Sonic Solutions Fosters Innovation Through Application Visibility and Control
Sonic Solutions enables the creation, management, and enjoyment of digital media content from Hollywood to home. Always an innovator, Sonic Solutions is playing a leading role in helping professional and consumer markets make the successful transition to the new high-definition media formats and, through Sonic’s DVD on Demand initiative, is defining new models for the digital distribution of premium Hollywood entertainment. With the firm belief that the Sonic employees are the force behind their innovative offerings, Roger Blakeley, VP of Information Security, sees his role as one of enabling continued innovation through secure interaction for all their offices, particularly those in the US and China.
BLIND TO PORT 80 TRAFFIC
Like most IT organizations, the IT group at Sonic Solutions did not have adequate visibility and control of port 80 application traffic exposing the company to a wide range of security and business risks including regulatory non-compliance, data leakage, loss of productivity and increased operational costs. Roger and the IT team believe that employees will use whatever application they want and it is up to the security team to protect the network and the company from the trouble that rogue applications and unknowing users may cause. Unfortunately, many of today’s applications have can evade detection by port-centric security solutions making it very difficult for the Sonic IT team to confirm their suspicions about user activity.
In order to regain visibility and subsequent control over all applications traversing the network, not just those streaming through port 80, Roger and his team began looking at complementary security technologies. Sonic initially considered an Intrusion Prevention System (IPS) as a means to augment their firewall, but the IPS lacked the ability to detect more than a handful of applications, and the threat-oriented nature of IPS offerings did not provide the granular application control that Sonic desired. A key requirement for Sonic was the ability to see exactly which employees were using the applications.
SUSPICIONS CONFIRMED: ROGUE APPLICATIONS ARE PRESENT
The quest for visibility and control over applications continued with an on-site evaluation of the Palo Alto Networks PA-4000 Series, where it detected what the IT team had suspected all along, unapproved applications were flowing through the existing firewall and network security infrastructure undetected. The usual suspects were present on the Sonic network including P2P applications, IM, webmail, and social networking applications - exposing the company to a range of business and technical risks. The PA-4000 Series gave the IT team the exact name of the application, not just a generic identifier of some sort as well as who was using it.
This level of detail will help streamline the creation and enforcement of appropriate application usage policies, particularly for remote office employees such as those in Sonic’s China facility. The Palo Alto Networks next-generation firewall quickly established itself as the solution to the Sonic application visibility problems.
USER-BASED VISIBILITY AND CONTROL
The use of non-work related applications on the Sonic Solutions global network represents significant risks in terms of threats, compliance, operational costs, and employee productivity. One of the key features that convinced Sonic to move forward with the PA-4000 Series was the its ability to integrate with their Active Directory (AD) user repository. The AD integration means that as applications of all types are detected, the PA-4000 Series displays the name of the employee – not just an IP address - who is using that application. Then, based on the type of application and the associated appropriate use policy, a rule can be put in place to control that application based on the user and group information within Active Directory. Active Directory user visibility is woven throughout the management interface with user and group information viewable in the visualization tools, logging and reporting as well as the policy editor which means that Roger and his team have a consistent view of network activity.
The PA-4000 Series is currently deployed in conjunction with the existing firewalls providing Sonic Solutions with unprecedented visibility into all Internet traffic, allowing them to control application traffic – regardless of port and protocol - while elevating their network security posture. The longer term intention is to replace the current firewalls with the Palo Alto Networks offering – enabling Sonic to reduce the number of security devices, while maintaining the level of visibility and control available only with the PA-4000 Series.