatures tend to be available only after malware has reached a critical mass — in other words, after an outbreak has occurred. As malware changes its face all the time, the code is likely to change before a new signature for any given type of malware can be developed, and the game starts from scratch. How can we protect ourselves against such polymorphous threats?

There is another trend that should influence your decision about the level of protection you need: malware targeted at individuals. It is designed to work covertly, making smart use of social engineering mechanisms that are difficult to identify as fake. It only take a moment for a targeted attack to drop the harmful payload — and the amount of time between system infection and access to information is getting shorter all the time.

What is needed is a quick remedy that does not rely on signatures alone. To detect today’s amorphous, malicious code, complex behavioural analysis is necessary, which in turn requires new security systems. The purpose of a sandbox is to analyse suspicious files in a protected environment before they can reach the user. The sandbox provides a safe space, where the code can be run without doing any harm to the user’s system.

The right choice to improve security

Today’s market appears crowded with providers offering various solutions. Some of them include virtualisation technology (where an attack is triggered through what appears to be virtual system) or a simulated hardware solution (where the malware is offered a PC), through to solutions in which the entire network is mapped in the sandbox. However, malware developers have been hard at work, too, and a well-coded package can recognise whether a person is sitting in front of the PC, it can detect if it’s in a virtual environment in which case it can alter its behaviour, and it can undermine the sandboxing measures by delaying activation of the malicious code after infection.

So, what should companies look for when they want to enhance their security posture through behavioural analysis?

What to look for in a sandbox

• The solution should cover all users and their devices, regardless of their location. Buyers should check whether mobile users are also covered by a solution
• The solution should work inline and not in a TAP mode. This is the only way one can identify threats and block them directly without having to create new rules through third-party devices such as firewalls
• First-file sandboxing is crucial to prevent an initial infection without an existing detection pattern
• It should include a patient-zero identification capability to detect an infection affecting a single user
• Smart malware often hides behind SSL traffic, so a sandbox solution should be able to examine SSL traffic. With this capability, it is also important to look at performance, because SSL scanning drains a system’s resources. With respect to traditional appliances, a multitude of new hardware is often required to enable SSL scanning — up to eight times more hardware, depending on the manufacturer
• In the case of a cloud sandbox, it should comply with relevant laws and regulations, such as the Federal Data Protection Act in Germany. It is important to ensure that the sandboxing is done within the EU, ideally in Germany. The strict German data protection regulations also benefit customers from other EU countries
• A sandbox is not a universal remedy, so it should, as an intelligent solution, be able to work with other security modules. For example, it is important to be able to stop the outbound traffic to a command-and-control (C&C) centre in the case of an infection. In turn, it should be possible to turn off the infected computer by tracing back the C&C communication

Putting it all together

All these criteria can be covered by an efficient and highly integrated security platform, rather than individual hardware components (“point” appliances). One advantage of such a model is that you get almost instantly correlated logs from across the security modules on the platform without any manual interaction. If a sandbox is part of the platform, the interplay of various protection technologies through the automated correlation of data ensures faster and significantly higher protection. This is because it is no longer necessary to feed the SIEM system manually with logs from different manufacturers.

Platform models do not lose any information as they allow all security tools — such as proxy, URL filters, antivirus, APT protection, and other technologies — to communicate with one another. It eliminates the time-consuming evaluation of alerts, as the platform blocks unwanted data extraction automatically. A cloud-based sandbox together with a security platform is, therefore, an effective solution. It complements an existing security solution by adding behavioural analysis components to detect previously unknown malware and strengthens the overall security posture — without increasing operating costs.

The post How to choose a sandbox first appeared on The Zscaler Blog.