Tag Archives: builtin

Box security gets a boost with built-in Shield

SAN FRANCISCO — Box shops will have the ability to get granular with a new built-in Box security feature, but organizations will have to find a role for the tool alongside their other security platforms.

Box Shield, which was introduced at the file-sharing company’s annual conference, BoxWorks, will detect anomalies and risky user behavior within Box. Experts here discussed the potential behind Box Shield and how it might integrate with existing security and identity management tools within businesses.

“Security is such a tough problem,” said James Sinur, vice president at Aragon Research, based in Morgan Hill, Calif. “I haven’t found any security software that covers all aspects of it.”

How Box Shield works

Box Shield has three main functionalities: smart access, anomaly detection and a content firewall.

Where I think [Box] will make their contribution is by adjusting policies.
James Sinurvice president at Aragon Research

Smart access enables end users and IT admins to classify Box files according to their level of confidentiality. Then, IT admins can apply policies based on those classifications.

Anomaly detection helps IT to discover compromised accounts and identify access abuse. For example, if an end user accesses Box from Guatemala and downloads large amounts of data, Box Shield will flag that as risky behavior.

The content firewall feature can go beyond two-factor authentication to verify external users and check the security of devices.

IT can also use Box Shield to uncover historical data about a user’s activity and access analytics about their behavior.

Box Shield tries to play nice with other security

Sinur said he expects customers to use Box Shield in conjunction with other security platforms.

“Where I think [Box] will make their contribution is by adjusting policies that govern those pieces of [content],” he said.

Box is well-known for a plethora of integrations with third-party platforms — from Google and Slack to Microsoft and Okta. The company is already identifying places where Box Shield would integrate with other cloud access security broker (CASB) services, CEO Aaron Levie said in a press conference. Customers with an existing security information management tool, for example, would be able to use Box Shield in conjunction with it, he said.

An IT security analyst at a financial institution who wanted to remain anonymous was very interested in the new tool. His company already has several security technologies in place, such as Symantec and Okta, and would use Box Shield in addition to those services, he said.

“From a nonmanaged versus managed device, it would help us keep track of what’s going in and what’s going out based off of the device control,” he added.

Box Shield, however, would potentially replace the company’s current mobile device management platform, MobileIron.

“It would frequently push certificates out and start managing our CASBs,” he said. “We would use Box to help identify patterns in data movement.”

Pricing concerns

Pricing details aren’t yet released, but organizations will have to pay an additional cost for Box Shield, according to the vendor.

Pencils of Promise, a nonprofit organization in New York, is interested in Box Shield — but only at an affordable cost, said Ben Bromberg, senior manager of data systems at the nonprofit.

“It does seem like the sort of thing that an organization like mine would appreciate, but I have a suspicion that it would be at a price point that would be out of our reach,” he said.  

Box Shield will be available in private beta later this year, the company said.

Cisco adds LTE modem to Meraki MX security appliance

Cisco has introduced Meraki MX security appliances with a built-in 4G wireless broadband modem. The company also added the Long Term Evolution, or LTE, modem to a new Z-series teleworker gateway.

This week, Cisco launched the Meraki MX67C and MX68CW with an integrated CAT 6 LTE cellular modem. Also, Cisco unveiled four MX models – the MX67, MX68, MX67W and MX68W — without LTE but with more throughput than older models. All the new MX hardware, which are the first in the Meraki line to support the 802.11ac Wave 2 Wi-Fi standard, can deliver up to 450 Mbps of firewall throughput.

Network admins manage Cisco Meraki switches, appliances and access points through a web-based console called the Meraki Dashboard, which also provides automation and analytics. Cisco has aimed the product line at small branch offices and retailers that need a no-frills wireless LAN. For an access layer that meets the need of larger enterprises, Cisco offers the Aironet APs and Catalyst switches.

MX appliances are unified threat management devices with software-defined WAN functionality. A UTM system combines and integrates multiple security services and features, including a firewall.

Uses for LTE in the Meraki MX

The higher throughput in the latest MX appliances is aimed at companies accessing SaaS applications, such as Microsoft Office 365, said Imran Idrees, a marketing manager in Cisco’s Meraki unit. Remote branch offices can use the LTE modem as a substitute for broadband when it isn’t available.

Companies could also use the LTE connection as a failover link, Idrees said. If the Ethernet connection goes down, then the MX would switch to LTE.

“Given the ubiquity and increasing performance of LTE, this is a relatively inexpensive way for a branch office to increase its network availability,” said Mark Hung, an analyst at Gartner.

The cellular MX models have one Nano SIM card slot for connecting to a carrier’s LTE network. The built-in modem makes it possible track usage and performance of the MX from the Meraki Dashboard.

Getting LTE on older Meraki MX models required companies to plug a carrier-provided USB stick that contained the 4G modem. Because the modem wasn’t integrated with the MX, no data was captured for tracking performance.

With the latest models, data captured from the LTE connection includes signal strength, the provider’s name and how much data is traveling over the link. All the information is displayed on the Meraki Dashboard.

LTE in Meraki Dashboard

The Z3C gateway

The Z3C teleworker gateway is for workers who need a secure connection to the corporate network while they are on the road. “It’s a very compact device that a business person would take around with them,” Idrees said.

The previous version of the gateway, Z3, required a traveler to plug a hotel room’s Ethernet cable into the device to gain access to the corporate network. The Z3C has the option of connecting over LTE.

Companies that want to use a Meraki WLAN have to purchase the product line’s devices and a cloud subscription license. Once the license is registered, network managers can configure and manage the hardware through the Meraki Dashboard.