| The overwhelming increase in the mobility of the | | | | The first line of defense provides the following |
| corporate workforce and the availability of wireless | | | | advantages: |
| internet connections in airports, hotels, and coffee | | | | - Mobile code is not run - content arriving from the |
| houses, creates an unbearable challenge to IT | | | | internet is not executed on these appliances it just |
| managers. Whenever employees, travelling with their | | | | goes or does not go through into the network. It |
| laptops, connect to a hotel hotspot, they are in fact | | | | makes it more difficult to attack as the mobile code |
| connecting their corporate computers to an unsecured | | | | delivered by the hackers does not run on the |
| network, shared by hundreds of guests. This innocent | | | | appliances. |
| connection jeopardizes sensitive data and can bring | | | | Cannot be uninstalled - Security attacks often start by |
| back security threats into the corporate network when | | | | targeting the security software, while trying to uninstall |
| returned to the office. For this reason, IT managers | | | | it or stop its activity. |
| have adopted rigid security policies, creating a conflict | | | | Software-based security solutions, as any software |
| between the need for security and the productivity of | | | | program includes an uninstall option that can be |
| the mobile workforce. For example, some | | | | targeted. In contrast, the hardware-based security |
| organizations consider the returning laptops as | | | | appliances cannot be uninstalled as they are hard |
| "infected". The infected laptops are completely | | | | coded into the hardware. |
| formatted and cleaned. Some allow dial-up | | | | - Non-writable Memory - Hardware-based solutions |
| connections-only (no Wi-Fi), while others go further to | | | | manage the memory in a restricted and controlled |
| completely prohibit the connection of laptops to the | | | | manner. The security appliances can prohibit access to |
| Internet outside the corporate network. | | | | its memory, providing greater protection against |
| This unbearable conflict between security and mobility | | | | attacks on the security mechanism. |
| can only be solved if the mobile force is equipped with | | | | - Controlled by IT personnel - The security appliances |
| the same level of security as they have inside the | | | | are controlled by IT, who constantly maintains the |
| corporate network. To understand what this means, | | | | highest security policies and updates. |
| we should examine the level of security that is | | | | - Performance - The security appliances are optimized |
| maintained inside the corporate networks. | | | | for maximum security and operate independently from |
| Corporate Network - Two Lines of Defense | | | | computers in the network, not degrading the |
| Corporate users enjoy higher security levels inside the | | | | performance of the desktops or consuming their |
| corporate network because they operate behind two | | | | resources. |
| lines of defense. The first line of defense, is a set of | | | | Consequently, the corporate PCs reside in a secured |
| robust security appliances, installed at the IT center and | | | | environment. If the security is breached, at least the |
| exclusively controlled by the IT department. It is largely | | | | damage stops at the gateway. The first line of |
| based on a comprehensive set of IT security | | | | defense prevents threats from entering the corporate |
| appliances running secured and hardened OS, with | | | | network. While the second line serves as a precaution |
| Firewall, IDS, IPS, Anti Virus, Anti Spyware, | | | | and help defend against threats that may have |
| Anti Spam and Content filtering. The second line is | | | | already entered the network (e.g. emails). But the real |
| based on the Personal FW and Anti Virus software | | | | problem starts when the corporate PCs go in and out |
| installed on end-user's computers. | | | | of this secured environment. Outside the corporate |
| The first line of defense completely isolates the user | | | | network they are at the frontline with no first line of |
| at the physical and logical layers. | | | | defense. The problem intensifies as they return, |
| Unlike PCs, these appliances are equipped with a | | | | bypassing the first line of defense as they enter the |
| Hardened operating systems that do not have security | | | | network. These laptops can be considered as the |
| holes, "back-doors", or unsecured layers. They are | | | | greatest threat because they unknowingly infiltrate |
| designed for a single purpose, to provide security. | | | | security threatsinto the supposedly safe network. |