In recent surveys, network administrators and IT managers cited the following top issues with their existing firewall:
- Poor visibility into network applications, risks, and threats
- Concerns about protection from the latest ransomware and attacks
- Lack of any response or assistance when there is a threat on the network
When selecting a shortlist for your next firewall, it can be challenging to even know where to start.
You’ll want to begin by identifying your key requirements.
Once you’ve established those, it’s a daunting task to wade through vendor websites and datasheets to determine which firewall can not only meet your needs, but actually does what it claims.
“Sophos has compiled a guide that will help users you to choose the right solution for your organisation so you don’t end up with firewall buyer’s remorse.”
“It covers all the features and capabilities you should consider when evaluating your next firewall purchase”.
“These are We’ve also included important questions to ask your IT partner or vendor to ensure the product will meet your needs,” says Andre Kannemeyer – CTO at Duxbury Networking, local distributors of Sophos technology.
The perfect storm in network security: encryption
Ever-increasing encrypted traffic flows have created a perfect storm – with dire consequences.
Consider these important facts:
- 90% of internet traffic is now TLS encrypted
- 50% of malware, PUA, and hacker servers are utilising encryption to avoid detection
- Most organisations are not inspecting encrypted traffic.
“When we ask organisations why they are not inspecting encrypted traffic, they cite performance as the number one reason.”
“TLS inspection is simply too resource intensive for most firewalls to keep up with the huge volume of encrypted traffic.”
“The second major reason for not inspecting encrypted traffic. It tends to cause usability issues; it breaks the internet,” says Kannemeyer.
This fundamental challenge with encryption and an inability to address it by most firewalls is creating a variety of other issues: visibility into risky behaviour and content, compliance, and protection from ransomware, attacks, and breaches.
In effect, encryption is the root cause of many of today’s top network security challenges.
Unfortunately, most networks are simply turning a blind eye to most of the traffic passing through them.
This is no longer necessary. There is a very effective way to deal with this challenge.
Top critical capabilities
To solve your top challenges with network visibility, protection, and response to threats, here are four must-have critical capabilities you need in your next firewall, that are likely missing today:
- TLS 1.3 inspection – 90% of internet traffic is now encrypted and that number is growing, so it’s critical that your next firewall includes TLS 1.3 inspection. Perhaps more importantly, it must provide the intelligence and performance to do it efficiently, without becoming a bottleneck or forcing you to buy a much more expensive firewall than you really need. Not all encrypted traffic requires inspection, and not all encrypted traffic supports it. Your next firewall must support all the latest standards and cipher-suites. It must also have intelligent exceptions built in to be more selective in what traffic to inspect, while also providing tools to easily identify potential issues and add exceptions on the fly to avoid them. It should also offer adequate performance to deal with an ever-increasing volume of encryption – both today and into the future.
- Zero-day threat protection – Threats are constantly evolving. The ransomware variant used to attack an organisation tomorrow will almost certainly be different from the one used yesterday. This is the nature of the current threat landscape. Your next firewall must have artificial intelligence based on multiple machine learning models, plus sandboxing with advanced exploit detection and crypto-guard ransomware detection to identify the latest zero-day threats and stop them before they get on your network.
- FastPath application acceleration – About 80% of the traffic on your network likely comes from approximately 20% of your apps. These elephant flows are typical of meeting and collaboration tools, streaming media, and VoIP. These large traffic flows are both resource-intensive to inspect and require optimal performance for a great user experience, creating an enormous challenge. Your next firewall should be able to adequately handle these trusted traffic flows and offload them to provide optimal performance and create added performance headroom for traffic that needs deeper packet inspection.
- Integration with other cybersecurity products – It’s no longer enough for IT security products to work in isolation. Today’s sophisticated attacks require multiple layers of protection, all working in coordination and sharing information to provide a synchronised response. Your next firewall should integrate with other systems like your endpoint AV protection to share important threat intelligence and telemetry. This will allow both systems to work better together to coordinate a defence when you come under attack. These systems should also share a common management interface to make deployment, day-to-day management, as well as cross-product threat hunting and reporting easier.
These four capabilities will ensure the top problems with your current firewall will be a thing of the past, and power your network protection well into the future.
Critical capabilities questions to ask your vendor
|Critical capabilities||Questions to ask your vendor|
|TLS 1.3 inspection
Provides visibility into the growing volume of encrypted traffic traversing networks
|Zero-day threat protection
Protection from the latest unknown threats using machine learning and sandboxing
|FastPath application acceleration
Offloading trusted application traffic to a FastPath to improve performance and reduce overhead
|Integration with other security products
Integration is essential to provide adequate layered protection and sharing of information across products for a response to threats or for forensic investigations and threat hunting