SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
The security ‘F’ word: Everything you need to know about firewalls
Fri, 17th Nov 2017
FYI, this story is more than a year old

An evolution in firewalls is currently underway.

This has been fuelled by a recent shift in the threat landscape that has created a dramatic increase in the number and complexity of security systems.

These changes, combined with the overwhelming amount of data being produced by organisations, have created environments that require a radical new approach to network security.

The changing threat landscape

At any given time, the vast majority of organisations have compromised systems on their network that they aren't even aware of.

In fact, as much as 60% of traffic on a given enterprise network is unknown.

It's a pervasive and widespread problem that demonstrates the volume and sophistication of threats facing businesses today.

The nature of the current threat landscape is creating the need for fundamental changes in the approach to network security.

Firstly, network security systems must now integrate new technology to identify malicious behaviour in network payloads without the use of traditional antivirus signatures.

Technology like sandboxing has become extremely affordable for small and mid-sized organizations and is now an essential part of an effective defence against modern malware.

In addition, security systems that used to be isolated and independent, such as endpoint and firewalls, now need to be integrated and work together to detect, identify, and respond to advanced threats before they cause significant damage.

Finally, dynamic app control technologies are required to properly identify and manage unknown applications.

Given the growing ineffectiveness of signature-based engines to identify the latest app protocols, custom apps, and apps users have become increasingly reliant on generic HTTP/HTTPS protocols.

To make matters worse, most modern firewall products have become increasingly complicated, often leveraging several separate but loosely integrated solutions to tackle different threat vectors and compliance requirements.

As a result, the management burden for the average network administrator has reached unsustainable levels and the amount of information and data these systems produce is simply overwhelming and indigestible.

The evolution of the firewall

Early firewalls operated at low levels in the network stack, providing basic routing and packet filtering based on port and protocol inspection.

These firewalls were effective at stopping very basic attempts by hackers to enter the network.

But times have changed and network security has been forced to evolve.

Hackers no longer attack the network directly; instead, they focus on infecting systems inside the network, typically by exploiting vulnerabilities in applications and servers, or by taking advantage of social engineering to gain a foothold through email and compromised websites.

As a result, organisations have been forced to add additional network security appliances to their network perimeter for intrusion prevention, web filtering, anti-spam, remote access (VPN), and web application firewalls (WAF).

The next-generation firewall was born out of the need to provide much-needed visibility and control over users and their applications.

The next-gen firewall rises above the ports and protocols of earlier stateful firewalls to higher layers in the OSI model to provide application and user awareness.

However, as firewalls have gotten better at identifying and controlling unwanted applications, these applications have gotten better at avoiding detection.

As a result, most of the traffic passing through a modern firewall today is unknown, unidentified, or simply too generic to be classified or controlled.

Firewalls of the future

Next-gen firewalls are failing to deliver on their promise to provide application awareness.

Signature-based application detection techniques are no longer enough, meaning that the majority of app traffic on today's networks is going unidentified and unchecked.

It's a significant and serious problem which presents enormous security, productivity, performance, and compliance risks.

Businesses today are demanding high application control and ultimate oversight of their networks – enabling instant identification of systems at risk.

They have identified that a huge number of apps are currently going unseen on the network – which is essentially an enormous blind-spot leading to a range of compliance, performance, and security risks.

Firewalls of the future must manage network blind spots, providing businesses the ability to control endpoints and share network application information with absolute clarity.

What's more, this technology must be able to automatically identify, classify and control all unknown application traffic on the network.

This is the key to network visibility and control that renders all other next-gen firewalls obsolete.

Article by Chris McCormack, Sophos Network Security senior product marketing manager