Despite claims of its demise, the firewall is still the foundation stone of security deployments. Doros Hadjizenonos, Check Point South Africa sales manager, looks at how it has adapted to combat three decades of threats.
Was your business online 20 years ago? Probably not: very few businesses were. After all, the Web was still in its infancy, and the first browser software had only been introduced in 1993 – so only a small percentage of companies were even aware of the Internet, let alone its potential security risks.
Yet in 1994 the first commercial software firewall was launched, with the ability to separate an organisation’s networks and data traffic from the public Internet, and protect it against interception and other potential online risks – even though the actual risks were minimal in those formative days of the web. The firewall has come a long way since its origins more than 20 years ago. As the Internet developed, and security threats began to emerge and multiply, the firewall evolved to keep pace with those new threats, despite the regular predictions of its demise from some industry observers for well over half of its existence.
The evolution of IT infrastructures and ever-more sophisticated threats has triggered repeated warnings about the firewall becoming irrelevant and obsolete. These cries were first sounded in the late 1990s when laptop usage and remote access started to spread in the corporate environment, and speculation began about the network becoming deperimeterised. The predictions were repeated a few years later, with the growing popularity of SSL VPNs and the booming use of smartphones and personal devices for network access. And, according to critics, the latest technology to signal the end of the firewall is the growth in cloud applications.
So is it game over for the firewall? I don’t think so. In fact, the ongoing evolution of the firewall means that it continues to be the foundation stone for an effective security deployment.
Controlling the border
It’s certainly true that networks have changed from the relative simplicity of a decade ago to the complex topologies today. Perimeters have become much more extended and fragmented, yet they still exist. Also, there is still a very clear separation between the internal trusted infrastructure and external, untrusted networks.
Organisations use many different ways to access corporate data, such as clientless and client-based VPNs from a range of devices or cloud applications – but the borders between what we trust and don’t trust are still present.
Network activity overall is simply far more complex than it once was, with more events, more border-crossing points, and a much greater variety of traffic from a huge range of applications. It’s similar to how a country controls the way that people enter and leave it. Just as users access corporate networks in a variety of ways, people can arrive at or depart from a country by air, railway or road. Yet these travel options don’t make border security controls obsolete: they are still needed at airports and international railway stations in order to effectively monitor, inspect and manage the flow of passengers through each point.
Just as border controls use a range increasingly sophisticated scanning techniques to investigate the people, cargo and luggage crossing the border to identify potential hidden risks, firewalls have also evolved beyond simple monitoring of certain ports, IP addresses, or packet activity between addresses and enforcing allow/deny decisions about traffic.
This evolution started with stateful inspection, monitoring the data flowing across the firewall and enabling pattern matching and analysis. This in turn evolved into the capability to inspect specific application and user activity in detail. Firewalls that can identify the applications that are in use are often referred to as next-generation firewalls (NGFWs) – but this term can be misleading, as this functionality has been in widespread use for well over a decade.
In any case, a key issue for network firewalls today is the ability to scrutinise the web traffic passing through it and to identify exactly which corporate and web applications are in use and which users are running them. This granular awareness of the type of traffic and who is requesting it is a must within organisations, as it enables them to improve and manage the use of sub-applications (such as social media apps and plug-ins, or communications traffic from applications such as WhatsApp). With these insights, IT teams can then adapt and tailor network application usage according to each user’s requirements and the operational needs of the business.
As well as evolving in terms of the ability to inspect and control traffic, the firewall now offers additional security capabilities that organisations can activate to serve their needs. These functions can include web URL filtering, anti-spam, antivirus, anti-bot, data loss prevention, mobile access control and many others, making the firewall a multi-service security gateway.
The sand trap for threats
And another recent innovation – threat emulation, also known as sandboxing – can also be integrated onto the gateway, to inspect content being sent to the organisation in real time for new, zero-day malware threats. These new exploits can bypass conventional defences – making them particularly dangerous to organisations as, if they reach the corporate network, the malware could be inflicting damage for hours, days or even weeks before being detected.
Threat emulation makes it possible to scrutinise the emails, files and data that enter a network via emails or as web downloads, in real time. Any potentially malicious files can then be isolated and quarantined on the gateway at the network edge, so that infection and damage does not occur in the first place – providing an external layer of protection against attacks, without impacting the flow of business.
Using a modular, software-driven approach, these functions can be added and deployed to enable users to extend security and deal with new issues as they arise.
So while the firewall still guards the perimeter of the network – just as it has always done – it has also evolved to add advanced security capabilities that were scarcely possible, or even imaginable, more than 20 years ago. Despite repeated predictions of its imminent demise, the firewall is now in the prime of its life.