Firewall strategies: Achieving deeper network security

Published: August 22, 2019 2:06:03 AM

Keeping in mind the modern IT infrastructure and cyber security challenges, it is important to inculcate a firewall strategy which can scan all IP traffic irrespective of protocol, detect evasive techniques and install a network based anti-malware which is continuously updated.

SonicWall Cyber Threat, TLS encryption, SSL encryption, firewall, industry news, technology news, IPS, Firewall,  cyber security, Next Generation Firewalls, NGFWAccording to the 2018 SonicWall Cyber Threat Report, TLS/SSL encryption continued to grow, leading to under-the-radar hacks affecting hundreds of millions of users.

India Inc didn’t have a perfect 2018. The reason—a business loss of more than $500,000 due to sustained network security attacks across the country. This is no hyperbole. Analyst firm Cybersecurity Ventures predicts damages around $11 billion in 2019 due to cyberattacks. The complexity of attacks is scaling year after year.

Multi-tier attacks
Organisations of every size must today combat a wide range of increasingly sophisticated threats, including advanced persistent threats (APTs), cybercriminal activity, spam and malware. At the same time, many are also grappling with tighter budgets with limited resources to easily address issues. Another problem is the challenge of insider threats. It’s important to compartmentalise a network to keep mission critical data away from everyone’s access in addition to tools that identify anomalies. On the other end of the spectrum, there is a massive shortage of cyber security professionals in the industry.

Next generation firewall
According to the 2018 SonicWall Cyber Threat Report, TLS/SSL encryption continued to grow, leading to under-the-radar hacks affecting hundreds of millions of users. This leaves organisations that are not inspecting TLS/SSL traffic effectively blind to much of the traffic on the network. Further, attacks that utilise encryption will have a very high success rate in this type of scenario. In order to combat these sophisticated attacks effectively, organisations need the ability to inspect all traffic on any port, regardless of whether that traffic is TLS/SSL-encrypted or not. Cybercriminals often try to circumvent Intrusion Prevention Systems (IPS) by using complex algorithms designed to evade detection. Some network security vendor products may not perform adequate data normalisation to decode threats before the IPS has a chance to examine them. This enables encoded threats to compromise corporate networks without being noticed.

With the ever-changing nature of threat vectors, a modern- day firewall should have a real-time updated cloud-based repository of malware versions to stop new threats. Moreover, it should be able to inspect every small packet of data without any latency. It should secure the network by scanning all data irrespective of protocols and point out all applications being used by employees and the amount of bandwidth being consumed.

The IoT bottleneck
Again, as IoT devices do not have a layer of security, these are vulnerable and have been hit by massive DDoS attacks, impacting an organisation’s network. In order to prevent attacks on a massive scale due to unsecured IoT devices, the modern-day firewall should examine encrypted traffic for any possible threat vectors, support loads of packet inspection connections without impacting the wireless speeds across the network.

Next-Generation Firewalls (NGFW) provide organisations of any size with a deeper level of network security without compromising performance. They scan all traffic regardless of port or protocol – including TLS/SSL-encrypted traffic; they can detect anti-evasion techniques; and they have network-based anti-malware with access to a cloud database that is continually updated, in addition to being both easy to manage and affordable.

Keeping in mind the modern IT infrastructure and cyber security challenges, it is important to inculcate a firewall strategy which can scan all IP traffic irrespective of protocol, detect evasive techniques and install a network based anti-malware which is continuously updated.

The writer is country director, India & SAARC, SonicWall

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Next Stories
1Lost an item or your phone? Tile’s Mate trackers will help you find it
2Dish TV’s d2h launches ‘Fire TV Stick killer’ at Rs 399; lets you stream shows, watch live TV
3Samsung Blue Fest 2019 offers great deals on Galaxy M20, Galaxy M30, Harman, JBL and more – check details