Firewalls: Defending against the covert, the complex and the continuous
by Daljit Paul, Head of Services, Networks First
Staying on top of the latest threats to a business can be a significant investment in resources – technology, staffing, and management of IT estates are all necessary. Cyber threats are covert and so organisations often don’t know an attack is happening or even whether a security breach has taken place – various reports, including Verizon’s Data Breach Investigations Report, puts the discovery of data breaches into weeks and months.
This is compounded by the fact that cyber security is complex. Managing the myriad of security solutions within an organisation can be challenging to say the least. This problem only grows as a business gets larger. In the largest organisations you’ll find dedicated IT security teams – but this is costly and out of reach for many SMEs. The compromise is that IT teams need to take on security roles as well as continue with their day-to-day work.
Which takes me to my third point quite nicely – cyber attacks are continuous. There is no let up. Attacks happen 24 hours a day, seven days a week and they happen all year round. Anecdotal evidence from a number of IT security professionals also suggests that cyber attacks actually increase during public holidays, when staffing levels are often at their lowest.
Having a robust security infrastructure in place will always be vital, and will stop the majority of threats targeting your network, but a determined hacker will always find a way. They only need to find one small weakness in the network security architecture to gain a foothold into the organisation.
The benefit, therefore, of outsourcing part, or all, of an organisation’s security operation is that managed security service providers can make threats visible, help to eliminate the complexity of security and are able to provide continuous monitoring, freeing up internal IT personnel to focus on other business critical IT operations.
Is the firewall king?
Firewalls are the perfect example of the challenges faced by IT teams. They are often overlooked and neglected for more innovative technologies that can protect against Advanced Persistent Threats (APTs), zero-day exploits, advanced malware and other threats.
Firewalls were first developed and deployed 25 years ago, and have been on the front lines protecting organisations ever since. Firewalls have two main purposes – they filter traffic coming from the Internet coming into your network, blocking the known bad traffic and threats, and controlling what information your network is sending outside the corporate network.
A firewall works by breaking down TCP/IP traffic into packets, which it then inspects to ensure it meets the criteria set out by the firewall policies and rules before letting that traffic through. Firewalls will block everything that hasn’t specifically been allowed, but rules and policies can be amended and configured as and when needed. Alternatively, you can allow all traffic through a firewall and set specific policies to block certain traffic.
And here lies the challenge. For home users, and for small businesses, managing firewalls is often as simple as ensuring each computer and laptop has a firewall, but as the number of devices grows, so does the challenge of ensuring firewalls remain fit for purpose. Gartner noted that through 2018, more than 95 per cent of firewall breaches will be caused by firewall misconfigurations.
Let that sink in for a second. 95 per cent of firewall breaches are essentially down to human error and not through some flaw in the technology itself.
This all comes down to the management of the firewall and ensuring that rules and policies for allowing, and denying traffic, are robust enough to protect the organisation, without being overly restrictive from an employee’s perspective. But, it’s not just firewalls that need managing – almost every piece of IT security equipment needs similar time and focus to ensure they’re working to maximum effect.
Ultimately, managing firewalls and other network security products is a major task and one that requires dedicated internal IT security teams. For many there simply isn’t the budget to have enough skilled IT pros internally, so increasingly we’re seeing end-user organisations outsourcing parts, or all, of the security operations.
A managed service can help to solve the problems of covert attacks, complex security, and continuous cyber attacks. But more importantly, outsourcing the IT security element of your network operations means that IT teams can focus on their core competencies, leaving the complex management of security to the professionals
Networks First is a leading managed IT services and network support provider based in the UK.