Is it time to rethink legacy firewalls? [Q&A]
A new report from Guardicore and the Ponemon Institute reveals that more than 60 percent of organizations believe that legacy firewalls are ineffective in preventing damaging cyberattacks against applications, data centers, and data in the cloud.
We spoke to Dave Burton, VP marketing at Guardicore to find out more.
BN: The report refers to 'legacy firewalls' and their limitations in securing modern enterprise environments -- what constitutes a legacy firewall?
DB: For this report, Ponemon defined legacy firewalls as both stateful and next-generation firewall (NGFW) appliances, which includes virtual firewall appliances.
Stateful firewalls provide inspection of incoming and outgoing network traffic, while next-generation firewalls often tout features such as threat intelligence, intrusion prevention (IPS), as well as application access and control.
But, the reality that modern organizations are facing as they adopt cloud environments and move beyond the traditional perimeter is that what was 'next-generation' has quickly become 'last-generation.' Stateful and 'next-gen' firewalls simply do not provide the speed and flexibility that the agile organization requires.
BN: What are the main drawbacks organizations face with the use of legacy firewalls?
DB: Digital transformation is pushing the boundaries of traditional network security tools -- as organizations increasingly adopt cloud, IoT and DevOps, the approach has been to retrofit existing security tools like firewalls to secure modern environments. What these organizations are now realizing is that firewalls kill speed and flexibility in providing access to these environments. They're proving too costly and are not providing the required needs around security.
The report shows that more than 60 percent of organizations believe that legacy firewalls are ineffective in preventing damaging cyberattacks against applications, data centers, and data in the cloud.
Furthermore, 57 percent of respondents stated that it can take three weeks or more to change firewall rules to accommodate an updated or new app. This is unacceptably slow -- especially as organizations have moved to predominantly distributed work environments with the pandemic forcing office closures.
Organizations need to quickly and securely authenticate employees to resources -- but 62 percent believe that access control policies are not granular enough and that it takes far too long to implement segmentation policies. Protecting assets in the cloud and across distributed workforces requires speed and agility, which legacy firewalls simply can’t address.
Matching the level of concern surrounding security, 60 percent of organizations would consider reducing their firewall footprint because of high labor and other associated costs. It's not simply the cost of the appliance, it's the upkeep that regularly eats into security operations resources.
BN: What current attack vectors are legacy firewalls most susceptible to?
DB: While cloud migration is helping many organizations achieve greater business agility and reduce infrastructure costs, it's also creating a larger and more complex security attack surface. Attackers have taken notice and are evolving tactics to focus efforts on moving laterally between East-West traffic workloads.
Organizations relying on legacy firewalls suffer from 'flat networks' that don't restrict access between critical applications and allow these types of East-West attacks. To put this in context, it's like allowing someone with keys to the front door of the bank to also have access to the vault regardless of their identity, role or permission. In these environments we see data breaches occurring easily with a wide-ranging effect since there are no controls to limit the blast radius of these attacks or restrict access within the network.
The inability to ensure proper controls over lateral movement is a major reason why we’re seeing companies reduce their firewall use. Less than half of all organizations trust their legacy firewalls to provide even adequate security for East-West traffic.
BN: Which modern security strategies do legacy firewalls inhibit?
DB: Continued adoption of cloud and IoT technologies are driving organizations to gravitate toward the concept of Zero Trust. Initially introduced by Forrester in 2010, Zero Trust assumes that every user, device, system or connection is already compromised (by default) whether they are inside or outside of the network.
The strategy is designed to overcome the limitations of previously mentioned 'flat networks' in combating East-West attacks. Almost half (49 percent) of organizations have implemented a Zero Trust model but only 37 percent rate their organization's legacy firewalls as very or highly effective in enabling Zero Trust across the enterprise.
The reason being is legacy firewall solutions enforce controls at the network level, opposed to the endpoint or workload, and don’t provide the visibility or security to enforce the principle of least privilege.
BN: What alternative solutions are enterprises adopting?
DB: The report and our experiences in the field indicate that companies are increasingly moving toward more modern security solutions, like micro-segmentation, to overcome legacy firewall limitations.
Micro-segmentation is the technique of inserting security services between two workloads to isolate them from one another and secure them individually. This allows system administrators to deploy flexible security policies that restrict traffic between workloads based on the principle of least privilege, and is the core function of our Guardicore Centra platform.
54 percent of organizations have adopted micro-segmentation, with 66 percent identifying micro-segmentation as essential to their organization's security posture.
The top two factors for organizations embracing more modern solutions such as micro-segmentation are they are undergoing digital transformation or their organization recently experienced a serious data breach or security exploit.