Network Security Risk Analysis

/Tag:Network Security Risk Analysis

Next (Generation) Steps: Expanding Firewall Context

Wikipedia: “A firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule sets.”

This generic firewall definition is independent of the technology used to control network traffic between trust levels. […]

By |November 25th, 2014|0 Comments

Network Operation: Developing a Smarter Security Framework

As any network operator can attest, the words “firewall” and “security appliance” carry multiple connotations; some of which are flattering and others that are… not.

That being said, developing scalable and feature driven security devices is a difficult task, especially […]

By |November 20th, 2014|0 Comments

Future Considerations: Software Defined

If Software Defined Networking (SDN) becomes the open ubiquitous technology that I think it will, everything changes.

That sounds dramatic, but I believe that SDN will change many aspects of how we deploy and manage networks. It also creates a […]

By |November 18th, 2014|0 Comments

Advancing Firewall Evils to 10-Tuple

When I first started working with firewalls some 18-odd years ago, the revolution of “stateful inspection” was just starting to take hold. The explosion of Internet bandwidth (laughable now) to DS3-type speeds was driving everyone away from the proxy solutions they had in place to this awesome new security device.

All firewalling concepts were geared to the 5-tuple, situating the firewall firmly in the L4 space, but even then the market leaders defied that definition. Anyone that tried to pass active FTP without the properly CRLF formatting in the command channel was painfully aware of just how far up the stack the “L4 firewall” could go.

Of course, back then you made a good living knowing how to turn those security features off (probably not selectively) so you could make the network work again. Now, we’re all trying to figure out how to program the network properly so we can exert control over the 10-tuple, which eliminates the need for stateful inspection, right?

The answer to the question requires some thought regarding basic concepts. I start with wondering: “Why does the network exist? What’s its purpose?” For me, the answer is that the network provides nothing in and of itself, it exists to supply services to users of those services. With that in mind, we can start by wondering just what it is the firewall does for us.

Some past thought patterns would be, the firewall:

• Stops users from consuming unauthorized services (SSH, for example) – which seems like something the service should do, right? If my network can manage flows, why can’t my service manage who consumes those services?

• Prevents bad actors from exploiting misconfigurations and vulnerabilities on the network and overlying services – but isn’t the network intelligent enough to protect itself and the services that ride on top of it?


By |November 4th, 2014|0 Comments

Natural Selection: The Future of the Firewall

When Jody Brazil and the folks at Firemon asked me if I’d write a post for this ”Future of the Firewall” series my first thought was, “if I had a nickel for every time someone told me the firewall was dead, I ‘d be rich.”

Yes, the good old firewall, the security technology everyone loves to hate, has been on supposed life support for years. But yet it’s a $9 billion market according to Gartner. We should all be that sick.

To be fair, today’s next generation devices bear little resemblance to those old Check Point boxes you may remember. It’s sort of like comparing a Model T Ford to a Tesla.

However, just as both cars can get you from A-B, today’s firewalls are doing the same things those old Check Point or Cisco Pix boxes did. While the speed, bandwidth, scalability and capability has increased, firewalls do the same thing now they did then, controlling ingress and egress.

Going into the future, firewalls will still perform this task.

I don’t want to leave the impression that nothing has or will change, though. Firewalls have evolved and collectively these changes have drastically shifted the model. For me, the biggest change is where the firewall lives; it’s no longer merely the drawbridge over the perimeter moat providing entrance to the castle.

A better analogy for how firewalls have changed might be found in comparing dinosaurs to birds. Just as the dinosaurs evolved into birds and took fight, firewalls have transformed. Initially they flew inside. One significant innovation was use of firewalls deployed inside the network to isolate segments, with highly sensitive data kept behind these internal systems.

Other firewalls evolved into big honking boxes sitting at the core of the network. Instead of perimeter devices, these firewalls performed ingress and egress monitoring/control at a critical choke point for all network traffic.

And just as some firewalls flew inside, other firewalls flew away altogether. Some flew to the cloud, where the servers were going, to protect the web servers and applications that serve as the interface for computing interactions.


By |October 30th, 2014|0 Comments

Industry News – Advancing Network Threat Intelligence

When FireMon re-positioned itself around the concept of Proactive Security Intelligence at the beginning of 2014, the effort was undertaken with the notion of highlighting the critical role that data produced by our solutions plays in managing enterprise security and IT risk.

Sure, if you want to start at the most foundational element of the processes we support, as many of our customers do, it can be stated as simply as firewall management – getting a clear understanding of what network security device infrastructure is doing, then improving the performance and efficiency of those defenses, continuously.

However, the truth is, “firewall management” is a far too narrow a manner of communicating the overall value of what the FireMon Security Manager Platform and its supporting modules offer in terms of strategic information, thus the new messaging.

With all the intelligence that we produce regarding policy workflow, compliance validation and risk management, along with enablement of related process automation, we felt it was far more appropriate, if not completely defensible, to adopt this broader PSI mantra.

Intelligence, of course, has evolved into a very broad and encompassing industry buzzword, popular among security vendors of all breeds who feel that they provide some form of critical data to inform strategic decision making – which admittedly could be almost any company on the landscape today.


By |September 17th, 2014|0 Comments

Black Hat 2014: RSA in the Desert?

I’ve been attending the Black Hat Security Conference in Las Vegas for almost a solid decade now, and if there’s one thing that’s for sure, it’s that the conference continues to evolve.

Given, when I first started attending Black Hat those […]

By |August 14th, 2014|0 Comments

Gartner Guidance: No Farewell to Firewalls

Every so often someone suggests that network firewalls are no longer a strategic asset – typically based on the emergence of some shiny new, “gotta have it” technology, or the notion that this 20+ year old first line of defense […]

By |July 14th, 2014|0 Comments

FireMon Security Manager 7.0 – Top 5 Additions

With any major product release there’s typically quite a bit to sound off about, but with the launch of FireMon Security Manager 7.0 platform and the introduction of its updated Policy Planner 3.0 module there’s so much to highlight that […]

By |December 13th, 2013|0 Comments

FireMon Security Manager 7.0 – Top 5 Additions

With any major product release there’s typically quite a bit to sound off about, but with the launch of FireMon Security Manager 7.0 platform and the introduction of its updated Policy Planner 3.0 module there’s so much to highlight that […]

By |December 13th, 2013|0 Comments