We more or less abandoned pagers more than 15 years ago. Fax machines have gone from ubiquity to near obsolescence. And floppy disks? Many of the most recent generation of tech users have never even held—let alone inserted—one.
And yet, when it comes to cybersecurity, we still see all too many organizations relying on the same firewall technology they implemented in the 1990s. And while these legacy technologies may still remain functional on the most basic level, they have limitations and weaknesses that restrict their effectiveness—especially in a technology landscape that grows more threatening by the day.
Port and protocol firewalls, for example, can only detect known malware and fail to protect against zero-day vulnerabilities. In addition, many traditional firewalls have reached their end-of-life and are no longer supported by manufacturers.
It makes sense, then, that companies hoping to move past decades-old technology and better protect their IT environments are migrating to next-generation firewalls (NGFWs). NGFWs move beyond port and protocol inspection, adding application-level inspection and intrusion prevention. While traditional firewalls have limited visibility, NGFWs can look at the entire system and all traffic moving through it. Further still, the can analyze applications, detect anomalous behavior and make intelligent decisions based on that traffic.
A common misconception, however, is a next-generation firewall will protect an organization’s network out-of-the-box. In truth, simply implementing this technology is not enough to protect your data. Here are three ways to maximize the potential of your NGFW and stop threats in their tracks.
1. Don’t just move your legacy system rules
The biggest mistake IT security pros make with NGFWs is applying the same rules of legacy firewalls to this new technology. This is akin to buying a top-of-the-line 4K ultra HD television and then connecting it to an old-school antenna. Sure, you’ll get a great picture, sometimes. But you get none of the benefits of a $3,000 television—and when the weather’s bad, you may get nothing at all.
Taking advantage of your new NGFW’s capabilities requires making adjustments to your traditional port and protocol rule set. For example, you can add application rule sets that specify how your users can use certain applications—like allowing access to Facebook, for instance, but not Facebook chat.
You can also configure your NGFW to send samples of zero-day exploits to another system for analysis and sandboxing. It will run the file, provide a report, create a signature for the exploit and prevent it from entering your network in the future. NGFWs can complete this process within five to 15 minutes of an exploit finding its way onto your network.
Some NGFW vendors also compile exploit-related data from all of their customers. This data can then be used to inform future upgrades and advancements to the technology, allowing them to automatically prevent that same exploit from penetrating the networks of other organizations—including your own. Moreover, the larger your vendor’s customer base, the more data they can pull from to protect you from exploits.
2. Take advantage of your NGFW’s powerful capabilities
NGFWs offer a number of advanced security tools that provide a higher level of protection against attackers. Make sure you’re taking advantage of these key features:
- The ability to secure applications and force them to use correct ports. For example, Skype will search for an open port until it finds one and can send traffic out. Your NGFW can ensure that applications use only their known ports.
- Sandboxing to isolate your systems and programs from untrusted code. If a piece of malware enters your network, your NGFW’s sandboxing abilities will prevent it from infiltrating and harming your mission-critical systems and applications.
- URL-filtering to block website categories, such as gambling sites and other inappropriate or threatening sites. If an employee tries to access a site in a restricted category, your NGFW will add the site to its blocked list.
- Domain name service (DNS) filtering to prevent users from accessing specific IP addresses. This prevents malware from using DNS to communicate with host servers to gain access to your data.
3. Protect yourself before, during and after an attack
Traditional firewalls offer little protection during and after a breach. With a NGFW, however, you can protect your environment across all phases of an attack.
Before an attack, your NGFW will fortify your security using many of the features mentioned above. During an attack, your NGFW will identify what’s happening. Next, it will tell you which machines are affected and the websites with which they’re communicating. Within minutes, your NGFW can also tell you the scope of the breach.
After an attack, your NGFW offers remediation. It will identify patient zero and other affected systems. An NGFW also allows you to set additional rules or signatures to prevent others from using those communication channels.
A firewall is just one measure of protection in a comprehensive cybersecurity program. Even when you take proactive steps to protect your company with a NGFW, you still won’t catch every email that enters your network. Your NGFW should work in tandem with other solutions, such as email security and SSL decryption tools. A layered defense plan gives you the highest level of security.
Do you want to better protect your network against attacks?
Sign up here for a free two-week threat scan trial of Cisco Firepower NGFW.
How can we help your agency achieve its mission?
Maximize your IT investments. Learn more about solutions and services from Force 3.