SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Why securing hybrid networks with next-generation firewalls is essential in an evolving landscape
Fri, 24th Feb 2023
FYI, this story is more than a year old

Digital transformation has pushed organisations to adopt a hybrid IT approach, creating a mixture of on-premises and private and public cloud infrastructure that should be secured as much as possible. Hybrid networks offer numerous benefits for businesses, such as increased efficiency and faster delivery of applications and services.  

However, they also pose significant challenges, particularly when there isn’t a centralised security strategy in place. Instead, many organisations choose to implement a range of security technologies across their networks, mostly from different vendors. As a result, it’s almost impossible to establish persistent cross-platform visibility and control.  

The increasing adoption of more solutions to the security stack generates greater risks for businesses and their IT and security teams. Too many tools or ‘tool sprawl’ creates unnecessary complexity, which diminishes visibility across devices and networks and lowers threat response time as security teams won’t know which tool will fix specific security risks. And not surprisingly, having too many non-integrated products jammed together is time-consuming and expensive to manage, especially as an organisation grows.

However, as cyber threats become more sophisticated and frequent, businesses need to quickly adapt their approaches to securing hybrid infrastructure and ensure a consistent policy environment and broad visibility across the network.

Organisations need to rethink their security approach. Consolidating networking and security capabilities into one solution is one of the best strategies for reducing infrastructural complexities that can help IT and security teams simplify their infrastructure while providing better security. Businesses should look to implement a single next-generation firewall (NGFW) platform as the backbone of a unified security strategy that combines and manages multiple integrated security functions in the one platform.

Effective deployment of NGFW solutions helps organisations better protect both on-premises and cloud assets through complete end-to-end visibility, ease of management and control, and consistent enforcement across the network. But selecting the right solution can be difficult, and there are several mistakes IT leaders can make, including:

  • Focusing exclusively on a cloud-based solution
  • Ignoring the importance of the on-premises data centre
  • Choosing a best-of-breed approach over a unified system
  • Not taking a holistic approach to hybrid security
  • Trusting too much and failing to consider the value of a zero trust security model

In addition to steering clear of critical mistakes, IT leaders should also consider the following essential features when looking for a NGFW solution:

  • Application control
  • Software-defined wide area network (SD-WAN) integrations and capabilities
  • Identity awareness
  • Centralised management, administration, logging and reporting
  • Deep packet inspection
  • Sandboxing
  • Comprehensive network visibility
  • Secure sockets layer (SSL) monitoring

NGFWs should also be able to share threat intelligence across the network to provide comprehensive visibility and deliver coordinated security enforcement and threat management. All-in-one NFGWs that encompass a wide range of security features and capabilities will provide security beyond the edge by proactively reducing the attack surface through identity-based segmentation to limit the effect of malicious lateral network traffic.

Businesses face increasing security challenges as their networks become more complex and distributed. In today’s digital world, taking a holistic approach to security is more important than ever. This requires selecting an NGFW solution that can operate at any edge to seamlessly consolidate and integrate networking and security. It should also provide broad protection, consistent policy enforcement and centralised policy orchestration, real-time threat intelligence sharing, and centralised visibility and control across even the most distributed and dynamic environments.