While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take on additional duties, such as compliance and risk management. While most modern next-gen firewalls provide basic visibility and control over user activity, they often fall far short when it comes to providing any kind of risk assessment or insights. These days, you need all the help you can get, which means a firewall solution that not only makes it easy to setup and enforce acceptable use policies, but also one that can identify risky users and apps before they become a problem.
Key technologies your firewall must include to provide adequate next-generation user awareness and control:
Application Control – Application control enables you to prioritize important network traffic like VoIP, while limiting or blocking unwanted traffic like streaming media. Even if you don’t enforce any app control policies, you need to be aware of what applications are putting your network and organization at risk. Ensure your next firewall has full user and group-based application control with traffic shaping options by application, user, category, or rule.
Web Control – URL filtering policies are important for compliance to ensure a safe environment for all your users. While this has become a staple of nearly every firewall, there are important differences in the ease with which sophisticated user and group-based policies can be implemented and maintained on a daily basis. Make sure your next firewall offers a simple yet flexible set of policy tools to make day-to-day maintenance of this important area easy and less time-consuming.
Risk Visibility – Insights into your riskiest users and applications are critical to ensuring proper policies are enforced before there’s a serious incident. Ensure your next firewall provides a risk assessment report for users that correlates their network activity to identify your riskiest users. Also, look for an assessment of overall application risk level on your network that can guide you into taking action if and when high-risk application usage starts to become evident.
HTTPS Scanning – With most internet traffic now encrypted, compliance enforcement is challenging unless you have adequate HTTPS scanning. Since HTTPS scanning can be invasive and disruptive, make sure your next firewall includes selective scanning and easy solutions for managing exceptions.
Defence against modern threats
Advanced Threat Protection – Advanced threat protection is important to identify bots, APTs, and other threats already operating on your network. Ensure your next firewall has malicious traffic detection, botnet detection, and command and control (C&C) call-home traffic detection. The firewall should use a collaborative approach that combines IPS, DNS, and web telemetry to identify call-home traffic.
Identify and Isolate Compromised Systems – To prevent data loss and further infections, and to accelerate remediation, your firewall should immediately identify not only the infected host, but the user and process in the event of an incident, and ideally, it should also automatically block or isolate compromised systems until they can be investigated and cleaned up (preferably automatically by your endpoint protection).
Intrusion Prevention – Intrusion prevention systems (IPS) can detect hackers attempting to breach your network resources. Ensure your firewall has a next-gen IPS that’s capable of identifying advanced attack patterns on your network traffic to detect hacking attempts and malware moving laterally across your network segments. Also consider a solution that offers the capability to block entire GeoIP ranges for regions of the world you don’t do business with to further reduce your surface area of attack.
Sandboxing – Sandboxing can easily catch the latest evasive malware and advanced threats like ransomware and botnet malware before it makes its way onto your computers. Ensure your firewall offers advanced sandboxing that can identify suspicious web or email files and detonate them in a safe sandbox environment to determine their behaviour before allowing them into your network.
Email Protection – Email is still one of the primary entry points for threats and social engineering exploits. Be sure that your next firewall or email filtering solution has top-shelf anti-spam and anti-phishing technology to detect the latest malware lurking in emails and their attachments.
Web Application Firewall – A WAF can protect your servers, devices, and business applications from being hacked. If you manage any servers or business applications in-house that require access from the internet, ensure your firewall offers full WAF protection. A web application firewall should provide a reverse proxy, offload authentication, and should also harden systems from being hacked.
Useful Tip: When choosing an alternative Firewall vendor to replace your current solution, usually the first IT Supplier/Reseller you contact will most likely have the best price compared to everyone else.
Make sure you don’t tip off cold callers about your Firewall project, as there is a big chance they will deal register the opportunity with various vendors and will lock out the preferred supplier you want to work with.
For more information about Network Security and to understand more about your requirements contact us on 0161 300 9643 or email: firstname.lastname@example.org