Sophos. The problem with firewalls
There’s an evolution underway in firewalls that’s different from any previous generation.
Shifts in the threat landscape, a dramatic increase in the number and complexity of technologies that sysadmins have to deal with, and a flow of data that’s drowning the signal in the noise have created a perilous situation that’s putting security at risk:
“When I came into this role, I quickly noticed there was lack of visibility into our endpoints and network. If someone got infected, we had no clue…” – Director of IT at a healthcare technology company, MA
He’s not alone. A recent survey of IT administrators identified that most firewalls in use today:
- Force admins to spend too much time digging for the information they need.
- Don’t provide adequate visibility into threats and risks on the network.
- Make it too difficult to figure out how to use all their features.
Dealing with this situation means taking a radical new approach to network security: one that can enable security systems to work together; that simplifies and streamlines workflows; that cuts through the enormous volumes of data to identify what’s important.
So how did we get here?
How firewalls got worse as they got better
Originally firewalls provided basic network packet filtering and routing based on hosts, ports and protocols. They enforced the boundary between a network and the rest of the world, and patrolled the boundaries within that network.
These firewalls were effective at limiting the exposure of services to just the computers and networks that needed access to them, reducing the attack surface available to hackers and malware on the outside.
Of course attackers don’t stand still so attacks evolved to exploit the services that firewalls left exposed: attacking vulnerabilities in applications and servers, or using social engineering to gain a foothold inside a network through email or compromised websites.
Firewall technology evolved too, moving up the OSI stack to Layer 7 where it could identify and control traffic based on the originating user or application, and where deep inspection technologies could look for threats inside the content of application traffic.
This shift from ports and protocols to applications and users has spawned a new category of network protection, so-called “next-generation” firewalls that include deep packet inspection of encrypted and unencrypted traffic, intrusion prevention, application awareness and user-based policies, alongside traditional stateful inspection techniques.
As a result, modern firewall products have become increasingly difficult to operate and manage, often leveraging separate and loosely integrated solutions to tackle different threats and compliance requirements.
Poor integration can leave sysadmins with blindspots:
“…we kinda piecemealed our different programs. We had one program for antivirus. We had a different provider for the firewall … you don’t know exactly how everything dovetails together.” – School District Technology Coordinator, WY
The volume of data these systems produce can be enormous and the burden for the average network administrator has reached unsustainable levels.
How firewalls must improve
Network security demands a more thorough approach to the integration of complex technologies and a new breed of firewall is required: one that has been developed from the start to address the problems of existing firewalls and provides a platform designed specifically to tackle the evolving threat and network landscape.
This new type of firewall must deal with modern threats that are more advanced, evasive, and targeted than ever before. These advanced persistent threats (APTs) use techniques that create a new zero-day threat with every instance, presenting a serious challenge for signature-based malware detection.
Modern firewalls must:
- Identify malicious behavior and give you unprecedented visibility into risky users and risky behavior, unwanted applications, suspicious payloads and persistent threats.
- Work with other security systems, such as endpoint solutions, operating as one to detect, identify, and respond to advanced threats quickly and efficiently.
- Use dynamic application control technologies that can correctly identify and manage unknown applications, which signature-based engines miss.
- Integrate a full suite of threat protection technologies so that network administrators can set and maintain their security posture at a glance.
Firewalls must regain their place as your network’s trusted enforcer, blocking and containing threats and stopping the unauthorized exfiltration of data.
Download our Firewall Buyer’s Guide for valuable information to help you make an informed decision about your next firewall.
You can read the original article, here.