Security isn't an afterthought. It should be at the core of everything organizations do. Without it, they can't grow, move forward, or innovate. Too often, without strong security, we find organizations defaulting to inaction, and not moving forward. They say no to innovation.
Saying no to innovation is playing to lose. Great organizations don't play to lose. Instead, they partner with other great organizations that lead and demonstrate year after year that they solve advanced security threats and anticipate future threats, all while reducing IT complexity. Great organizations partner with companies that help them clear roadblocks, enabling them to say yes to projects and initiatives that unlock innovations and yield success.
With that in mind, we felt it was a perfect time to have an in-depth conversation about firewalls and what they can do for your network. A firewall is a vital element of any network security system that monitors traffic and blocks unauthorized access. Picture a firewall as the moat surrounding your castle, with all of your sensitive data contained in the castle. The most secure way to protect your data is to raise the drawbridge and not allow anyone in or out. Although firewalls have that capability, this is not a very effective way of doing business. Instead, we lower the drawbridge and let traffic in and out of the castle. The drawbridge signifies connection protocols and ports (i.e. email (port 25), VPN traffic, and remote desktop (port 3389)). Along with allowing traffic in and out of the castle, the guards at the gate analyze that traffic to make sure thieves and criminals are rejected from entering the castle. Get the picture?
Types Of Firewalls
An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.
Stateful inspection firewall
Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.
Unified threat management (UTM) firewall
A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.
Next-generation firewall (NGFW)
Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.
According to Gartner, Inc.’s definition, a next-generation firewall must include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control to see and block risky apps
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
While these capabilities are increasingly becoming the standard for most companies, NGFWs can do more.
These firewalls include all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation. With a threat-focused NGFW you can:
- Know which assets are most at risk with complete context awareness
- Quickly react to attacks with intelligent security automation that sets policies and hardens your defenses dynamically
- Better detect evasive or suspicious activity with network and endpoint event correlation
- Greatly decrease the time from detection to cleanup with retrospective security that continuously monitors for suspicious activity and behavior even after initial inspection
- Ease administration and reduce complexity with unified policies that protect across the entire attack continuum
Subscription-based firewalls exist to augment the protection of a firewall appliance.
These firewalls offer additional protection, as they receive information directly from a centralized location. This allows real time and zero-day attacks to be blocked by updating the firewall's library. To relate it back to the moat analogy, the guards are getting real time information on descriptions of criminals so they can stop them before they enter the castle. It is imperative that your firewall has an updated security subscription. This subscription is another layer of protection.
To best explain the importance of a dynamic security subscription, let's go back to January 2016. Within two weeks, two major threat incidents occurred; Internet Explorer 8 Vulnerability and the Heartbleed Bug (not to be confused with Cloudbleed). Either of these incidents could easily affect a network if the network is protected solely by a Firewall.
Without a firewall security subscription, our partners at Sonicwall would not have been able to automatically push out updates with a Heartbleed signature to all their firewalls within 24 hours of the detection.
Sonicwall has designed their software to receive daily updates so all users who signed up for this extra layer were protected from the Heartbleed fall out.
Being proactive in the protection of your data and systems is best done with the help of professionals. At Fairdinkum, we help businesses like yours secure their customer data, protect their reputation, and avoid costly legal and financial consequences.
Posts You May Also Be Interested in: