Protecting the Business With Next-Gen FirewallsBy Samuel Greengard | Posted 2014-09-01 Email Print
Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
A quarter century after the firewall was invented, companies are turning to sophisticated next-generation technology to address growing cyber-security risks.
When the firewall was introduced as a security tool in 1989, it offered a new way to protect both enterprise and consumer networks from evolving threats. Over the following years, as the Internet went global and sophisticated malware and denial-of-service attacks emerged, organizations turned to this technology to batten down the digital hatches. Today, countless firewalls are in use around the world.
The technology, which inspects and filters data packets before they enter an enterprise, is continuing to advance in response to an increasingly sophisticated information technology environment. A Forrester Research report released in March 2014 noted that 43 percent of enterprises surveyed indicated plans to expand or deploy the use of next-generation firewalls (NGFWs).
The appeal to IT and business managers? Advanced threat detection, sandboxing features, dynamic packet filtering, improved authentication, greater customization, better flexibility and increasingly sophisticated anti-evasion techniques.
One company that has turned to an NGFW is Miami International Holdings. Launched in December 2012, it operates the MIAX Options Exchange, a trading platform for equity options.
"Three years ago, as we were starting up operations, we had to build an IT environment from scratch," says Chief Security Officer John Masserini. "We wanted to take a best-of-breed approach to security and firewalls." A key issue, he recalls, was the ability to expand firewall capabilities without having to swap hardware as the company grew.
With the approach taken by Miami International Holdings, "There isn't a need to change other hardware components or operating systems," he points out. "The design is modular so it's possible to plug and unplug modules on the fly."
Among other things, Masserini says, this approach makes it possible to handle Web proxy filtering, whitelisting and blacklisting chores more seamlessly. "We have a high level of flexibility," he adds.
The benefits of more power and context-sensitive firewalls haven't gone unnoticed for Masserini and other business, IT and security executives. "The firewall truly has emerged, or evolved, to become a far more business-centric and functional device," Masserini explains. "It is no longer about blocking network traffic. Now it's about deep-packet inspection, proxy features and all the other onboard things that come with a firewall."
Yet, even with the growing use of NGFW's, challenges remain. Masserini says that while the technology fills many gaps, there's still an 18-to-24-month lag in security products staying current with advances in network and infrastructure. In addition, some security professionals, including Masserini, question whether it's wise to consolidate a vast array of features in a single device or software product.
"The risk is that if [someone] gets through the box, [they] essentially have free rein," he notes. Finally, Masserini and others struggle with trade-offs between a best-of-breed approach and using a single product.
Of course, the cyber-security cat-and-mouse game will continue. But, for now, firewalls continue to evolve, and NGFW technology is clearly making an impact. According to Forrester, 63 percent of survey respondents indicate that security effectiveness is the number-one reason for adopting next-generation firewalls.
"The technology is definitely a significant step forward," Masserini concludes.