Corner OfficeCXO Bytes

Today’s Firewall is More Important in a Multi-Perimeter World New cornerstone for enterprise security

Cloud computing, virtualization, mobility and now expansive work-from-home policies  have dramatically changed how organizations conduct business.  Anywhere, anytime access fosters collaboration and enables gains in productivity, but also adds the security challenges of provisioning access based on user, device-type, application, access type and even time of day  to the ongoing, previous security challenges that continue to exist. Equally important, attackers continue to strengthen their skills and refine their techniques. Creative threats are coming from a variety of vectors, including high-risk URLs and weaponized web applications.

To stay ahead of the threats, it’s time for security professionals to re-embrace Next-Generation Firewalls (NGFW).

The New Business Normal is No Longer New

The design, implementation, and deployment of modern network architectures, such as virtualization and cloud, continue to be a game-changing strategy for many organizations. Virtualizing the data center, migrating to the cloud, or a combination of both, demonstrates significant operational and economic advantages as public cloud services, always-on internet, and collaboration technologies empower teams to connect, communicate, and be productive from anywhere. However, vulnerabilities within virtual and cloud environments are well-documented and new vulnerabilities are discovered regularly that yield serious security implications and challenges.

In the era of remote work, cloud computing, mobile devices and IoT, the enterprise perimeter extends to anywhere that work gets done and is constantly changing. Remote-first and boundless workforces is the new business normal, and the hyper-distributed business is here to stay. The distributed IT reality is creating an unprecedented explosion of exposure points across organizations and government agencies. As exposure points continue to multiply, cyber and business risk continues to escalate. Regardless of whether entry points are on-premises, in the cloud, in the data center, at a branch office, in a home office, or ‘on the go,’ each one needs to be protected.

Cyberattacks Are on the Rise

Cybercriminals are enjoying unprecedented opportunities. When the COVID-19 pandemic struck, work went home — and cybercriminals followed , propelling IoT malware attacks to new heights. Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization. IoT malware attacks have been rising over the last three years and in 2020 they skyrocketed. In 2019, SonicWall recorded 34.3 million IoT malware attacks. In 2020, that number rose to 56.9 million, a 66 percent increase.

Beyond targeting remote workers, ransomware is up – as are encrypted threats. Ransomware continues to be the most concerning threat to corporations and the preferred tool for cybercriminals. In addition to taking advantage of low-hanging fruit, cybercriminals continue to use encryption to circumvent traditional network defenses and gain access to sensitive data. While TLS provides legitimate security benefits for web sessions and internet communications, cybercriminals are increasingly using this encryption protocol to hide malware, ransomware, zero-day attacks, and more. Traditional security controls, such as legacy firewalls, lack the capability or processing power to detect, inspect, and mitigate cyberattacks sent via HTTPS/TLS traffic, making this a highly successful avenue for hackers.

Enterprises Are Facing Daunting Challenges

With increasing numbers of devices and remote workers, enterprises are facing even more daunting challenges in protecting the business. Many enterprises, educational institutions, and government agencies have deployed a number of stand-alone appliances and disjointed defenses, which include traditional firewalls, Intrusion Prevention Systems (IPS), Virtual Private Networks (VPN), and sandboxing, to segment and secure different departments, data centers, and users. Even though this type of deployment offers needed security, it has several drawbacks:

  • Management Complexity. Stemming from a need to manage multiple networks, customers, and clouds, enterprises are using many different firewalls. However, the use of multiple vendors and stand-alone security products to secure networks and cloud infrastructure increases operational complexity and adds costs.
  • Policy Proliferation and Limited Visibility Operating across several segmented networks, clouds, or service definitions often results in the proliferation of different policies (many of which may be obsolete, duplicated, or shadowed). Beyond the limited visibility into the network security posture, with so many different firewall deployments in place, it can be difficult to manage them all to achieve consistent policies.
  • Performance Bottlenecks Increases in enterprise and encrypted traffic traversing large-chassis firewalls impact network performance, creating a need to use expensive, hard-to-maintain load balancers to keep up with increasing network traffic. Further, organizations are often faced with challenges in upgrading legacy based network firewalls that already exist within the infrastructure. Such legacy systems frequently create a bottleneck in terms of performance and ability to provide the enhanced security services required to secure applications and domains.
  • Constrained Resources  IT management and security teams are understaffed, stretched too thin, and often operate in crisis mode. Constrained resources impact the ability to manage the security posture and provide consistent assurance of security


Modern Firewalls for the Modern Enterprise

The firewalls of today are more agile, more capable, and more powerful than when the technology debuted 20 years ago. Today’s Next-Generation Firewalls build on the strengths of past firewalls and include modern networking capabilities and all of the security controls found in UTM as well as SSL/ TLS decryption, user control, application-level filtering, and sandboxing. The integration of Data Loss Prevention (DLP) within NGFW blocks the extraction of sensitive data, especially regulated data such as personally identifiable information (PII) and compliance-related data. Criteria to consider in evaluating NGFWs should include:

 

Networking capabilities

An enterprise-grade platform and operating system are at the core of any physical or virtual NGFW. Capabilities that are vital in enterprise deployments include SD-WAN security, encrypted traffic inspection, High Availability/Clustering, and Zero Trust.

 

Security features

A NGFW is within the third generation of firewall technology, designed to address advanced security threats at the application level through intelligent, context-aware security features. Security controls found within next-generation firewalls extend zero trust security to any perimeter and include:

  • Virtual Private Network
  • Zone-Based Firewall
  • Intrusion Detection and/or Prevention
  • Application Control
  • Web Control (URL Filtering)
  • DNS Security (DNS Filtering)
  • Multi-Instance Firewall
  • Network and Cloud Sandboxing
  • Dedicated Threat Intelligence

 

Manageability

Individually accessing multiple firewalls and other components to make changes or view activity can burden already constrained resources. A centralized system that enables you to remotely configure, deploy, view, and run reports on all on-prem and cloud-based firewall activity through a single pane of glass is vital.

 

Programmability

Despite its multiple, robust capabilities, a next-generation firewall still needs to operate with other systems that are installed on the network it is expected to protect. It should, therefore, be able to integrate seamlessly and transparently with the entire network infrastructure and third-party security solutions. It should also be able to integrate with all major IaaS providers to support multi-cloud deployments across AWS or Azure.

 

Conclusion 

With the disruption of the traditional office-centric workforce, the new normal is that everyone is remote and unsecure. The huge shift toward work-from-anywhere and increased adoption of cloud-based services and applications have created micro-perimeters at on-premises, in-the-cloud, branch office, and home office locations. Threat actors are becoming more powerful, more aggressive, and more numerous, increasingly abandoning the tendency to look for the biggest quarry in favor of attacking the least defended.

With the power and flexibility of a NGFW, enterprises can protect devices and companies from a much broader spectrum of intrusions, more effectively reduce cyber risk, and achieve greater protection across new perimeters and network segments more easily while lowering costs of ownership.

(The author Debasish Mukherjee is Vice President, Regional Sales APAC at SonicWall Inc. and the views expressed in this article are his own)

Leave a Response