Reinventing next-generation firewalls for coordinated protection
By Wana Tun, Regional Technical Evangelist, Sophos
The escalation in volume and complexity of cyber threats today have compelled organisations to turn to next-generation security solutions to secure their users, networks and data. Next Generation Firewalls (NGFW) are a modern class of firewall that blend standard firewall features with advanced functionality to provide deeper inspection of network traffic. Deep inspection of network packets facilitates proactive identification of malicious activities whether they make use of emerging threats, complex exploit attacks, and malware.
Besides performing deep traffic inspection and attack protection, what other important features or capabilities should an organisation look for in a NGFW, especially when the term itself can be fleeting given the swift evoution of cyber attacks?
In the context of today’s evolving threat landscape can any firewall truly claim to be “next-generation”?
There are indeed a set of best practices, qualifying criteria and information available to help organisations assess whether their NGFWs capabilities are adequate and effective in identifying and providing security against coordinated threats.
Here are some useful tips:
User behaviour analyses
Statistics have shown that 80 percent of security risks are introduced by user behaviour. A NGFW must be able to identify risky user behaviour and identify weaknesses in the current security policy. Through analysis of network traffic, a NGFW can identify patterns of human behaviour that can be used to predict and prevent attacks. This information is used to calculate a user threat quotient, providing IT with an understanding of which users require education and additional protectio. The user threat quotient assists in prioritising which policies to fine tune, remediating threats and identifying which users will benefit the most from security awareness training.
Organisations should select a firewall that correlates each user’s surfing habits and activity with advanced threat triggers over time to identify users prone to risky behaviour. It is also useful to deploy a firewall that comes with pre-defined best practice policy templates. This accelerates the deployment of effective protection.
Stop the attack kill chain
A NGFW must offer visibility into the inventory of users, servers and traffic traversing the network environment, and provide intelligence to proactively block attacks early in the cyber attack kill chain. One way to achieve this is to ensure the NGFW can identify and block malicious traffic connecting out to known command and control networks used by cyber criminals.
Integration between network and endpoint security
Modern security solutions are critical to protecting organisations from attacks that leverage polymorphic malware and advanced persistent threats (APT).
Next-generation detection and protection capabilities are required both at the gateway and on each endpoint. Synchronised security solutions that provide insight into activity at each endpoint and across the network provide a 360 degree view of suspicious and malicious activity. By sharing this intelligence, both endpoint and firewall can identify emerging threats and automatically terminate malicious activity. Furthermore, investigation into security incidents is quick and simple when using a firewall that automatically correlates which user and process on the endpoint initiated a connection to a malicious site. This capability significantly reduces the time and resources needed to investigate and address security incidents.
Remediation can become a lengthy and expensive process when restoring systems after a security incident. This can add up to weeks or months of effort in even mid-sized environments. Therefore, it is vital to choose a NGFW that is able to pinpoint the exact troubling areas so that remediation can be performed within minutes.
Easy to use
Simple security is the best form of security. A NGFW or any security solution should be simple to deploy, configure and manage, as well as cost effective and equipped with automation capabilities to minimise human intervention, hence freeing up time and resources for other project implementations.
Above all, a NGFW must offer effective defense against emerging threats and visibility into user activity and use of the network.