SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Ramping up security with next-gen firewalls
Tue, 11th Dec 2018
FYI, this story is more than a year old

In corporate networks, the classic defence against malware and other external attacks is typically split between two solutions: a firewall and a traditional antivirus program.

The firewall is similar to a gate that only allows authorised personnel into the network and the virus program is a guard capturing those who attempt to sneak in undetected.

Balancing act

The classic defence of using two solutions was put into place because neither solution alone could accurately protect the network.

The two needed to work together in order to achieve maximum effect and coverage.

Traditional firewalls simply followed predetermined web protocols and lacked the intelligence of next-generation firewalls.

This means the classic firewall lacked the ability to distinguish between different kinds of web traffic.

The inability to distinguish between legitimate traffic and abnormal malicious traffic meant that firewalls either accepted or rejected all the traffic sent its way.

Enterprises needed a more robust form of security with newer, more complex, rules.

This is why traditional antivirus programs were paired up with firewalls.

Antivirus software is reactive, and while these programs can deal with a threat, they only do so once that threat has entered the network.

Depending on the number of threats attacking simultaneously and the sophistication of the attack, an antivirus program is not powerful enough to keep the network safe.

However, when paired with a firewall that prevents all traffic entering the network the antivirus has the chance to scan the traffic and identify it.

The antivirus can distinguish between the good and the bad traffic and relay this information to the firewall so it can only let in the approved traffic.

This system works, but it is flawed.

Time is wasted waiting for the antivirus to identify the traffic and inform the firewall, and if one of the two was to go down, then the whole system crashes.

This kind of defence used to be enough, but as enterprise networks get more complex and the types of external threats become more varied, having two separate solutions working together becomes insufficient.

The next-gen firewall

The problem surrounding a two-solution balancing act can be addressed by next-generation firewalls.

This solution intelligently recognises users who have permissions to prevent unauthorised attackers and malicious infiltrators from having access, and in some cases, outright destroys the invader.

In order for it to guarantee this comprehensive protection, an extensive amount of data and files are fed into the program in advance and broken down extensively.

With the assistance of machine learning, it can be proofed against all known malware and viruses, and can adapt to future threats.

It can also distinguish between normal and abnormal behaviour from users within the network.

This analysis enables it to detect malware in real-time using digital DNA and thereby prevent the majority of malicious attacks.