The term firewall is over 3,000 years old. Originally used to describe a wall that could block fire from spreading between storehouses, in today’s computing environments firewalls are used to block specific data from moving from one part of a network to another.
Traditional port-based firewalls are no longer provide a sufficient level of protection. New applications, more sophisticated threats, risky user behaviors, and shifts in network infrastructure have dramatically reduced the level of security that traditional firewalls once offered. Users are now accessing various applications using a wide range of devices, requiring organizations to take a new approach regarding enabling access while keeping their networks secure. As a result, firewalls have evolved to the next generation to provide protection that matches today’s work environment.
A traditional firewall is a network security device that controls the flow of traffic that is allowed to enter or exit a point within a network. Depending on the protocol being run, this is usually done by either using a “stateless” or a “stateful” method. With the stateless method, the firewall checks over each packet of data individually without discerning the traffic flow. In contrast, stateful traffic monitoring applies intelligence to monitor traffic flow by tracking the complete cycle of the flow.
Although a stateful firewall is typically more effective than a stateless one, even a stateful inspection does not provide all the protection necessary to deal with the rapidly increasing number and kinds of cyber threats that exist today.
Next Generation Firewalls
Firewalls are a standard security measure for most law firms, but the constantly evolving threats present in today’s digital landscape continually demand the use of a next generation firewall (NGFW). NGFWs are deep-packet inspection firewalls that function beyond the traditional port/protocol inspection and blocking. They add application-level inspection, intrusion prevention, and bring intelligence from outside the firewall.
As the name implies, next generation firewalls are a more advanced version of the traditional firewall. NGFWs offer the same benefits as regular firewalls, including static and dynamic packet filtering, VPN support to confirm that all connections among the network, internet, and the firewall are valid and secure, and the ability to translate network and port addresses to map IPs. However, NGFWs move beyond the port/protocol inspection and blocking provided by traditional firewalls and have many more features to deal with new and emerging threats, including:
- Application-level inspection. The main difference between a traditional firewall and an NGFW is application awareness. While traditional firewalls relied on common ports to monitor attacks, NGFWs are application-aware and allow for application control. Application-level inspection combines packet filtering and TCP handshake verification elements to filter traffic between the network and the traffic source. Packets are filtered according to the service for which they are intended, along with certain other characteristics.
- Intrusion prevention. In an environment that utilizes a traditional firewall, it is common to see an intrusion prevention system (IPS) deployed as a separate solution. With an NGFW, the IPS network security/threat prevention technology is fully integrated. An IPS is often placed in the direct communication path between source and destination to scrutinize network traffic flows, detect and prevent vulnerability attacks, and provide a complementary layer of analysis to screen for harmful content.
- Deep packet inspection. In addition to examining the header, footer, source, and destination of incoming packets, deep packet inspection (DPI) reviews the data part of the packet to root out illegal statements and predefined criteria to decide whether to let it through based upon its content. DPI takes incoming packets apart, examines the data, compares it with set criteria, and then reassembles the packet quickly, efficiently, and without slowing down the speed of network traffic.
- Sandbox integration. Sophisticated cyber attackers use unknown malware to avoid traditional gateway and endpoint protection. Sandbox integration, which is available in most NGFW solutions currently on the market, deals with these new and emerging unknown threats in a safe, isolated environment (the sandbox) that imitates a computer system. Suspicious programs can be run in the sandbox to monitor their behavior and purpose without endangering an organization’s entire network.
With the myriad of cyberthreats that law firms face today, next generation firewalls have become an essential tool for a modern cybersecurity posture. NGFWs are a standard for our Afinety Cloud Platform, a cloud hosting platform exclusively for law firms. Reach out to us to learn more about NGFWs, cybersecurity for law firms, and how to securely transition to the cloud.