Often, organizations consider firewall security as a one-size-fits-all type of solution. They install firewalls and then assume they are “ready to go” without researching whether or not those solutions actually protect their systems in the best possible way. “Set it and forget it!”
Instead of relying solely on firewalls and assuming they will always protect their business from cyber risk, leaders need to start asking deeper questions about them. As with most areas of business, it’s important to carefully consider each solution your organization relies on for security. So, let’s break down some questions you and your team should ask about firewall security to get a more accurate view of your network’s defense posture.
1 — What does your team’s firewall awareness look like?
To properly maintain and maintain firewalls, your team should have at least a basic understanding of how firewalls work. It is especially important to understand what a firewall can and cannot do. For example, next-generation firewall solutions are designed to perform deep packet inspection, which means they examine individual pieces of information that enter and leave your system – a “gatekeeper” for your systems. , in itself. They perform this function well, but only when they can actually see the data in the payload. This is becoming more and more difficult in the era of “encrypt everything”.
2 — Does your security team spend time understanding “the other side”?
Who is on the other side of malicious attacks? In order to understand how to protect your network from harm, your team needs to understand what – and who – they are defending against. The cyberattack landscape has changed dramatically over the past few years, and malicious actors have accelerated their skills. With the advancement of technologies, cybercriminals are more and more efficient and dangerous.
Hackers of the 2020s have more powerful tools than ever, literally at their fingertips. They are smart people, guided by tools that cost them little or nothing to obtain. For example, credential stuffing attacks (taking a username and password on one site and trying them on other sites to gain access to additional credentials) can be executed easily with a free open source tool called OpenBullet.
Security teams need to consider all of this when looking at their existing firewall solutions. They should also consider that most next-generation firewall solutions predate many of these powerful hacking tools by 10-20 years and have changed little in the past two decades.
3 — Can your next-generation firewall solution really encrypt and decrypt all your data?
Unlike 20 years ago, when firewalls were first introduced, almost all data packets entering and leaving systems are encrypted. This means that for deep packet inspection to work, your firewall must be able to decrypt the data, scan the contents for any indication of malicious activity, and then, in many situations, re-encrypt it to meet modern compliance standards.
This can take a tremendous amount of processing power and time, so your firewall solution must not only have the ability to encrypt and decrypt, but your system must also have the bandwidth to support these activities. Worse still, modern encryption techniques driven by the global demand for privacy make it increasingly difficult to decrypt and re-encrypt data in the first place.
4 — How many IP addresses can your firewall solution block?
As we explored above, deep packet inspection in a world of encrypted data can be a time-consuming process, which can then become a hindrance for today’s fast-paced network environments. And for this reason, your firewall technology should have a way to supplement deep packet inspections, in case decryption cannot occur in time and packets containing malicious payloads slip through the cracks. .
The best way to make sure nothing goes unnoticed under your firewall? By also implementing IP address filtering. Since all traffic is identified by a unique IP address, this is an easy way to catch all packets coming from (or going to) known malicious locations and block them, without even needing to verify their content.
But there’s a sad reality about IP address filtering: most well-known firewall security vendors quote that their solutions can only recognize and block about 100,000 to 1 million IP addresses, altogether. more. There are millions (or billions) of known bad IP addresses circulating around the world right now. It’s crazy, right? ! We thought so too and created ThreatBlock as a solution that focused only on blocking IP addresses to fill this obvious gap. Our solution can support up to 150 million IP addresses and domains, about 1,000 times more than firewalls can support. Indeed, we designed ThreatBlockr specifically for this use case. Firewalls weren’t designed for this use case – they were designed for deep packet inspection, which is a very different engineering problem.
5 — Does your team complement your firewall solution with other security practices?
As powerful as firewall solutions can be, they are only as strong as the humans in your organization. No matter how vigilant and advanced your security team’s initiatives are, if a single employee clicks on a phishing email link, those efforts could be wasted.
It is important to consider cybersecurity awareness training alongside security solutions such as firewalls. When your employees can avoid phishing schemes and create (and alternate) strong passwords, they will contribute positively to your overall security program, making your purchased solutions that much more effective. When your IT team is rigorous about timely installation of the latest software security patches across your entire enterprise software ecosystem, your security posture will improve dramatically.
The bottom line: Firewalls are not a magic bullet, a black box that can fix all security vulnerabilities. Firewalls are clearly not a silver bullet. If they were, no one would be hacked. Yet here we are, in 2022, with new vulnerabilities and threats identified every day. Firewalls belong in a security team’s toolbox, but need to be complemented by enterprise-wide solutions, methodologies, and best practices. Only then can effective cybersecurity truly be achieved.
For organizations looking to understand what threats are traversing their existing security stacks, ThreatBlockr offers a free threat risk assessment to get a full network security audit.