Firewalls protect the gateway to your network and to your data and applications, and maintaining threat protection is essential.
The problem is that firewalls are pretty stupid – they are like a security guard on the door of a club, allowing in only those guests who are on the list and rejecting anyone who Is not.
The problem is that hackers and emerging threats have become much more sophisticated in gaining entry, and in addition, modern business networks are much more porous than they once were – there are now multiple entry points into a network, and firewalls can be bypassed.
Unified Threat Management (UTM) devices have been pioneered by companies such as Sophos, Checkpoint and Fortigate, to just name three. UTMs are simple to deploy and much easier to manage than traditional firewalls, but more than this, they have emerged as the cutting edge of modern threat protection and detection – they are also referred to as Next Generation Firewalls (NGFW).
The major next generation threats you need to consider are:
1. Web Application Control (WAC)
You may already be familiar with Web Access Control, which tackles what websites your staff are surfing to. By blocking classes of sites, e.g. porn or gambling, you minimize exposure to malicious code and malware being dropped onto the client machine, as well as maintaining staff productivity.
WAC takes the concept even further, by refining your control over what websites are blocked and what can be accessed by staff. You may want to block all Social Media websites for example, but if your business is active on Facebook, you want access to that for your marketing and customer care. More than this, you will also want to stop downloads from the web if they are of a malicious character, and this has been a major emerging threat with phishing and browser drive-by downloads of malware and malicious packages.
2. URL Filtering
We all experience downloads from web urls we visit – for the most part this is benign in the form of cookies, but just as a benign cookie may be easily downloaded without your knowledge, so can malicious code.
URL filtering allows for control over what websites your staff can visit, and also control what they actually can do when they are on permissible websites.
3. HTTPS Data Filtering
Modern SSL connections encrypt data to protect the contents from undesirable, third-party snoopers. But just as third-parties cannot see what is contained within the data stream, neither can your firewall and this means malicious code can be encrypted, passed through the firewall and then decrypted and is ready to run as a malicious executable.
Your firewall needs to be able to identify threats and malware even when they are encrypted, in order to protect your data and network integrity.
4. Intrusion Detection System (IDS)
Intrusion Detection or Intrusion Protection Systems actively and continuously monitor your network for signs of threats and suspicious activity. If they detect suspicious activity, they will isolate and shut down the threat, and immediately report the event to whoever is managing your network security and create a log of the event for reporting purposes.
Jensen Carlyle is a technology and data security expert, currently reviewing firewall products and developments for Swift Systems.