Story image

The security ‘F’ word: Everything you need to know about firewalls

17 Nov 2017

Article by Chris McCormack, Sophos Network Security senior product marketing manager

An evolution in firewalls is currently underway.

This has been fuelled by a recent shift in the threat landscape that has created a dramatic increase in the number and complexity of security systems.

These changes, combined with the overwhelming amount of data being produced by organisations, have created environments that require a radical new approach to network security.

The changing threat landscape

At any given time, the vast majority of organisations have compromised systems on their network that they aren’t even aware of.

In fact, as much as 60% of traffic on a given enterprise network is unknown.

It’s a pervasive and widespread problem that demonstrates the volume and sophistication of threats facing businesses today. 

The nature of the current threat landscape is creating the need for fundamental changes in the approach to network security.

Firstly, network security systems must now integrate new technology to identify malicious behaviour in network payloads without the use of traditional antivirus signatures.

Technology like sandboxing has become extremely affordable for small and mid-sized organizations and is now an essential part of an effective defence against modern malware.

In addition, security systems that used to be isolated and independent, such as endpoint and firewalls, now need to be integrated and work together to detect, identify, and respond to advanced threats before they cause significant damage.

Finally, dynamic app control technologies are required to properly identify and manage unknown applications.

Given the growing ineffectiveness of signature-based engines to identify the latest app protocols, custom apps, and apps users have become increasingly reliant on generic HTTP/HTTPS protocols. 

To make matters worse, most modern firewall products have become increasingly complicated, often leveraging several separate but loosely integrated solutions to tackle different threat vectors and compliance requirements.

As a result, the management burden for the average network administrator has reached unsustainable levels and the amount of information and data these systems produce is simply overwhelming and indigestible.

The evolution of the firewall

Early firewalls operated at low levels in the network stack, providing basic routing and packet filtering based on port and protocol inspection.

These firewalls were effective at stopping very basic attempts by hackers to enter the network.

But times have changed and network security has been forced to evolve.

Hackers no longer attack the network directly; instead, they focus on infecting systems inside the network, typically by exploiting vulnerabilities in applications and servers, or by taking advantage of social engineering to gain a foothold through email and compromised websites.

As a result, organisations have been forced to add additional network security appliances to their network perimeter for intrusion prevention, web filtering, anti-spam, remote access (VPN), and web application firewalls (WAF).

The next-generation firewall was born out of the need to provide much-needed visibility and control over users and their applications.

The next-gen firewall rises above the ports and protocols of earlier stateful firewalls to higher layers in the OSI model to provide application and user awareness.

However, as firewalls have gotten better at identifying and controlling unwanted applications, these applications have gotten better at avoiding detection.

As a result, most of the traffic passing through a modern firewall today is unknown, unidentified, or simply too generic to be classified or controlled.

Firewalls of the future

Next-gen firewalls are failing to deliver on their promise to provide application awareness.

Signature-based application detection techniques are no longer enough, meaning that the majority of app traffic on today’s networks is going unidentified and unchecked.

It’s a significant and serious problem which presents enormous security, productivity, performance, and compliance risks.

Businesses today are demanding high application control and ultimate oversight of their networks – enabling instant identification of systems at risk.

They have identified that a huge number of apps are currently going unseen on the network – which is essentially an enormous blind-spot leading to a range of compliance, performance, and security risks.

Firewalls of the future must manage network blind spots, providing businesses the ability to control endpoints and share network application information with absolute clarity.

What’s more, this technology must be able to automatically identify, classify and control all unknown application traffic on the network.

This is the key to network visibility and control that renders all other next-gen firewalls obsolete.

Article by Chris McCormack, Sophos Network Security senior product marketing manager

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.