By Devin Sheehan
Cyber threats, and specifically ransomware, have increasingly breached defenses for the past years.[1] With these looming threats, how is your organization ensuring they do not fall victim to the next cyber-attack? One important factor to review is the strength and competency of your network security firewalls. Does your approach use the latest protection in the continuously evolving security technologies?
Firewalls are a critical component of any strategy and one of the oldest lines of defenses. The term “firewall” can be coined back in the cyber field since 1988[2], and remains relevant today. But how much do you know about firewalls? Are you confident your organization’s firewalls are top notch? What if I told you that according to a survey of 1,200 qualified IT security professionals, only 44.3% of organizations are currently using a next-generation firewall?[3] Let’s break down this 36-year-old cyber-term and discuss what actions you and your organization can take to protect from fatal attacks.
Cybersecurity is an always evolving field and firewalls are no exception. Cybersecurity experts categorize firewalls into two main types: traditional firewalls and next-generation firewalls (NGFWs). Traditional firewalls primarily focus on keeping out malicious traffic that makes the attempt to enter through a network firewall. The first generation of firewalls was introduced in the fourth quarter of 1989, starting as merely a packet-filter firewall or a stateless firewall. It had the ability to perform functions up to Layer 4 of the Open System Interconnection (OSI) model. This improved the ability to inspect traffic entering and leaving the network. A packet-filter firewall could take packets that were sent between devices on a network and see if the packet matched the pre-defined rules set by the network team. The rules were based on network protocols and their headers, allowable ports and/or approved destinations. However, this provided a low level of security as hackers could disguise their communications within regular approved network traffic such as Domain Name System (DNS) or Hypertext Transfer Protocol (HTTP).[4]
In 1991, there was another advancement in the firewall, opening the firewalls’ ability to operate on the seventh layer of the OSI model (application layer). Unlike traditional firewalls that primarily focused on inspecting packets at the network and transport layer, these advanced firewalls could analyze traffic based on specific applications, protocols and user behaviors. This capability allowed for more granular control and a deeper understanding of the data passing through the network, enabling the identification, and blocking of sophisticated threats that exploit application vulnerabilities. This evolution significantly improved the firewall’s ability to safeguard sensitive information and maintain the integrity of network communication.
Building on the advancement of firewalls, NGFWs have further revolutionized network security by integrating these application-layer inspection capabilities with additional features. It incorporates intrusion prevention systems (IPS), malware detection, and real-time threat intelligence, providing comprehensive visibility and control over network traffic. They are designed to understand and monitor applications, such as Facebook and Google, and services based on URLs and common ports (e.g., port 53). This evolution is a large leap in cybersecurity, adapting to the increasingly complex threat landscape and offering robust protection for modern network environments.
Despite the ever-evolving firewalls, today’s networking environment has become so complex that these traditional firewalls alone are often insufficient. Over the years, additional security technologies have been integrated with firewalls, such as anti-malware, intrusion prevention system (IPS), deep packet inspection (DPI), VPN, URL filtering, etc. With the help of these technologies’ firewalls can combat various types of attacks. However, with the rise of hybrid workforces, wireless networks, and cloud environments, network security is becoming increasingly challenging. Your network is rapidly being pulled away from your local permitter spreading across a dynamic, ever-changing, multiparameter environment. This naturally increases the attack surface of your organization’s network. So, what can be done to reduce how much of the attack surface is vulnerable? While every organization has different goals and resources, here are three firewall approaches to consider:
Firewall as a Service (FWaaS): This method provides a scalable solution without the need for expensive on-premises hardware. It is ideal for organizations that may be “behind” the curve in terms of network security and need to catch up quickly, for an organization that has many of their employees spread across the country or working remotely or have limited IT resources to manage firewalls. However, if your organization has ample IT resources, desires more control over your firewalls and doesn’t plan to expand rapidly, then this approach may not suitable. [5, 6]
Hybrid Mesh Network Firewall. This method offers a unique and modern approach by deploying a combination of firewalls in multiple form factors, including on-premises, cloud, virtualized, or a mixture.[7] It simplifies cybersecurity operations by unifying security rules and policies under a centralized management console.[8] Additional benefits include lowering total cost of ownership through system consolidation, quick responses to security concerns, and leveraging multiple firewall technologies within a single framework. However, if your organization lacks IT resources to manage a multi-firewall setup, this method may not be appropriate. Even a small configuration mistake could result in a costly cyber-attack for your organization.
Using Network Firewalls to create Micro-segmentation. This method creates zones across your environment to isolate/segment your network, allowing firewall policies to explicitly deny traffic that is not required for a system/application.[9] This approach forms the foundation for creating a zero-trust network, significantly reducing your network attack surface, improving security, minimizing the impact of cyber-attacks, and enabling a quicker remediation of incidents. While this solution may be overkill for some organizations, it is a very secure approach. However, this approach can be very manual and complex to manage, especially with a high number of firewall rules and segmentations. If your organization does not have the IT resources to support this method, then this may not be best for your organization.
While these approaches are not the only ways you can utilize for protecting your company’s network, it is important to evaluate the resources/tools your company can leverage. Take time to consider your organization’s cybersecurity goals and collaborate with your IT team to implement next-generation firewalls if you haven’t already. Explore different strategies to enhance those firewalls and create a more secure network.
SOURCES
- Cisco Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette
- Who Invented the Firewall? History, Types, and Generations of Firewall. – PCInsider (thepcinsider.com)
- *CyberEdge-2024-CDR-Report-v1.0.pdf (cyberedgegroup.com)
- How Do Attackers Bypass Firewalls? (packetlabs.net)
- Future of Network Firewalls From Expert’s Point of View | Sayers
- What is Firewall as a Service (FWaaS) and is it Right For You? (coeosolutions.com)
- Future of Network Firewalls From Expert’s Point of View | Sayers
- What is a Hybrid Mesh Firewall? – Palo Alto Networks
- What Is Micro-Segmentation? – Cisco
