Security control systems like firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks.
This is according to Marc Thompson, product expert at Bitrate, speaking at the ITWeb Security Summit taking place at the Sandton Convention Centre.
He said enterprises should update their network firewall and intrusion prevention capabilities to protect business systems, as attacks get more sophisticated. “Legacy firewalls are basically blind to the latest generation of applications and threats, and enterprises need to adopt next-generation firewall (NGFW).”
He said the NGFW could help organisations thoroughly manage risks and achieve compliance better by providing unmatched awareness and control over network traffic. “These firewalls can enable growth by providing a means to securely take advantage of the latest generation of applications and new-age technologies.
Thompson also said by facilitating device consolidation, infrastructure simplification, and greater operational efficiency, the NGFW can reduce costs.
NGFW is a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks, he explained.
“They can identify applications regardless of port, protocol, evasive tactics or SSL encryption, and provide granular visibility of and policy control over applications, including individual functions.”
According to Thompson, the NGFW should accurately identify users and subsequently use identity information as an attribute for policy control. “They also provide real-time protection against a wide array of threats, including those operating at the application layer.”
There are products today with NGFW characteristics, but these must not be confused with well-marketed first-generation firewalls or products more appropriate for small businesses, he pointed out.
Under siege
Thompson said network security gateways are under siege because new threats are being introduced faster than ever and are increasingly targeting application-layer vulnerabilities.
At the same time, user-centric and enterprise applications alike are taking advantage of commonly allowed communication ports, and services to ensure their passage across security boundaries he pointed out.
“This is also to facilitate operation in the broadest set of networking scenarios.
“The result has been a steady erosion of the effectiveness of network firewalls and, consequently, the illumination of fundamental flaws in the initial design and subsequent modifications to these foundational elements of most enterprise security strategies.”
In the past, Thompson pointed out; port-blocking firewalls have been the cornerstone of enterprise network security. “But much like a stone, they've stood still in the face of rapidly evolving applications and threats.”
Experts' word
Research company Gartner says the stateful protocol filtering and limited application awareness offered by first-generation firewalls are not effective in dealing with current and emerging threats.
It says using separate firewalls and intrusion prevention appliances results in higher operational costs and no increase in security over an optimised combined platform. “NGFWs can detect application-specific attacks and enforce application-specific granular security policy, both inbound and outbound.”
The NGFWs will be most effective when working in conjunction with other layers of security controls.
Gartner says if organisations have not yet deployed network intrusion prevention, they should require NGFW capabilities of all vendors at their next firewall refresh point.
“If you have deployed both network firewalls and network intrusion prevention, synchronise the refresh cycle for both technologies and migrate to next generation firewall capabilities,” the firm says.
Share