sb-au logo
Story image

The security ‘F’ word: Everything you need to know about firewalls

17 Nov 2017

Article by Chris McCormack, Sophos Network Security senior product marketing manager

An evolution in firewalls is currently underway.

This has been fuelled by a recent shift in the threat landscape that has created a dramatic increase in the number and complexity of security systems.

These changes, combined with the overwhelming amount of data being produced by organisations, have created environments that require a radical new approach to network security.

The changing threat landscape

At any given time, the vast majority of organisations have compromised systems on their network that they aren’t even aware of.

In fact, as much as 60% of traffic on a given enterprise network is unknown.

It’s a pervasive and widespread problem that demonstrates the volume and sophistication of threats facing businesses today. 

The nature of the current threat landscape is creating the need for fundamental changes in the approach to network security.

Firstly, network security systems must now integrate new technology to identify malicious behaviour in network payloads without the use of traditional antivirus signatures.

Technology like sandboxing has become extremely affordable for small and mid-sized organizations and is now an essential part of an effective defence against modern malware.

In addition, security systems that used to be isolated and independent, such as endpoint and firewalls, now need to be integrated and work together to detect, identify, and respond to advanced threats before they cause significant damage.

Finally, dynamic app control technologies are required to properly identify and manage unknown applications.

Given the growing ineffectiveness of signature-based engines to identify the latest app protocols, custom apps, and apps users have become increasingly reliant on generic HTTP/HTTPS protocols. 

To make matters worse, most modern firewall products have become increasingly complicated, often leveraging several separate but loosely integrated solutions to tackle different threat vectors and compliance requirements.

As a result, the management burden for the average network administrator has reached unsustainable levels and the amount of information and data these systems produce is simply overwhelming and indigestible.

The evolution of the firewall

Early firewalls operated at low levels in the network stack, providing basic routing and packet filtering based on port and protocol inspection.

These firewalls were effective at stopping very basic attempts by hackers to enter the network.

But times have changed and network security has been forced to evolve.

Hackers no longer attack the network directly; instead, they focus on infecting systems inside the network, typically by exploiting vulnerabilities in applications and servers, or by taking advantage of social engineering to gain a foothold through email and compromised websites.

As a result, organisations have been forced to add additional network security appliances to their network perimeter for intrusion prevention, web filtering, anti-spam, remote access (VPN), and web application firewalls (WAF).

The next-generation firewall was born out of the need to provide much-needed visibility and control over users and their applications.

The next-gen firewall rises above the ports and protocols of earlier stateful firewalls to higher layers in the OSI model to provide application and user awareness.

However, as firewalls have gotten better at identifying and controlling unwanted applications, these applications have gotten better at avoiding detection.

As a result, most of the traffic passing through a modern firewall today is unknown, unidentified, or simply too generic to be classified or controlled.

Firewalls of the future

Next-gen firewalls are failing to deliver on their promise to provide application awareness.

Signature-based application detection techniques are no longer enough, meaning that the majority of app traffic on today’s networks is going unidentified and unchecked.

It’s a significant and serious problem which presents enormous security, productivity, performance, and compliance risks.

Businesses today are demanding high application control and ultimate oversight of their networks – enabling instant identification of systems at risk.

They have identified that a huge number of apps are currently going unseen on the network – which is essentially an enormous blind-spot leading to a range of compliance, performance, and security risks.

Firewalls of the future must manage network blind spots, providing businesses the ability to control endpoints and share network application information with absolute clarity.

What’s more, this technology must be able to automatically identify, classify and control all unknown application traffic on the network.

This is the key to network visibility and control that renders all other next-gen firewalls obsolete.

Article by Chris McCormack, Sophos Network Security senior product marketing manager

Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Fujitsu recognised a leader in Australian cyber security
"The company is well positioned to serve new businesses in the managed security services market in Australia."More
Link image
When it comes to data, resilience is king
Data is the most important asset for a business. But if it's not stored securely, or if it's not instantly available, its value can plummet. Learn more here.More