What Firewalls Can — and Can't — Accomplish

Understanding the limitations of firewalls is important to protecting the organization from evolving threats.

Pat McGarry, Chief Technology Officer, ThreatBlockr

July 22, 2022

3 Min Read
Digital chain with 1s and 0s
Source: Panther Media GmbH via Alamy Stock Photo

Firewalls were born in the 1990s, alongside Windows 95 and Internet Explorer. They've been a staple of network security since, which prompts the question: Are firewalls still relevant? The determining factor is whether firewalls have grown with the changes we've seen in technology or if they've just stayed in line with the technology of the 1990s and early 2000s.

How Firewalls Work & How They Don't

Firewalls work primarily on the principle of deep packet inspection. Data packets are the units of information that constitute any type of Internet traffic, including Web traffic. They protect networks by checking the payload of every data packet trying to enter or leave a network and blocking any packets that contain malicious content. Content typically is defined as malicious through a series of rather complex policies and rules.

Today, data is almost always encrypted. Encryption ensures that good incoming and outgoing traffic is protected from prying eyes, but, unfortunately, it also hides bad incoming and outgoing traffic. Some firewalls can de-encrypt data packets, check their payload, and then re-encrypt them, but this process is computationally intensive and can bog down the network significantly. Also, this process is not always an available option given how many modern security protocols block the types of man-in-the-middle operations required for full-blown SSL inspection.

Leveraging IP Addresses

Indeed, deep packet inspection is becoming an antiquated security practice, but there are other ways to identify whether specific activity is malicious.

For example, some organizations blacklist malicious Web domains, then automatically block traffic from those sites, while others use tactics such as SIEM log analysis. However, these types of monitoring and alert systems are reactive: They tell you that you've been attacked, but don't block the malicious traffic that can cause an attack.

I staunchly believe in multifaceted security, with a simple set of three starting points:

  1. Don't reuse passwords.

  2. Regularly update your software.

  3. Use the truest lowest-common-denominator of Internet traffic — the IP address itself — to your advantage, as a key foundational tenet of your cyber security stack.

It's the third leg of that stool that can help ensure that your organization achieves a proactive posture when it comes to malicious traffic.

Since all traffic is identified by a unique IP address, focusing on IP is a simple way to identify and block any packets coming from or going to known malicious sources — without ever needing to check their contents. It doesn't matter if the data being transferred is encrypted or not.

Surprisingly to some, firewalls can't and don't perform this function very well because you need a very different hardware and software architecture to achieve deep packet inspection versus achieving IP filtering at scale.


While firewalls are a very important tool in organizations' security arsenals, it's important to align security solutions with security threats. As cyberattacks evolve, organizations should consider the kinds of tools that will be needed to complement and shore up firewall protection.

About the Author(s)

Pat McGarry

Chief Technology Officer, ThreatBlockr

Pat McGarry has more than 25 years of hands-on experience in all aspects of hardware and software development, to include iterative requirements analysis, architecture, engineering, test, managerial, and leadership roles. His skills have been brought to bear across a wide variety of technology-related disciplines including embedded systems design, network systems analysis and design, advanced network testing, cybersecurity, deployable machine learning and artificial intelligence, internet of things, big data, advanced data analytics, and high-performance heterogeneous computing. He has been granted three US patents and has spoken at a variety of user and industry conferences. He received bachelor’s degrees in Computer Science (BSCS, '93) and Electrical Engineering (BSEE, ’94) along with a minor in Mathematics, all from Virginia Tech.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights