As an IT professional, you’ll be well aware that in the absence of a silver bullet to ward off the increasing threat of cyberattack, your firewall is the electronic gatekeeper in the titanic battle to keep your network off limits to cybercriminals. Nobody is safe. Certainly not Equifax, one of the biggest U.S. credit bureaus, who recently failed to keep the personal details of 143 million of their customers out of the hands of hackers. They join a long list of prestigious enterprises that have lost important battles in the war on cybercrime.
This year’s Verizon Data Breach Investigations Report found that 88 percent of 1,935 analysed breaches were carried out with just nine well-known attack vectors, which means they could have been blocked by a few simple cyber-security measures.
How can you as a manager, responsible for your company’s network security, win the battle to keep your data where you’d prefer it to be? It seems, despite the many cyberattacks in the news, that too many enterprises are still not getting the basics right—which would be enough to deflect about 88 percent of potential attacks. In this blog, we’ll share with you some of the latest thinking and practices around firewalls, to help you keep your network secure.
The current state of the firewall
It has been a watershed year for cybersecurity. The number and severity of attacks has led the cybersecurity community to revise its prediction of the potential cost of global cyber crime damage year-on-year to 2021 from $3 trillion to $6 trillion a year. And when it comes to the role of firewalls in the war on cybercrime, here are some of the takeouts of 2017:
- Despite emerging technology paradigms, firewalls will continue to play a critical role in network security infrastructure. Symantec predicts, however, that CIOs will need to improve control of cloud app usage and access if they are to avoid these gaps in the cloud being exploited by hackers.
- The increased deployment of New-Generation Firewalls (NGFWs) are adding complexity to security management.
- There has been an increase in awareness around the impact on network security of Software-Defined Networking (SDN) technology, which enables network behaviour to be managed dynamically by network administrators through open interfaces.
- Small and medium-sized businesses (SMBs) are now more likely to be targeted by cybercriminals than big business—61 percent of businesses that suffered breaches were SMBs, according to the 2017 Verizon Data Breach Investigations Report. SMBs need to be cognisant of their vulnerability—mainly the result of ineffective or legacy security—and implement next-generation endpoint protection that can stop an attack within minutes when delivered through cloud native architecture, without placing additional strain on IT staff.
Firewall features that influence the buying decision
Before trusting your company’s security to a firewall, here is what to take into account before buying:
Performance—A firewall must provide easily configurable intrusion prevention that actively searches out worms and viruses and stops them from penetrating yournetwork security. Another important performance criterion is the effectiveness of malware prevention in tracking and preventing internal damage to your network, and providing visibility during and after an attack. You’ll also need to assess the quality of content filtering, which should allow the firewall to be programmed with rules set to prevent access to your network from unsecure websites or sources.
Manageability—The way firewall development has sped up in the last decade is largely due to growing competition between vendors, which has resulted in firewalls that were once little more than a packet filter with limited functionality, being transformed into a robust conglomerate of security functions. But user experience and the usability of a firewall remain key components when selecting a firewall for your business. Make sure your firewall can be managed in a way that suits your environment, work method and needs.
APIs—Make sure that your firewall features a dynamic application programming interface (API) that ensures full, centralised management of your network security infrastructure, allowing for hassle-free integration into a variety of business environments.
Scalability and pricing—NGFWs do not come cheap, so ask your vendor for a product roadmap that will give you an idea of any new features you can expect in the next product release and new product tie-ins. Be prepared to sign a non-disclosure agreement.
Next generation firewalls—NGFWs offer, in addition to first-generation features such as URL blocking, packet filtering and VPN, new detection capabilities that allow them to pick up on threats and stay on top of the latest security developments. But before buying, ask for data and metrics so you can measure how effective your choice of NGFW is likely to be.
The #1 challenge facing firewall management
Most IT professionals agree that the increasing complexity of environments poses the biggest challenge for firewall management, with network security now comprising multiple vendor firewalls while also accounting for the cloud, SDN and Internet of Things (IoT) technology. This demands a shift in the way IT professionals view the managing of security, with predictions around the convergence of networks and security. Without a doubt, it’s never been a more exciting time to work as an IT professional.
If you’re looking to tighten up your business's online security, download our comprehensive guide to cyber security today.