Was ist Firewall-Schutz?
Network firewalls have been in operation since the late ’80s. It is their task to protect the corporate network from the Internet.
The Internet is a beehive of cybersecurity threats such as malware, phishing, viruses, and ransomware. Thanks to an army of cyber criminals, modern businesses need to continually advance their cybersecurity posture to stay protected.
The Network Firewall
Connecting the network with the Internet isn’t as easy as it looks.
- Packet screening, filtering, and blocking to protect the network from packets that do not fit with predefined rules. As an example, network firewalls use packet header information, such as the name of a particular protocol, to determine whether a packet from a certain program or application should be allowed through and into the network.
- VPNs (Virtual Private Networks) are connections that encrypt and protect remote user data to keep them, and the network secure even if users are working beyond the edge of the corporate enterprise.
- TLS/SSL encrypted traffic inspection, which decrypts SSL encrypted communication data so it can be inspected. Once cleared, SSL re-encrypts the data and completes the communication.
- DPI (Deep Packet Inspection) allows the network firewall to inspect the contents of the packet. This makes it possible for the network firewall to identify and block malicious content that might include malware, ransomware, viruses, or phishing attacks.
- IPS (Intrusion Prevention System) detects and prevents known threats and sends alerts to security experts for further action.
- QoS/bandwidth management
- Integration with third-party identity management applications such as RADIUS, Active Directory, and LDAP.
Basic Network Firewalls
As the name implies, firewalls provide a wall or barrier between the corporate network and an unknown and untrusted network, such as the Internet. Network firewall security controls and monitors incoming and outgoing network traffic based on established security policies. Basic network firewall security capabilities include,
Next-Generation Network Firewalls (NGFWs)
NGFWs (Next-Gen Network Firewalls) are the 3rd generation of firewalls. NGFWs include more layers of the OSI model. They include standard network firewall security capabilities and add additional features.
Network Firewall–as-a-Service (FWaaS)
Firewalls-as-a-Service is a firewall security system delivered as a cloud-based service. With FWaaS, corporations can now move their network security processes to the cloud. Traffic from data centers, branches, remote users, and cloud applications can be centrally collected and protected using this service.
As the name implies, firewalls provide a wall or barrier between the corporate network and an unknown and untrusted network, such as the Internet. Network firewall security controls and monitors incoming and outgoing network traffic based on established security policies. Basic network firewall security capabilities include,
- Packet screening, filtering, and blocking to protect the network from packets that do not fit with predefined rules. As an example, network firewalls use packet header information, such as the name of a particular protocol, to determine whether a packet from a certain program or application should be allowed through and into the network.
- VPNs (Virtual Private Networks) are connections that encrypt and protect remote user data to keep them, and the network secure even if users are working beyond the edge of the corporate enterprise.
NGFWs (Next-Gen Network Firewalls) are the 3rd generation of firewalls. NGFWs include more layers of the OSI model. They include standard network firewall security capabilities and add additional features.
- TLS/SSL encrypted traffic inspection, which decrypts SSL encrypted communication data so it can be inspected. Once cleared, SSL re-encrypts the data and completes the communication.
- DPI (Deep Packet Inspection) allows the network firewall to inspect the contents of the packet. This makes it possible for the network firewall to identify and block malicious content that might include malware, ransomware, viruses, or phishing attacks.
- IPS (Intrusion Prevention System) detects and prevents known threats and sends alerts to security experts for further action.
- QoS/bandwidth management
- Integration with third-party identity management applications such as RADIUS, Active Directory, and LDAP.
Firewalls-as-a-Service is a firewall security system delivered as a cloud-based service. With FWaaS, corporations can now move their network security processes to the cloud. Traffic from data centers, branches, remote users, and cloud applications can be centrally collected and protected using this service.
Laden Sie unser eBook herunter. Dieser neue Ansatz für die Vernetzung umfasst eine Reihe von vollständig integrierten, über die Cloud verwalteten Security-Services, die vor Ort oder in der Cloud mit zentral verwalteter Sicherheit bereitgestellt werden. Erfahren Sie, wie Sie:
- Verringerung der Komplexität und des betrieblichen Aufwands
- Benutzerfreundlichkeit / Transparenz für Anwender
- Mehr Sicherheit durch einen Zero-Trust-Netzwerkzugriff
Next Generation and Cloud-Based Firewalls
Muddy the Water
By definition, SWGs (Secure Web Gateways) and NGFWs (NextGen Firewalls) have a very similar purpose. They prevent suspicious traffic from entering or leaving the network. DNS (URL filtering), DLP (Data Leakage/Loss Prevention), application-level awareness, and detection of malware are some of the key features promoted by secure web gateway providers. At the same time, network firewall providers make similar claims.
Not all secure web gateways and network firewalls can perform all those services, nor should they. This is a heavy burden for a single system, especially if the organization has a high volume of internet traffic. Performance may be improved and latency reduced by spreading security services across multiple devices – network firewalls and secure web gateways. The network firewall may be performing DPI (Deep Packet Inspection) and SSL scanning while the gateway is delivering DLP (Data Loss Protection) and URL filtering.
The challenge is that an architecture with two or three separate processes, each with its own inspection, discovery, and action is likely to be more accurate but may induce latency if the processes are serial in nature.
Deliver Your Cybersecurity Posture with MDR
The best approach might be a cloud-native service that doesn’t confine features to ‘this is an FW-as-a-Service’ or ‘this is a cloud-native secure web gateway.’ Rather it takes a more holistic view of the customer and applies services as part of an entire cybersecurity platform. These suppliers are known as MDR (Managed Detection and Response) providers.
Many organizations are turning to an MDR service to deliver their cybersecurity posture. A complete MDR service encompasses nearly all the processes, technologies, and techniques used to detect, deter, and remediate cybersecurity threats and attacks. This includes remote users, cloud applications, compute clouds, WANs, and remote sites.
- Advanced MDR service providers not only instruct the user on how to contain and remediate cyber-attacks but, if allowed behind the network firewall, will help bring attacks to ground.
- Leading MDR providers can also replace or augment the traditional SOC (Security Operation Center) with SOC-as-a-Service. The customer can be involved in cybersecurity management to whatever level they desire, minimal to very hands-on.
Open Systems Firewall
Cloud-Native Protection for the Network
A next-generation network firewall and secure web gateway may be able to provide the cybersecurity posture you require. For performance-sensitive and distributed networks, a more comprehensive and holistic cybersecurity stack, such as MDR, may be more suitable.
Contact our customer advocates and learn about our single-pass cybersecurity architecture, MDR, and SASE services.
