At its core, a firewall is a network security system, either hardware- or software-based, that controls incoming and outgoing network traffic based on a set of rules.
We all know that there are many things a traditional firewall can do really well. For example:
- Blocks ports
- Allow outbound traffic
- Network address translation
On the other hand, there are many things a traditional firewall simply can’t do so well:
- Application firewall
- Intrusion prevention system
- SSL and SSH inspection
- Deep-packet inspection
- Application awareness – OSI Layer 4-7 attack mitigation
For the latter features and protection, a Next Generation Firewall (NGFW) is needed to provide more thorough edge security. Let’s talk about some of those features.
Application firewall, also known as a Web Application Firewall (WAF), is designed to help protect HTTP traffic. Common attacks are cross-site scripting (XSS) and SQL injection.
Intrusion Prevention System
“Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents…Intrusion Prevention System (IPS) is the process of performing intrusion detection and attempting to stop detected possible incidents. “ (NIST) IPS looks for bad activity on the network, both human and malware, to help prevent exploitation of weaknesses on the network or device.
SSL and SSH Inspection
A common malware strategy is to create a secure, out-bound connection to a command and control network in order to download their payload and become harmful. Leveraging Next Generation Firewall SSL inspection, the firewall is able to identify and block that outbound request rendering the infection toothless. Additionally, most traffic to common sites such as banks, Facebook, Google, Reddit, and Twitter enforce HTTPS connections (SSL) by default.
This traffic would not be able to be monitored through traditional firewalls. Common proxy services used to thwart conventional URL filtering also establishes a secure connection by default.
Being able to inspect this traffic at the firewall ensures compliance with corporate policy and helps protect from the exfiltration of data.
Anti-Malware adds a layer of protection at the edge to remediate known threats. Some firewalls communicate with a global threat center for rapid signatures. Others leverage third-party OEM software running within the appliance.
This is not designed to take the place of endpoint protection but augment it. It will not see issues originating from USB devices for example.
Application awareness is looking at the traffic and understanding what applications are generating it. This not only examines what the traffic is but looks for abnormalities and the way the application is working to see if the traffic generated is valid.
A basic example would be a Microsoft Word document making an HTTPS call to an outside server. In most cases, your document isn’t meant to act in this manner and would be blocked by the firewall.
The culmination and enablement of these features are what provide more complete protection at the edge over existing, and previous generation, firewalls. But as mentioned, firewalls alone are not complete protection but work in conjunction with a multi-layered strategy. If you’re looking to move your organization towards a more secure future, it’s time to start consider next-generation firewall technology.
Is your organization secured?
Having an intelligent security strategy is more important than ever. Our experts can help.