Why firewalls still matter [Q&A]
Firewalls have been used to protect networks and endpoints from the very early days of the web. In recent years many people have been predicting its demise, yet the firewall is still with us.
Why is this and how has the firewall evolved to protect enterprises in the 21st century? We spoke to Ruvi Kitov, founder and CEO of network security specialist Tufin to find out.
BN: Why has the firewall defied expectations to remain a key part of network security?
RK: I understand why some people think this -- the idea that the perimeter is dead has taken root in our industry. Just Google 'firewall is dead' and see how many results it returns. There are so many ways for attackers to get into networks -- weak machines, employees that don't prioritize cybersecurity in their day-to-day actions, vulnerable web servers facing the internet, etc. The points of ingress are almost infinite today.
This has led to increasingly sophisticated attacks that bypass traditional firewalls -- but by no means does that equate to the firewall being irrelevant. You have to consider that now, more than ever, security is a multi-layer strategy. A firewall and antivirus protection may have gotten the job done 10 years ago, but there's no such thing anymore as a one-stop shop for security. However, the fact remains -- your network is dead in the water without a firewall.
BN: Has the market for firewalls peaked?
RK: Growth of the firewall market has slowed down a bit, but it hasn't come close to stopping. I believe that the firewall market is still the biggest segment in network security. Look no further than the balance sheets at growing companies like Palo Alto Networks, Fortinet and Check Point Software to see that it's a market that’s still thriving. With every acquisition these companies make, more and more functions -- intrusion detection, URL filtering, etc -- are getting folded into firewalls, which have become a fundamental cornerstone of any enterprise's network security.
As long as enterprises have concerns about restricting and securing the flow of data from one part of their network to another, the firewall will play an important role.
BN: We hear a lot about 'next-generation' firewalls, but what exactly are they?
RK: If you think of a traditional firewall, it's usually something that networks use to filter Layer 3 traffic -- that's things like source IP address, port number and destination IP address. Next-generation firewall is a phrase used to describe the types of firewalls brought to market by Palo Alto -- and later adopted by Check Point Software and Fortinet -- that go beyond that to include things like applications and user identities. So instead of just allowing enterprises to control traffic from network A to network B on port C -- the role of a traditional firewall -- you can make rules that allow you to, say, allow or block control of various applications that might be running over the same port, such as 80 or 443 (the common web ports), essentially to try and bypass the firewall. The idea of next-gen firewalls is really about enabling greater and more fine-tuned control over traffic and employee access to applications.
BN: How can next-generation firewalls help enterprises improve their security?
RK: I talked a little earlier about the idea of the perimeter being dead, and there’s some truth to that. The reality is that, if you're a large enterprise, you absolutely have to assume that your network has been compromised -- probably in a number of places. Attacks are a heck of a lot more sophisticated than they were just five years ago. Even with the best tools the industry has to offer, it's a given that every large organization has infected machines -- PCs, laptops, unpatched web servers, etc. So maybe firewalls didn’t stop all points of ingress -- nothing could. What next-generation firewalls help you do is segment the network with more fine grained control over traffic flow and access to ensure the machines that are compromised cannot access Active Directory or a database with millions of credit card numbers -- only the right users with the right credentials should be allowed that access.
BN: What role can firewalls play in managing IoT devices and cloud apps?
RK: Firewalls are going to play a significant role wherever you have a network. Any network needs to be segmented in order to control access between points – and the rise of IoT has created no shortage of access points. If you don't want a malicious user to move across your entire network because he was able to take control of an IoT device like a camera -- you'll need firewalls to be a part of your security strategy.
BN: How do you see the future of the firewall in the next decade?
RK: The firewall is here to stay. Sure, its days as the sole defender of the network are long gone, but firewalls will be part of the fabric of on-premise, private and public cloud security. We're moving to an era where everything will be a network access point -- whether it's a fleet of Teslas where each car has an IP address, smart refrigerators or more traditional endpoints like laptops and devices. As long as there is a network to protect, firewalls will play a critical role helping enterprises segment and control traffic and access.