Risk Management And Next-Generation Firewalls: Detection Vs. Protection

When it comes to cybersecurity threats, the size and complexity of this growing problem is enormous. Ignoring it is akin to going out in a downpour without an umbrella and hoping you’ll stay dry. Here are some statistics that convey the scope of this issue:

• $6 trillion - Estimated cost of cybercrime damages projected for 2021
• 3 billion - Number of Yahoo accounts breached in 2013
• 40% - Year-over-year increase in mobile cyberattacks (2017 estimate)
• 65% - Percentage of top 100 US banks that fail online security tests

Some incidents raise concerns far beyond dollars and percentages. For instance, in August 2017 a petrochemical plant in Saudi Arabia was assaulted by hackers, leading to the compromise of voltage, pressure and temperature controllers. The attack on the Saudi facility did not seek to merely shut down the plant, but rather to intentionally cause an explosion. In this case, it was fortunate that no one was hurt, but it’s worth noting that identical controllers are used in nearly 18,000 plants worldwide, including nuclear treatment facilities, oil refineries and chemical plants.

It is of utmost importance that enterprise firewalls work to proactively protect company IP and sensitive client data rather than just detect cyber threats. A recent Gartner report offers an in-depth analysis of the enterprise firewall industry and the ability of some providers to meet the current threat landscape.*

Next-Generation Firewalls

Next-generation firewalls (NGFW) combine a traditional firewall protection with additional threat management functionalities, such as:

• Deep packet inspection (DPI) - used to examine packets of information and analyze for anomalies.
• Intrusion prevention system (IPS) - used to monitor, attempt to block and report on malicious or suspicious activities such as security threats or policy violations.
• TLS/SSL encrypted traffic inspection - used to verify the validity of the data that is being transmitted.
• Identity access management (IAM) - used to restrict and manage access to protected resources behind the firewall.

NGFWs provide a more comprehensive evaluation of data packets presented to a network that earlier generations of firewalls. Nevertheless, NGFW defenses react after an attack - essentially, detecting rather than protecting against the threat.

Enterprise Network Firewall Magic Quadrant

Gartner uses a graphical format termed the “Magic Quadrant” in order to compare companies or products according to their relative strengths and weaknesses for two variables. For the enterprise firewall industry, Gartner’s enterprise network firewall Magic Quadrant classifies security offerings from industry vendors according to “ability to execute” and “completeness of vision” criteria. The vendors are classified into four broad categories: niche players, challengers, leaders and visionaries.*

To assess the strength of the information security solution employed by your company, your risk management officers may want to ask the following of your enterprise’s firewall vendor:

• Does the product allow an SSL traffic security bypass? If not, how does this affect network availability?
• How does the firewall address remote scenarios, such as a user accessing public WiFi?
• Can the firewall detect and respond to targeted port scans, probes and other reconnaissance attacks? Is it also mobile friendly?

Blurred Perimeters

It’s important to recognize that network perimeters are now much less concretely defined and are more permeable than ever. With the explosion of personal devices, cloud computing and WiFi access points, the ability to control and monitor all potential areas of vulnerability via NGFW alone has become untenable.

The new terrain has led to a call for virtualized firewalls, and some security firms currently do offer such services. However, reliability and performance issues have prevented widespread adoption. Almost all network firewalls today are delivered on purpose-built appliances due to the poor performance of firewalls running on general-purpose servers.

Protect And Defend From The Edge

In order to thwart increasingly sophisticated cyber criminal activity, there has been a growing trend towards layered protection. Security products that leverage layered protection employ a series of protective barriers whose purpose is data protection -- not just threat detection -- even beyond the edges of the central network.

As connectivity and work locations continue to expand, enterprise boundaries will become more diffused. By default, network perimeters can occur anywhere, and the branch office might be a connected worker sipping a latte at a coffee shop. These scenarios require solutions that can travel along with users, providing enterprise-grade protection no matter the context or geographic location.

One defense solution is a portable firewall that specifically addresses the needs of mobile work teams. For example, Silent Circle’s GoSilent mobile firewall is a portable integrated virtual private network (VPN), intrusion prevention system (IPS), application firewall, and cloud analytics tool that protects remote users and safeguards enterprise data.

* Gartner, Magic Quadrant for Enterprise Network Firewalls, 10 July 2017 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.