The recent remote work explosion driven by the COVID pandemic has forced many organizations to reconsider how they provide network security. The incredible proliferation of potential attack vectors and constantly changing types of attacks present in such a heavily distributed computing environment mean that keeping firewalls up to date has become a burden on security teams that's heavier than ever.
Firewall configurations are a touchy subject. Every network security professional has their preferred hardware and software, and we can all share horror stories about challenges we've experienced in their absence.
In this article, I'll examine the pros and cons of managed firewalls (MFWs) to help make the decision a little easier for your team.
What Are Managed Firewall Services?
MFW services typically provide on-demand, administration, monitoring, maintenance, and management of your firewall. These services are available for both cloud-based and on-premises firewalls.
The typical MFW service provider will offer services such as:
- Firewall system health monitoring and alerting
- Service and incident management
- Software lifecycle management (updates, patches, etc.)
- Security policy implementation, reporting, analysis and remediation
- System vulnerability checks and security reviews
- Network traffic monitoring
"Think of a managed firewall service as bringing in an expert, rather than outsourcing. You're partnering with someone with decades of experience and advanced training on your infrastructure in order to secure every last packet. Network security is hard, and a lot of times the easiest way to achieve your requirements is through a specialist." —Eddie Doyle, Cybersecurity Evangelist, Check Point
What Are the Pros and Cons of Managed Firewall Services?
MFW services offer the following potential benefits:
- Greater expertise: Providers will generally have experts in your preferred hardware and software already on staff, speeding implementation.
- Reduced staff burden: Outsourced providers maintain their own certifications and trainings, and they take over all equipment and software updates. This allows your team to focus on more strategic areas that can add greater value to the organization.
- Faster incident response: Service-level agreements (SLAs) can ensure immediate incident response without adding additional organizational head count or off-hour team load.
- Proactive security: MSPs typically devote significant attention to threat intelligence monitoring in order to adjust your protection as events and updates warrant. Doing so takes the burden off of your internal team.
- Reduced update burden: Hardware, software, and firmware updates are time-consuming chores. MSPs will keep your equipment up to date and save your team time.
- Improved manufacturer support: MFW providers often have direct manufacturer connections due to the volume of devices they operate. For an organization that may not have a large volume of equipment, an MSP may be able to improve issue resolution.
- Easier scale: Growing organizations may be able to scale their protection more quickly and more cost-effectively using an MFW provider by eliminating hiring and equipment purchase processes.
- Improved backup and recovery: An MFW provider will often have access to significant backup and recovery resources (including on-call staff) that can result in faster restore times than internal resources.
- Compliance expertise: Industries with complex regulatory and/or data-handling requirements such as healthcare or payment processing can often use an MFW provider with regulated industry experience.
MFW services may not be good solutions for organizations that have concerns in the following areas:
- Small size: Organizations with smaller budgets, lower traffic volumes, or more streamlined networks may find managing their firewalls internally is more cost effective.
- Strict data access requirements: Organizations with strict compliance and data security may find that the liability of individuals from outside the organization potentially accessing sensitive data is too great. Public companies, for example, may find that providers accessing logs represent a privileged disclosure.
- Security context: If your organization runs particularly complex operations, or is subject to novel attacks, an outsourced provider may not have enough context regarding your internal infrastructure to understand the severity level of alerts they are seeing.
- Knowledge loss: Network security is an important IT function. If you fully outsource your firewall with the intent of reducing staff, your organization may lose significant internal capabilities knowledge.
The Co-Managed Firewall Option
To minimize some of the cons and other objections, it's also possible to subscribe to a co-management model. Many providers offer shared responsibility programs that allow the organization to maintain full access and perform their own administrative tasks as desired or required. While this can increase complexity, it can also offer increased flexibility.
I hope the above has helped you determine whether a managed firewall service is right for your organization. If you're struggling with your network security, or want to know if it's time to make a change, visit Atlantic Data Security.
About the Author
Eric Anderson is a cybersecurity architect, instructor, and evangelist at Atlantic Data Security. He's been working in technology and network security since 1985, loves sharing his experiences and insights, and frequently speaks on security issues.