Every organization today needs a multi-layer security strategy to protect its enterprise from the multitude of cyber security threats that exist today; While one cannot underestimate the importance of an email security gateway, web filtering solution, or endpoint protection system, there is no question as to the prominence of an enterprise firewall. It is the focal point of your enterprise protection, securing your incoming and outgoing traffic from security threats of all types. Without its presence, your enterprise would be at the mercy of every malicious attacker lurking outside your network.
Why Legacy Firewalls Are No Longer Enough
Firewalls used to be pretty straightforward. They protected your network using policies based on ports and protocols and provided basic routing and Network address translation (NAT) functionality. NAT a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
Cyber security threats today are far more complicated however. Just last year, the World Economic Forum stated that cyber attacks are the third most likely global risk to our world economy. Attacks today are no longer restricted to port scanning a company’s perimeter and slipping through an open or neglected port. Today’s attacks are shrouded in HTTPS and SSL sessions. What’s more, enterprise cyber security means more than simply protecting the edge. Today’s intricate hybrid networks involve multiple location sites as well as cloud based and internet-facing assets that go outside of the simple LAN/WAN environment.
Why Today’s Enterprise Environments Call for NGFWs
Today’s next generation firewalls (NGFWs) are an entire new breed of security protection that are designed to block and counter modern sophisticated attacks. While today’s firewall solution still blocks designated ports and protocols, these solutions incorporate multiple advanced technologies and services in a single package. A firewall should have all or most of the following features to be considered next generation:
- Application awareness
- Identity awareness
- Integrated intrusion protection
- The ability to use external intelligent sources
- Integrated malware detection
Securing ports and protocols alone is not acceptable in today’s advanced threat environments. Applications today utilize multiple and dynamic ports, making it extremely difficult to target port lists. What’s more, with today’s reliance on SSL and HTTPS traffic, many of the highly utilized ports are now encapsulated. Encryption after all is a two-edged sword. While it protects your data from being intercepted, it also protects the malicious code of attackers.
Segmentation and Deep Packet Inspection
Because of ransomware and other types of malware threats, today’s networks must be segmented in the same way that the hull of a large ship is segmented into multiple compartments in order to cordon water in the event of a leak to ensure that the ship doesn’t sink. A NGFW can segment your network into functional risk sectors. By doing so, NGFW solutions can constantly analyze and scrub traffic traversing between these divided corridors. This is made possible through deep packet inspection which goes far beyond examining only packet headers. Deep packet inspection analyzes the actual application layer in order to scrutinize and identify data and payloads, stripping away malicious code in the process. This includes TLS and other encrypted protocol traffic as well. What’s more, larger firewalls today are integrated with software-defined wide-area network (SD-WAN) technologies, allowing traffic to be analyzed, routed and secured between WAN sites and cloud providers. NGFW solutions are also designed to integrate with external intelligence sources such as deception technology appliances and network access control solutions. Ensure you have reasonable and appropriate network segmentation.
The Security Swiss Army Pocket Knife
This third generation of firewall solutions today package multiple security solutions into a single package. Some of these can include the following:
- URL and DNS filtering
- Quality of Service (QoS) functionality
- DDoS prevention
- Application Control
- Geolocation awareness
- Web application firewall (WAF) services
The Need for Speed
Legacy firewall solutions are not only incapable of using built-in intelligence to rigorously analyze traffic, they don’t contain the processing power and bandwidth to do so. The cost of packet analyzation, SSL inspection and IPS scanning is latency, a cost that is not permittable in today’s environments. NGFW solutions are designed from the ground up for speed to ensure that users and latency sensitive applications don’t experience any performance degradation.
The Complications of Firewall Migration
While many organizations are aware of the need to upgrade to a NGFW solution, few look forward to the migration process. That plethora of rules accumulated over the years that were created for a designated port configuration must now be transcribed to accommodate a new solution. Fortunately, most enterprise firewall vendors supply automated configuration migration tools to make the job a lot easier, eliminating the need to manually recreate objects and policies. It can also be intimidating knowing what all of the offered feature capabilities actually do and how they can integrate with your existing environment.
Planning the Migration Process
Taking on an enterprise firewall migration is daunting for most organization because it is only done twice a decade in most circumstances. While you can justify the prolonging of other migration projects, those organizations that continue to depend on a legacy firewall cannot afford to do so. Don’t delay, migrate today.
HALOCK is a trusted cyber security consulting firm and penetration testing company headquartered in Schaumburg, IL in the Chicago area servicing clients throughout the United States on reasonable security strategies and implementation.