Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
By Russ Schafer, Head of Product Marketing, Security Platforms, Check Point
By Russ Schafer, Head of Product Marketing, Security Platforms, Check Point
Sponsored Article

7 Critical Firewall Capabilities to Prevent Cyberattacks

Why an intelligent, state-of-the-art firewall is critical to the security and success of your business.

Firewall technology used to be simple and straightforward. You programmed it with predefined security policies set by your organization.  A firewall would then filter incoming and outgoing traffic, letting safe traffic into your network, while keeping dangerous traffic out. But in the four decades since the firewall’s inception, both security technology and cybercriminal methods have evolved.

With the adoption of cloud computing, SaaS applications, mobile and IoT devices, enterprise IT will continue to become more connected and more vulnerable to cyberattacks in 2020. Connecting IoT devices to your network provides even more entry points for hackers to attack you. These security issues will impact almost every company as 67% of companies have already experienced an IoT security incident. Is your company next?

Compliance, privacy, and data security have expanded beyond the CISO and CIO, to become important to the CEO and company board. Given the growing cyberattack risk to all enterprises, it is important to protect your network with an intelligent and innovative Next Generation Firewall (NGFW) that includes the following seven critical capabilities.

Capability 1: Management
The search for a next generation firewall (NGFW) begins with a unified security management platform. A NGFW needs superior security management and efficient features to meet the needs of the modern, distributed enterprise including cloud, datacenter, mobile, PCs, and IoT.
Security management is more than just security policy and network and device configuration. You must also consider ease of use, increased operational efficiency, and a unified platform. Other key features include  the ability to scale security to match the growth of the IT network, automate workflows, and maintain consistent policy implementation across your security infrastructure. 

Capability 2: Threat Prevention
Core threat prevention techniques including anti-phishing, anti-virus, and anti-bot go beyond traditional firewall security functions that simply integrate with IPS to consolidate hardware. Cloud-based analytics and threat intelligence provide further threat prevention benefits, including automatic malware indicator updates.

Capability 3: Application Inspection and Control
As enterprises grow and scale, it’s essential to select a firewall that has application support broad enough to identify new, sophisticated applications. Firewalls have evolved over time to become broad, deep, intelligent, and dynamic.

Capability 4: Dynamic, Identity-Based Inspection and Control
Traditional firewall rules based on simple IP addresses are changing due to the shift to dynamic addressing, cloud architectures, and group-based policies. Enterprises need a firewall that can support policies based on third-party user stores, public and private cloud objects, external service feeds such as Office 365, AWS geolocation, and new device classes like IoT. It is also important to use threat intelligence and automation to enable dynamic policy creation and enforcement. Intelligent automation will reduce security risks and costs by decreasing manual configuration changes and the inherent human error that occurs.  

Capability 5: Hybrid Cloud Support
In order to meet the needs of cloud-first enterprises, your next firewall should embrace the automation and orchestration of the cloud by providing scalable performance based on dynamic workloads, along with consumption models for cost-effective deployment. 

Capability 6: Scalable Performance with Advanced Security Functions
Your next generation firewall  will need capabilities that can ensure scalable performance as your requirements increase. It’s important that your firewall doesn’t have hardware limitations that could prevent your organization from deploying the latest threat prevention technologies and algorithms. Such limitations could impact performance capabilities in the cloud as compared to traditional hardware deployments. Hyperscale network security technologies enable cloud-level security on premise, and scaling performance as throughput and security requirements change.

Capability 7: Encrypted Traffic Inspection
A recent Google study showed that over 90% of the web traffic generated by end-user Chrome browser activity was encrypted. As encrypted traffic increases and cyber threats become more advanced and destructive, your firewall needs to be able to inspect this traffic in order to apply control policy and activate threat prevention. 

A Holistic Approach
Many organizations have to support complex security architectures with multiple security solutions. This approach can lead to complex integrations, misconfigurations, and inefficient operations. When selecting your next generation or enterprise firewall, it’s important to think holistically about your security architecture and security operations. As you can see, Next Generation Firewalls are much more than enforcement points for network traffic policies. These firewalls are actually intelligent security gateways that include application intelligence and multi-dimensional threat prevention.

About The Author: 
Russ Schafer, Head of Product Marketing, Security Platforms, Check Point
Russ Schafer is head of product marketing for security platforms and analyst relations at Check Point. Security products include next generation firewalls, cloud network security services, IoT, Zero Trust, security gateways, security management, and Infinity. Russ previously held senior leadership roles at IBM, Intel, Yahoo, AOL, Sybase, and THX.



Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...
PUBLISHED: 2020-06-01
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
PUBLISHED: 2020-06-01
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
PUBLISHED: 2020-06-01
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
PUBLISHED: 2020-06-01
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.