By Sumit Bansal, Managing Director of ASEAN and Korea, Sophos
For many organisations, firewalls are critical hygiene precautionary methods put in place to combat malicious attacks and behaviours. The aim of a firewall is to prevent unauthorised access into or from a private network; enforcing the boundary between a network and the rest of the world, through network packet filtering and routing based on, ports and protocols. Since their introduction, firewalls have evolved to being able to provide comprehensive protection, with the ability to block unknown threats, automatically respond to incidents and uncover hidden risks.
Traditional firewalls have proven to cause quite the disruption is certain markets, falling short of their promises and failing to deliver the kind of visibility or responsiveness needed to combat modern threats. If we look outside the Asia Pacific region for example, IT managers in markets such as the US, Germany and Australia claim that there are not aware of 70 per cent of what is actually going on with their network traffic and have highlighted that traditional firewalls hold ‘dirty secrets’.
In order to efficiently protect your environment, having complete firewall visibility is important. However, traditional firewalls are not able to cope with the rate at which cyber threats are evolving today. With the speed at which cyber threats and criminals move, IT managers are facing difficulty in monitoring traffic, resulting in the failure to notice threats. However, in the Asia Pacific region, the enterprise firewall market, valued at USD 3.1 billion in 2017, is expected to reach a value of USD 6.02 billion by 2023. This shows that organisations are still prioritising firewall as a key component to security.
Although we are seeing forecasted growth into firewall investments, it is good to look back at the dirty secrets that are not only found in traditional firewalls, but also next-generation firewalls. Modern next-gen firewalls are built with the sole intention to protect against the threats of outbreaks such as WannaCry and NotPetya, but still, these threats were able to hit a global scale, gaining access and spreading through corporate networks. Why? The uncomfortable truth is that next-generation firewalls lack the ability to work progressively as an orchestra, but instead functions as a one-man-band. There are steps to ensure that your firewall fulfils its promise to provide visibility and the responsiveness needed to combat modern threats.
IT decision makers need to know that all network protection solutions are not created equal, Intrusion Prevention System (IPS) engines of certain firewalls have been known to block out more than 90 per cent of threats, whilst others fare badly with just 25 percent. Luckily, there are independent test organisations that test all major firewall vendors’ security effectiveness on an annual basis.
Time is money, and when the set-up of any system is cumbersome, resources are wasted. For organisations setting up their firewalls, usually they would need to individually configure firewall rules, application control, TLS inspection, sandboxing, web filtering, antivirus and IPS. When sourcing for a firewall system, IT decision makers should look for a system that is integrated, provides simplicity and actionable insights. The most beneficial for organisations is a system that is synchronised, identifies unknown applications and works in unison in order to provide clarity and control over all the traffic on their network.
The right place at the right time – technologies such as IPS and sandboxing are only effective when traffic is navigating the firewall. In short, it is important to ensure that your network is segmented properly, and your firewall is properly deployed. These measures will have an enormous effect on the level of protection it provides in real time.
In short, to fully be able to have full and clear visibility through the fog, firewall systems must be integrated and have the ability to work with other systems. They need to have the agility to adapt to modern threats and be controllable from one point.