This year, the network security industry celebrated the 25th anniversary of the firewall. Packet filtering technology developed following the devastating MS-DOS “Brain” virus – and the Internet-distributed “Morris” worm, evolved into the first stateful firewall in 1989. I’ve been entrenched in this type of filtering security for decades, so I’ve seen the evolution and its impact on overall enterprise network security. Looking back at the ‘lifetime’ of events (below) and the incidents that triggered the so-called evolution is extremely interesting – highlighting just how reactive our industry is when it comes to security attacks and data breaches.
The Bandages of Progress
After 25 years, I see how often security companies quickly try to “bolt-on” new features to existing platforms as a way to stop the bleeding that results from the latest attacks. The triage works – so the bandages stay in place. This hastily pieced together technology becomes the upgraded version 2.0, then 3.0 and so on. This type of development approach was on my mind when the topic of Next Generation Firewall started surfacing. A true NGFW according to Gartner was defined as follows:
“…deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or non-enterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated.”
Installing a GPS in a Model T Ford
It is vital to offer connected security and, of course, time is always of the essence. Most companies think, “We could build something in-house, but this would simply be an act of triage – bandaging up our current firewall to ensure that the latest intrusions and advanced malware cannot get through the wounds.” What organizations truly need is a purpose-built solution designed from the ground up to really combat the influx of advanced threats. In my mind, simply modifying the old technology to combat new threats was the equivalent of installing a sophisticated GPS in a Model T Ford. The GPS can give you excellent direction, but can do nothing to improve the performance of the automobile – now or in the future.
NGFW: Built for a Purpose
When organizations are looking to be at the forefront of innovation efforts, they embark on a quest to find a true NGFW provider. They should also be cautious and look to find a security engine built to protect from new threats and targeted attacks including Advanced Evasion Techniques (AETs). AETs enable malware to circumvent virtually all security defenses – rendering most security solutions defenseless because they can’t detect, much less stop them. This is a vital piece of the puzzle. Also, having extremely high bandwidth and throughput is a critical attribute for 10Gbps campuses and 40/100Gbps data center networks.
Performance and Power
Businesses need a NGFW that delivers real-world performance and massive scalability. A unified-core software architecture delivers outstanding ASIC-compatible performance, with flexibility to install as a hardware appliance, software solution, or virtual appliance format. Native clustering is also necessary to provide massive scalability and high availability in large and critical environments. Equally important is that inspection goes beyond identifying application traffic and threats.
A Protection Connection
I believe that being connected is critical and that all the elements of an organization’s security platform should work in concert together to provide adaptive security for the entire environment. When adaptive security is implemented it enables operational elements within the organization to present a much more sustainable and relevant security posture. Relevant events boil to the top, information turns into intelligence, intelligence becomes actionable, mundane tasks become automated, and the environment begins to effectively arm itself and adapt to threats as they evolve.
In this connected environment, defenses are available no matter where the attack happens in an infrastructure. Through this model organizations gain the capacity to see, impact, and enforce endpoint remediation.
Centralized Management Matters
Having centralized management that runs on Linux or Windows clients provides a “single pane of glass” view that reduces the amount of resources needed to configure and manage firewalls. IT professionals should have the freedom to, “configure once, deploy anywhere” meaning they can configure policies centrally and deploy out to hundreds of devices at once — significantly reducing administration time. Having a central repository of NGFW configurations, enable shared rules and configuration reuse. Additionally, having extensive task automation workflows to enable one-step configuration for optimal management efficiency is becoming essential. To an administrator, a good management console should provide advanced network visualization and an intuitive user experience.
That was Then, This is Now
This not your father’s Model T with a cool GPS on the dash. A connected NGFW can be so much more than a patched together version from the past. As an IT security professional, I’m excited that the next 25 years will be a time where we will redefine what network protection really looks like. This “next” generation is just the beginning.