Modern firewalls: More than just perimeter protection

When firewalls were first introduced in the early ’90s, their technology focused mainly on the concept of stateful inspection, which is concerned with keeping track of the state of a network’s connections. Over the past two decades, however, the Internet has grown dramatically and new security threats have emerged, causing many to predict the downfall of the firewall as a security mainstay. Now, with new technology and next generation firewalls, it appears those predictions may have been somewhat premature.

“As threats and infrastructures have evolved, the ability to control the flow of traffic on the network is more useful than ever,”said Gil Shwed, inventor of stateful inspection and CEO of Check Point, in an interview with Computer Weekly. “Firewalls have evolved to become more comprehensive and, for most organizations, still form a key part of the information security technology stack.”

Next generation firewalls dig deeper to enhance enterprise security
Modern firewalls have moved past simply monitoring certain ports or activity between addresses and are now able to allow or deny decisions. Firewalls are now capable of providing IT leaders with insights into the threats facing an enterprise that can then be used to create a more comprehensive defense strategy.

While some critics have suggested that firewalls are no longer sufficient network perimeters as company data is stored in a variety external locations, Shwed argues that what is part of an internal, trusted infrastructure and what is not is still clearly defined and therefore possible to create a perimeter around.

“Organizations use many different ways to access corporate data, such as clientless and client-based VPNs, from a range of devices or cloud applications – but the borders are still present,” explained Shwed.

APTs and the IoT, no match for modern firewalls 
​Modern, next generation firewalls are being deployed by both public and private sector organizations to defend against high-profile attacks like advanced persistent threats. APTs utilize highly skilled hacking techniques and creative strategies to slip past even the most sophisticated defense measures undetected. Next generation firewalls are able to protect enterprise networks from this threat by supplementing traditional perimeter security strategies with content filtering, intrusion detection and application control features.

Firewalls are especially beneficial to organizations embracing the Internet of Things. With the IoT, there are often devices that are connected to the Internet – and are therefore able to be hacked – that cannot run the most recent security software, leaving them vulnerable to cybercriminals. Low-tech connected devices like printers and phones can now be protected through the use of a firewall. Any machine connected to an enterprise network can be included within the perimeter set up by a next generation firewall, proving increased protection and threat defense.

As FedTech Magazine contributor Mike Chapple pointed out, IT departments are able to benefit from the single management interface offered by modern firewalls and the entire enterprise experiences advantages from multiple security features working in concert with one another.