Next Generation Firewalls and Advancing Network Security

Posted March 2, 2021

When you get behind the wheel of your favorite vehicle and power down the freeway at 70 miles per hour, you are probably not thinking about the raging fire and explosions happening just inches in front of you in the engine compartment. The temps of an internal combustion engine can reach thousands of degrees Fahrenheit — hot enough to melt nearly any type of metal if the temps were sustained. Fortunately for us, the extreme temps are transient and automotive engineers have designed a steel barrier to protect us from the dangers lurking just ahead of us. We are shielded from the explosions and high velocity steel by a firewall. The firewall, a steel barrier dividing the engine compartment from the passenger compartment, creates a safe zone where people can feel secure and protected from persistent dangers.

Network Firewalls

Network firewalls are far more complicated than the heavy gauge steel used in automotive firewalls but the concept is the same. In network security, the firewall divides a network safe zone from less controlled networks. Traditionally network firewalls monitored incoming and outgoing network traffic through predefined security rules. These security rules would allow the firewall to inspect packets and connections then either allow, disallow, or redirect the traffic based on the rules. Eventually firewalls were able to extend their monitoring to specific applications. This meant they could understand various protocols and allow/disallow complete applications or even identify when an application was likely being abused.

Next-generation Firewalls

Continued developments in application layer monitoring created a new class of firewalls called next-generation firewalls (NGFWs). NGFWs allowed for deep packet inspection (DPI) of network traffic. Imagine the difference between sorting mail at the post office by address, zip code and envelope size and eventually opening each envelope to read and inspect the contents. Through DPI data processing, the firewall can read the contents of every packet for advanced inspection before determining if it should block, re-route, log, or allow that traffic. Through DPI, firewalls could even learn what normal traffic looked like so they could intelligently spot outliers. These advancements in DPI have allowed NGFWs to include web filtering, user identity management, and intrusion prevention systems (IPS).

Advanced Firewall Security

Gong beyond DPI, NGFWs also allow for TLS/SSL encrypted traffic inspection, bandwidth management, and antivirus inspection. These advancements in firewall security are what have allowed network administrators to fend off the latest threats like web-based malware attacks, application-layer attacks, and even targeted attacks. NGFWs have elevated the level of network administrator awareness around individual applications and overall network usage which allows for very granular security controls and policy enforcement.

Responding to Threats

The latest NGFWs can also create a response mechanism to offending or suspicious traffic. No longer are firewalls simply limited to the common allow, deny or reroute rules — they can now choose to sandbox suspicious traffic for further monitoring in a safe environment. They can also leverage cloud-based threat intelligence services which collect data from around the globe, share data from prior intrusions, and scour the hidden corners of the internet to better identify and respond to the latest threats.

The Human Factor

Even with all the advancements in protection NGFWs provide, they simply aren’t enough on their own. Unlike an automobile’s firewall, where it is installed and left alone to do its job, a network firewall requires skilled security analysts to effectively harness the information provided, manage the device and establish a credible security policy. Don’t fall victim to technology overreliance while ignoring the human component.

Kevin Willette

Kevin Willette is Partner / CEO of Verus Corp. His focus is ensuring complete customer satisfaction and providing as much or as little support as is needed for the individual client. Kevin knows that plenty of places do IT services, but what sets Verus Corp apart is the local feeling and the commitment to doing things right the first time. He has always wanted to be a business owner because it affords him the opportunity to offer a service that was better than anything clients had seen before. His true goal is to help customers make their businesses better by removing potential IT barriers. Kevin served as chair for Habitat for Humanity during his time at Minnesota State University, Mankato. He has also served on the WatchGuard Advisory Council since 2016. Kevin’s work with Verus Corp has helped them achieve awards as the WatchGuard Partner of the Year and Cisco Select Partner. Kevin graduated from Minnesota State in 2000 with a major in Business Marketing and minors in Business Administration and Music.