Story image

Reinventing next-generation firewalls for coordinated protection

28 Jun 2016

Article by Wana Tun, regional technical evangelist at Sophos

The escalation in volume and complexity of cyber threats today have compelled organisations to turn to next-generation security solutions to secure their users, networks and data.

Next Generation Firewalls (NGFW) are a modern class of firewall that blend standard firewall features with advanced functionality to provide deeper inspection of network traffic. Deep inspection of network packets facilitates proactive identification of malicious activities whether they make use of emerging threats, complex exploit attacks, and malware.

Besides performing deep traffic inspection and attack protection, what other important features or capabilities should an organisation look for in a NGFW, especially when the term itself can be fleeting given the swift evoution of cyber attacks?

In the context of today’s evolving threat landscape can any firewall truly claim to be “next-generation”?

There are indeed a set of best practices, qualifying criteria and information available to help organisations assess whether their NGFWs capabilities are adequate and effective in identifying and providing security against coordinated threats.

Here are some useful tips:

User behaviour analysis

Statistics have shown that 80 percent of security risks are introduced by user behaviour. A NGFW must be able to identify risky user behaviour and identify weaknesses in the current security policy.

Through analysis of network traffic, a NGFW can identify patterns of human behaviour that can be used to predict and prevent attacks. This information is used to calculate a user threat quotient, providing IT with an understanding of which users require education and additional protection. The user threat quotient assists in prioritising which policies to fine tune, remediating threats and identifying which users will benefit the most from security awareness training.

Organisations should select a firewall that correlates each user’s surfing habits and activity with advanced threat triggers over time to identify users prone to risky behaviour. It is also useful to deploy a firewall that comes with pre-defined best practice policy templates. This accelerates the deployment of effective protection.

Stop the attack kill chain

A NGFW must offer visibility into the inventory of users, servers and traffic traversing the network environment, and provide intelligence to proactively block attacks early in the cyber attack kill chain. One way to achieve this is to ensure the NGFW can identify and block malicious traffic connecting out to known command and control networks used by cyber criminals.

Integration between network and endpoint security

Modern security solutions are critical to protecting organisations from attacks that leverage polymorphic malware and advanced persistent threats (APT). Next-generation detection and protection capabilities are required both at the gateway and on each endpoint.

Synchronised security solutions that provide insight into activity at each endpoint and across the network provide a 360 degree view of suspicious and malicious activity. By sharing this intelligence, both endpoint and firewall can identify emerging threats and automatically terminate malicious activity. Furthermore, investigation into security incidents is quick and simple when using a firewall that automatically correlates which user and process on the endpoint initiated a connection to a malicious site. This capability significantly reduces the time and resources needed to investigate and address security incidents.

Fast remediation

Remediation can become a lengthy and expensive process when restoring systems after a security incident. This can add up to weeks or months of effort in even mid-sized environments. Therefore, it is vital to choose a NGFW that is able to pinpoint the exact troubling areas so that remediation can be performed within minutes.

Easy to use

Simple security is the best form of security. A NGFW or any security solution should be simple to deploy, configure and manage, as well as cost effective and equipped with automation capabilities to minimise human intervention, hence freeing up time and resources for other project implementations.

Above all, a NGFW must offer effective defence against emerging threats and visibility into user activity and use of the network.

Article by Wana Tun, regional technical evangelist at Sophos

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.