Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!
Unless you’re under a rock, you know that the WannaCry Ransomware cyberattack swept worldwide headlines last week.
Organizations scrambled to apply the latest Microsoft security patch to their computers to prevent the spread of the attack. It’s estimated that the ransomware attack hit more than 300,000 victims in 150 countries.
When Jody Brazil and the folks at Firemon asked me if I’d write a post for this ”Future of the Firewall” series my first thought was, “if I had a nickel for every time someone told me the firewall was dead, I ‘d be rich.”
Yes, the good old firewall, the security technology everyone loves to hate, has been on supposed life support for years. But yet it’s a $9 billion market according to Gartner. We should all be that sick.
To be fair, today’s next generation devices bear little resemblance to those old Check Point boxes you may remember. It’s sort of like comparing a Model T Ford to a Tesla.
However, just as both cars can get you from A-B, today’s firewalls are doing the same things those old Check Point or Cisco Pix boxes did. While the speed, bandwidth, scalability and capability has increased, firewalls do the same thing now they did then, controlling ingress and egress.
Going into the future, firewalls will still perform this task.
I don’t want to leave the impression that nothing has or will change, though. Firewalls have evolved and collectively these changes have drastically shifted the model. For me, the biggest change is where the firewall lives; it’s no longer merely the drawbridge over the perimeter moat providing entrance to the castle.
A better analogy for how firewalls have changed might be found in comparing dinosaurs to birds. Just as the dinosaurs evolved into birds and took fight, firewalls have transformed. Initially they flew inside. One significant innovation was use of firewalls deployed inside the network to isolate segments, with highly sensitive data kept behind these internal systems.
Other firewalls evolved into big honking boxes sitting at the core of the network. Instead of perimeter devices, these firewalls performed ingress and egress monitoring/control at a critical choke point for all network traffic.
And just as some firewalls flew inside, other firewalls flew away altogether. Some flew to the cloud, where the servers were going, to protect the web servers and applications that serve as the interface for computing interactions.
Some of these firewalls became specialized for the web. The rise of the WAF has been a major addition to firewall capability. Highly specialized to protect web sites and applications, WAFs added IDS/IPS functionality (and weren’t the only firewalls to do this) as well as dynamic protection capability. I think the evolution of the WAF is far from over. As we continue to move into an app-centric world, protecting the app servers grows both more critical and more complex; WAFs will rise to the mission.
At the same time the number of WAFs will continue to expand, making WAF management as critical and sophisticated as firewall management is today. Future firewall management solutions will treat WAFs as another firewall; rules and policies will flow across both WAFs and traditional firewalls.
Another major evolution occurring up in the cloud is the advent of virtual firewalls. After growing feathers, they shed their bodies! I’ve always thought of virtual firewalls no differently than appliances, though. Box or no box, you still need to set your ingress and egress rules and policies, and I don’t that will change in the future. While virtual firewalls may outnumber physical appliances, management won’t change. Of course virtualization introduces its own challenges; instead of dealing with hardware failures, we need to manage virtual environments.
The biggest change over the last few years has been the rise and dominance of the “next gen” firewall. Call it a UTM if you want, just don’t call it late for dinner. The next gen firewall has rejuvenated the entire space.
No longer “dumb” devices that block ports and IPs, NGFWs feature much “smarter” technology, combining IDS/IPS, anti-spam, DLP and more, offering a full spectrum of defense. They’re also “application aware” and much better suited to today’s app-centric world.
In the future, NGFWs will continue to grow smarter, with “brains” allowing them to be more effective and utilize more techniques to secure, automate and protect. We’re already starting to see the “son of next gen”, and it won’t stop there.
The fact is that this is the future of the firewall. No matter how they evolve or morph, no matter where in the network they live, or what they look like, we’ll add more intelligence and automation. They’ll become more effective.
Two things won’t change: they’ll have to be managed and they’ll continue to control the ingress and egress of bits into, and out of our networks, servers and devices.
We encourage you to share your thoughts, and we look forward to reading your comments. We invite you to subscribe to our blog to keep up with the latest posts of our new series.
So you’ve purchased a new firewall. Now what?
You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.
Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?
How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It
Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.
However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.
FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.
Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.
Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure
Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.