Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
By Russ Schafer, Head of Product Marketing, Security Platforms, Check Point
By Russ Schafer, Head of Product Marketing, Security Platforms, Check Point
Sponsored Article

7 Critical Firewall Capabilities to Prevent Cyberattacks

Why an intelligent, state-of-the-art firewall is critical to the security and success of your business.

Firewall technology used to be simple and straightforward. You programmed it with predefined security policies set by your organization.  A firewall would then filter incoming and outgoing traffic, letting safe traffic into your network, while keeping dangerous traffic out. But in the four decades since the firewall’s inception, both security technology and cybercriminal methods have evolved.

With the adoption of cloud computing, SaaS applications, mobile and IoT devices, enterprise IT will continue to become more connected and more vulnerable to cyberattacks in 2020. Connecting IoT devices to your network provides even more entry points for hackers to attack you. These security issues will impact almost every company as 67% of companies have already experienced an IoT security incident. Is your company next?

Compliance, privacy, and data security have expanded beyond the CISO and CIO, to become important to the CEO and company board. Given the growing cyberattack risk to all enterprises, it is important to protect your network with an intelligent and innovative Next Generation Firewall (NGFW) that includes the following seven critical capabilities.

Capability 1: Management
The search for a next generation firewall (NGFW) begins with a unified security management platform. A NGFW needs superior security management and efficient features to meet the needs of the modern, distributed enterprise including cloud, datacenter, mobile, PCs, and IoT.
Security management is more than just security policy and network and device configuration. You must also consider ease of use, increased operational efficiency, and a unified platform. Other key features include  the ability to scale security to match the growth of the IT network, automate workflows, and maintain consistent policy implementation across your security infrastructure. 

Capability 2: Threat Prevention
Core threat prevention techniques including anti-phishing, anti-virus, and anti-bot go beyond traditional firewall security functions that simply integrate with IPS to consolidate hardware. Cloud-based analytics and threat intelligence provide further threat prevention benefits, including automatic malware indicator updates.

Capability 3: Application Inspection and Control
As enterprises grow and scale, it’s essential to select a firewall that has application support broad enough to identify new, sophisticated applications. Firewalls have evolved over time to become broad, deep, intelligent, and dynamic.

Capability 4: Dynamic, Identity-Based Inspection and Control
Traditional firewall rules based on simple IP addresses are changing due to the shift to dynamic addressing, cloud architectures, and group-based policies. Enterprises need a firewall that can support policies based on third-party user stores, public and private cloud objects, external service feeds such as Office 365, AWS geolocation, and new device classes like IoT. It is also important to use threat intelligence and automation to enable dynamic policy creation and enforcement. Intelligent automation will reduce security risks and costs by decreasing manual configuration changes and the inherent human error that occurs.  

Capability 5: Hybrid Cloud Support
In order to meet the needs of cloud-first enterprises, your next firewall should embrace the automation and orchestration of the cloud by providing scalable performance based on dynamic workloads, along with consumption models for cost-effective deployment. 

Capability 6: Scalable Performance with Advanced Security Functions
Your next generation firewall  will need capabilities that can ensure scalable performance as your requirements increase. It’s important that your firewall doesn’t have hardware limitations that could prevent your organization from deploying the latest threat prevention technologies and algorithms. Such limitations could impact performance capabilities in the cloud as compared to traditional hardware deployments. Hyperscale network security technologies enable cloud-level security on premise, and scaling performance as throughput and security requirements change.

Capability 7: Encrypted Traffic Inspection
A recent Google study showed that over 90% of the web traffic generated by end-user Chrome browser activity was encrypted. As encrypted traffic increases and cyber threats become more advanced and destructive, your firewall needs to be able to inspect this traffic in order to apply control policy and activate threat prevention. 

A Holistic Approach
Many organizations have to support complex security architectures with multiple security solutions. This approach can lead to complex integrations, misconfigurations, and inefficient operations. When selecting your next generation or enterprise firewall, it’s important to think holistically about your security architecture and security operations. As you can see, Next Generation Firewalls are much more than enforcement points for network traffic policies. These firewalls are actually intelligent security gateways that include application intelligence and multi-dimensional threat prevention.

About The Author: 
Russ Schafer, Head of Product Marketing, Security Platforms, Check Point
Russ Schafer is head of product marketing for security platforms and analyst relations at Check Point. Security products include next generation firewalls, cloud network security services, IoT, Zero Trust, security gateways, security management, and Infinity. Russ previously held senior leadership roles at IBM, Intel, Yahoo, AOL, Sybase, and THX.



Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-24
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
PUBLISHED: 2021-06-24
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
PUBLISHED: 2021-06-24
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.
PUBLISHED: 2021-06-24
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.
PUBLISHED: 2021-06-24
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.