Firewalls are crucial for protecting your company’s network and data from internal and external threats. But not all firewalls are created equal. Many small businesses take firewall protection for granted and don’t understand their firewall solution’s deficiencies until it’s too late.
In many cases, traditional firewalls just aren’t enough to protect today’s complex networks or to prevent ever-evolving threats. We recently met with a company that suffered a phishing attack. Despite having a network firewall in place – and a service provider to manage it – their security measures simply weren’t enough to prevent the attack. And despite the constant efforts of IT to educate employees on how to recognize phishing, this sort of breach is all too common. In fact, a 2017 Verizon cybersecurity report found that an attacker sending out 10 phishing emails has a 90% chance that one person will fall for it.
After the attack, the company wanted to ensure their firewall was as bullet-proof as possible and thought they needed a dedicated hosted solution. While this would increase the level of network security, it would also be very costly and is not the right fit for every organization. The company eventually became our client and we worked with them to find the best solution to keep their networks secure without blowing their IT budget.
Whether you are in the same boat as our client and looking for a new firewall solution after an attack or just wondering if your current firewall is doing enough, here are four FAQs that can help you make a decision:
What is a firewall?
SearchSecurity.com defines a firewall as a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. It acts as a barrier between a trusted network and an untrusted network. A firewall controls access to the resources of a network through a positive control model. This means that the only traffic allowed onto the network is defined in the firewall policy; all other traffic is denied.
How exactly does a firewall block threats?
As virtual walls that separate networks from the internet, firewalls use any combination of the following techniques to block potentially harmful traffic:
• Packet Filter – The firewall reviews each packet entering or exiting the network and accepts or rejects it based on user-defined rules.
• Application Gateway – The firewall enables address and port translation for certain application-layer protocols, such as FTP (File Transfer protocol), BitTorrent, SIP (Session Initiation Protocol), RTSP (Real Tim Streaming Protocol), file transfer in IM applications, etc.
• Circuit-level Gateway – The firewall applies security protocols each time a TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) connection is established.
• Proxy Server – The firewall hides the true network address and intercepts all messages entering and leaving the network.
• Next Generation Firewalls (NGFW) filter network and internet traffic based on application or traffic types using specific ports. This type of firewall also includes quality of service (QoS)
features for deeper inspection.
What are the different types of firewalls?
A software, or host-based, firewall is installed on every virtual machine that is connected to the cloud. It scans all incoming and outgoing traffic for threats and blocks activities associated with blacklisted IP addresses, identified malware definitions and suspicious application requests. While software-based firewalls allow for device-based customization and support anti-virus and data loss prevention for each individual device, they can’t prevent malware from spreading to other systems before each packet of data is scanned. In addition, the firewall turns off with the individual machine, leaving data and apps unguarded.
A hardware firewall can be built into the network router or a stand-alone device that sits behind the router. It scans each packet of internet data before it touches your internal drives. The majority of hardware firewalls offer sophisticated controls beyond basic web filtering and data scanning. For example, they will intelligently analyze vast datasets to identify malware and cyberattacks based on irregular activities. Hardware firewalls provide 24/7 protection, but also require a great deal of monitoring and maintenance to keep them running properly.
Google 'firewall' and you will likely find that most results are related to cloud firewalls. With cloud firewalls, there may be on premise hardware managed remotely by security service professionals or a firewall application that runs on virtual servers to protect traffic going to, from and between your cloud. This type of firewall is typically more difficult for cybercriminals to evade, does not require full time management from your internal team, and can easily be scaled up or down.
Which firewall is best for my company?
Firewalls are not one-size-fits-all solutions; the answer to that question depends on your business model and network environment. When choosing a firewall, we work with our clients to identify crucial information risks, the resources available for firewall management, the state of their existing firewall and their budget. By assessing these key considerations, companies are able to determine which firewall or firewalls are best for them.