Firewall, Protected?

We have a firewall, we're protected, right?


Network security breaches are grabbing headlines routinely. In my dialogs with executives on the subject, they are predictably on high alert, increasingly worried about the financial impact of an attack and worried about incident exposure in the media while struggling to find skilled security personnel.

 I hear this question often, "we have a firewall and we bought market leading technology; we're protected, right?"

 I think the answer lies within the question itself.

 Anything connected to the internet is subject to constant threat of attack. Simply placing firewalls in a perimeter security model is required but this model isn't keeping with the times relative to current and evolving threats and to application and use patterns.

 In a local news article published recently, an official asked to see more investigation of how organizations are preventing or mitigating the impact of ransomware attacks as opposed to paying a ransom fee which doesn't address the inherent vulnerability.


In the interest of brevity given this medium, here are a couple suggestions for starting points to respond to this question:

 1) End-Point Protection - invest in next generation threat prevention software at the end-point. The ratio of dollars invested to prevention gained is excellent. If end points are not secured, it's safe to say neither is your network. The new technology has long since surpassed the old AV signature model. Invest in new software that can thwart both known and unknown malicious attacks. Taking this step is a big improvement for increasing depth of defense. Third party firms have reviewed and published test results repeatedly and they recommend the best market offerings based on their findings.

 2) Data Center Firewalls -  control points within the data center is arguably where organizations need security the most. Move beyond the perimeter model, identify the entire portfolio or subset of applications critical to your organization and secure them with next generation, application aware firewalls. It's important to note performance engineering of data center firewalls has complexity beyond speeds and feeds used in the old model of perimeter firewall sizing. Without an inventory of applications and measures of their behavior at the application layer it is impossible to determine how data center firewalls will behave in a specific environment.


" I have a firewall, I am protected, right?"


I say, no.