How firewalls have improved and become part of zero trust cyber defense
The zero-trust model is an enigmatic animal. Sometimes you think you already know and understand it, but you may end up realizing there’s still a lot to learn. This quandary can be exemplified by the use of firewalls to protect an organization’s networks and IT resources.
Traditional firewall software has already ceased to be useful in putting up meaningful security for organizations. The same goes for legacy firewall appliances. However, firewalls have evolved to provide more features and functions that address present-day threats. As network security specialist Ruvi Kitov suggests, "firewalls are not going anywhere." They just evolve and add new features to address new needs.
In the field of zero trust cybersecurity, which is being described as the next step in cybersecurity, firewalls still prove relevant. As networks and systems become more complex and therefore more prone to vulnerabilities, firewalls can help establish trustless security.
NGFWs and the zero trust model
Next-generation firewalls (NGFWs) definitely live up to their name. They represent a different and more advanced level of firewall protection. The top next generation firewalls come with functions that make them capable of dealing with the different kinds of threats at present.
They feature real-time prevention systems to prevent the very instance of a "patient zero" from causing a domino effect of cyber damage. They do not only block unwanted and malicious software. They can also stop anomalous traffic based on real-time threat intelligence and an analysis of the online activity a system is dealing with.
NGFWs also come with advanced threat identification and identity management, which make it possible to effectively differentiate legitimate users, apps, and devices from malicious or compromised ones. Usually empowered by shared threat intelligence, this robust identification system allows organizations to have broader security visibility even in highly complex environments involving a distributed workforce or multi-region operations.
Another crucial feature next-gen firewalls provide is the ability to conduct inspections in the SSL/TLS protocol. As reported in the earlier part of the year, almost half of the malicious software observed by cybersecurity professionals was hidden in TLS-encrypted communications. If firewalls were to exclude TLS-encrypted communications from scrutiny, many organizations would have already been overwhelmed by various kinds of malware.
Additionally, next-gen firewalls are not limited by signature-based defenses. They employ different techniques to identify anomalous activities and software. These techniques include sandboxing, file sanitization through content disarm and reconstruction, AI and machine learning, as well as comprehensive threat intelligence.
Moreover, many advanced firewalls also come with a unified management configuration function to be compatible with the common security arrangement of most organizations, which is largely characterized by the use of different standalone point security solutions developed and maintained by different vendors.
Lastly, next-generation firewalls deliver the best outcomes when they are designed with a zero-trust approach. This means veering away from whitelists or other systems that presume regularity or a sense of safety based on certain factors. The best NGFWs are designed to block access or grant permissions on a case-by-case basis. All traffic and activities are evaluated independently and not subjected to mass actions based on certain criteria or safe/harmful source lists.
Also, the granting of permissions is anchored on the principle of least privilege. This means that access is provided at a bare minimum, at a level that is deemed to be only what a certain activity requires -- nothing more, nothing less. This ensures that bad actors do not get any opportunity to find and exploit vulnerabilities in a system.
Making NGFWs a part of a trustless system
Interestingly, there are some pundits who suggest that firewalls and the zero trust model are unlikely to coexist or be compatible with each other. In his article about future-proofing with zero trust security, for example, Forbes Technology Council member Daniel Schiappa expressed his concurrence with the "no corporate firewall, no network" approach in building a zero-trust system. "Zero trust can give businesses the flexibility to manage access to their corporate networks without having to go through firewalls or VPN connections," Schiappa argues.
Data Center Knowledge also made a similar assertion of "how the cloud killed the firewall" in a piece published back in 2017. "Cloud and hybrid environments, mobile access, and online applications have made it all but obsolete, experts say, and data center operators should be looking at replacing their firewalls with more granular security technologies," the article stated.
Nevertheless, there are many who believe that NGFWs and the zero trust model can actually work together. This is possible by making firewalls not act like firewalls. Instead of focusing on making them do what they conventionally do, organizations can use them to serve as gateways for segmentation.
One of the hallmarks of zero trust is the ability to divide systems into different segments or processes. These segments make it difficult for attacks to succeed easily. They minimize the damage of initial attacks. The presence of segments also makes it easier to detect an intrusion before it aggravates into a worse problem.
As Security Intelligence infosec journalist David Bisson puts it, "segmentation gateways uphold a core tenet of the zero trust model: micro-segmentation." It is through micro-segmentation that organizations institute security policies that establish secure zones that are not dependent on IP addresses but based on the data and applications required to undertake certain tasks.
Doing all of these results in the advantage of reducing the attack surface for cybercriminals. It significantly curtails the possibility of the lateral movement of cyberattacks. Organizations can then establish firewall rules that regulate traffic between the different microsegments in accordance with user needs and business needs.
So what’s the point of firewalls gaining new features and functions when their relevance in a zero trust environment is grounded on not serving as firewalls? This is the beauty of the complex and sophisticated nature of the zero trust model and the evolution of firewalls. Firewalls can serve an important role in setting up trustlessness by enabling segmentation without necessarily invalidating the benefits of their new features.
As pointed out in a National Institute of Science and Technology (NIST) research paper on developing a framework to improve critical infrastructure cybersecurity, an integrated segmentation gateway can serve as the nucleus of a network as it takes all of the features and functionality of individual standalone security products such as firewalls, network access controls (NAC), VPNs, and IPS.
The NGFWs operating as segmentation gateways sit at the center of the network instead of being located around the perimeter. This kind of arrangement makes the firewalls more immersed in data and traffic access regulation instead of serving as a mere access regulator doing its job from outside the network. It can generate more insights that are useful in more effectively handling new kinds of threats.
Again, all of these are possible without forfeiting the other benefits of advanced firewalls such as real-time monitoring, enhanced threat identification, and threat identity management, SSL/TLS inspection, unified management configuration, and non-signature-based protection. Firewalls have evolved and they can become a crucial part of a zero-trust cyber defense.
Image credit: Pixabay
Peter Davidson works as a senior business associate helping brands and start ups to make efficient business decisions and plan proper business strategies. He is a big gadget freak who loves to share his views on latest technologies and applications.