Industry News

Network Operation: Developing a Smarter Security Framework

As any network operator can attest, the words “firewall” and “security appliance” carry multiple connotations; some of which are flattering and others that are… not.

That being said, developing scalable and feature driven security devices is a difficult task, especially while trying to provide the best performance at the most competitive price.

Over the past few […]

Viral Video: Of Access Control, Hyper-Segmentation and Vendor Viability

Even after a handful of insightful blog posts from a wide range of experts, along with some related research, the question still looms large: what is the future of the firewall?

In this installment of the series we switch over to podcast/video mode, with FireMon Founder and CEO Jody Brazil joined by leading industry expert and […]

Future of the Firewall: And Now… Hard Data

Over the past few weeks you’ve been reading a lot of different perspectives in this space regarding the “Future of the Firewall” (and if you haven’t please see the related archive).

In these posts authored by leading practitioners, analysts and industry experts, and those blogs that will follow, there’s been a lot said about the critical […]

Advancing Firewall Evils to 10-Tuple

When I first started working with firewalls some 18-odd years ago, the revolution of “stateful inspection” was just starting to take hold. The explosion of Internet bandwidth (laughable now) to DS3-type speeds was driving everyone away from the proxy solutions they had in place to this awesome new security device.

All firewalling concepts were geared to the 5-tuple, situating the firewall firmly in the L4 space, but even then the market leaders defied that definition. Anyone that tried to pass active FTP without the properly CRLF formatting in the command channel was painfully aware of just how far up the stack the “L4 firewall” could go.

Of course, back then you made a good living knowing how to turn those security features off (probably not selectively) so you could make the network work again. Now, we’re all trying to figure out how to program the network properly so we can exert control over the 10-tuple, which eliminates the need for stateful inspection, right?

The answer to the question requires some thought regarding basic concepts. I start with wondering: “Why does the network exist? What’s its purpose?” For me, the answer is that the network provides nothing in and of itself, it exists to supply services to users of those services. With that in mind, we can start by wondering just what it is the firewall does for us.

Some past thought patterns would be, the firewall:

• Stops users from consuming unauthorized services (SSH, for example) – which seems like something the service should do, right? If my network can manage flows, why can’t my service manage who consumes those services?

• Prevents bad actors from exploiting misconfigurations and vulnerabilities on the network and overlying services – but isn’t the network intelligent enough to protect itself and the services that ride on top of it?

[…]

Natural Selection: The Future of the Firewall

When Jody Brazil and the folks at Firemon asked me if I’d write a post for this ”Future of the Firewall” series my first thought was, “if I had a nickel for every time someone told me the firewall was dead, I ‘d be rich.”

Yes, the good old firewall, the security technology everyone loves to hate, has been on supposed life support for years. But yet it’s a $9 billion market according to Gartner. We should all be that sick.

To be fair, today’s next generation devices bear little resemblance to those old Check Point boxes you may remember. It’s sort of like comparing a Model T Ford to a Tesla.

However, just as both cars can get you from A-B, today’s firewalls are doing the same things those old Check Point or Cisco Pix boxes did. While the speed, bandwidth, scalability and capability has increased, firewalls do the same thing now they did then, controlling ingress and egress.

Going into the future, firewalls will still perform this task.

I don’t want to leave the impression that nothing has or will change, though. Firewalls have evolved and collectively these changes have drastically shifted the model. For me, the biggest change is where the firewall lives; it’s no longer merely the drawbridge over the perimeter moat providing entrance to the castle.

A better analogy for how firewalls have changed might be found in comparing dinosaurs to birds. Just as the dinosaurs evolved into birds and took fight, firewalls have transformed. Initially they flew inside. One significant innovation was use of firewalls deployed inside the network to isolate segments, with highly sensitive data kept behind these internal systems.

Other firewalls evolved into big honking boxes sitting at the core of the network. Instead of perimeter devices, these firewalls performed ingress and egress monitoring/control at a critical choke point for all network traffic.

And just as some firewalls flew inside, other firewalls flew away altogether. Some flew to the cloud, where the servers were going, to protect the web servers and applications that serve as the interface for computing interactions.

[…]

Stated Inspection: The Future of the Firewall

What’s the future of the network firewall?

While at first glance this may not seem like the most cutting-edge or controversial question facing the IT security industry, further inspection (forgive the pun) reveals that future evolution of the firewall remains one of the most significant issues we face.

For evidence of how central firewalls remain within enterprise security strategy, consider that Gartner reports that roughly 51 percent of the 1,500 network security calls received by their analysts during the first half of 2014 were directly related to firewalls – on topics ranging from platform migration to policy management, to adoption of next generation devices.

In July, Ellen Messmer filed this piece in Network World which debates the evolution of firewalls related to cloud computing and quotes a wide range of industry experts, serving as further proof of the topic’s relevance.

For over 20 years, the firewall has served a central component of information security, representing a first line of defense in controlling access to limit risk. To this day, it remains the most successful “whitelist” security solution ever deployed, designed to permit acceptable traffic and stand as a default in denying everything that is not.

[…]

Configuration Confrontation – Network Security’s Biggest Challenge

As numerous breach incidents have emphasized, the inability of organizations to properly configure existing defenses remains arguably their most significant network security challenge.

With the Target breach standing as perhaps the best example – as attackers subsequently infiltrated the retailer’s point-of-sale data after gaining access to other areas of the network – the problem has been reinforced in a number of high-profile incidents.

This week, noteworthy vulnerability researcher H.D. Moore, perhaps best known as founder of the Metasploit pen testing platform, brought even greater attention to this issue, releasing new findings regarding a previously unreported firewall configuration issue that could expose many organizations to potential compromise.

The research, which affects organizations using devices made by Palo Alto Networks, a leader in the space, further highlights the fact that it is the challenge practitioners face in properly configuring such defenses – not vulnerabilities in those products – that remains so pervasive and troublesome.

As first detailed by Moore in a blog post and reported in news outlets including the U.K.-based Register, the issue involves misconfigured user identities set up for Palo Alto Networks firewalls that “leak” information onto the Web, exposing underlying services.

[…]

Industry News – Advancing Network Threat Intelligence

When FireMon re-positioned itself around the concept of Proactive Security Intelligence at the beginning of 2014, the effort was undertaken with the notion of highlighting the critical role that data produced by our solutions plays in managing enterprise security and IT risk.

Sure, if you want to start at the most foundational element of the processes we support, as many of our customers do, it can be stated as simply as firewall management – getting a clear understanding of what network security device infrastructure is doing, then improving the performance and efficiency of those defenses, continuously.

However, the truth is, “firewall management” is a far too narrow a manner of communicating the overall value of what the FireMon Security Manager Platform and its supporting modules offer in terms of strategic information, thus the new messaging.

With all the intelligence that we produce regarding policy workflow, compliance validation and risk management, along with enablement of related process automation, we felt it was far more appropriate, if not completely defensible, to adopt this broader PSI mantra.

Intelligence, of course, has evolved into a very broad and encompassing industry buzzword, popular among security vendors of all breeds who feel that they provide some form of critical data to inform strategic decision making – which admittedly could be almost any company on the landscape today.

[…]