By Ron Temske, VP, Security Solutions, Logicalis US
Here’s a question: What area is commonly overlooked in the IT technology end-of-life (EOL) decision-making process?
The answer: Security.
Many IT professionals tend to focus on improving productivity or reducing costs when deciding whether it’s time to upgrade or leave a legacy asset in place. And with good reason: the right end-of-life (EOL) decision can help reduce operating costs, improve end-user productivity, or, on the flip side, avoid large, unnecessary capital outlays on new technologies. What naturally happens is that most EOL initiatives focus more on solutions such as servers, storage or networking infrastructure, leaving security solutions to get lost in the shuffle.
To ensure an EOL decision doesn’t put your organization at risk—by, say, continuing to employ a solution with many security loopholes—you need to consider your core security solutions, such as firewalls, and the security capabilities of other infrastructure, such as servers, storage and networking equipment. Keep in mind that legacy solutions tend to have older and possibly outdated protections.
Take a look at this eye-opening bit from the Cisco 2016 Annual Security Report:
“Aging infrastructure is growing and leaves organizations increasingly vulnerable to compromise.
We analyzed 115,000 Cisco devices on the Internet and discovered that 92 percent of the devices in our sample were running software with known vulnerabilities. In addition, 31 percent of the Cisco devices in the field that were included in our analysis are ‘end of sale’ and 8 percent are ‘end of life.’”
More than a little frightening, right? We agree.
Which might leave you wondering, “Where the heck do I start?”
One of the most critical core security solution candidates for a close EOL evaluation is your firewall. It’s essential to keep this foundational element of your security strategy up-to-date and ready for evolving threats such as ransomware and malware.
Your organization may still be using a traditional firewall—essentially the same type that came to the market in the 1980s. These solutions operate using simple rulesets, and, generally speaking, filter either an IP address or a port, blocking access to the web in general, or Facebook in its entirety, for example.
This capability is certainly helpful, but it fails to address a number of real-world scenarios. Most malicious actors aren’t after network resources, but the data contained behind the network—meaning they can frequently exploit application loopholes to get what they want and circumvent traditional firewall solutions in the process.
In 2009, next-generation firewalls were released, such as Cisco ASA with FirePOWER Services. These offer much wider application protection at a much deeper level. For example, while traditional solutions could only block Facebook in its entirety, a next-gen solution can block only Facebook games—or allow Dropbox to only download data, not upload it.
Next-generation firewalls also offer deep packet inspection and network intrusion prevention, which monitors for malicious activities, logs them and attempts to block them by analyzing behavioral activity. They also offer customized protection based on criteria including geolocation, application type, user/group identity, reputation and URL categories such as shopping.
As you can see, EOL decisions regarding security solutions have serious consequences—so there is a lot to consider. This is just one example of how a legacy security solution can put your organization at risk.
At the same time, it’s critical to make smart IT investments in today’s economic climate. You shouldn’t buy a $1,000 safe to protect a $1 bill. Any EOL security decision you make needs to take into account the current threat landscape, the assets you’re protecting and the risks that are at stake in case of a breach.
If you need expert advice on whether a legacy solution is putting your organization at risk or whether or not the security risks outweigh the cost of investing in updated security solutions, Logicalis can help. We take a risk-centric approach to security—one that’s designed to cost-effectively protect your organization from harm.
Let’s talk soon about how we can help your organization make ideal EOL decisions and stay protected without breaking your budget.