​Reinventing next-generation firewalls for coordinated protection

The escalation in volume and complexity of cyber threats today have compelled organisations to turn to next-generation security solutions to secure their users, networks and data. Next Generation Firewalls (NGFW) are a modern class of firewall that blend standard firewall features with advanced functionality to provide deeper inspection of network traffic. Deep inspection of network packets facilitates proactive identification of malicious activities whether they make use of emerging threats, complex exploit attacks, and malware.

Besides performing deep traffic inspection and attack protection, what other important features or capabilities should an organisation look for in a NGFW, especially when the term itself can be fleeting given the swift evoution of cyber attacks?

In the context of today’s evolving threat landscape can any firewall truly claim to be “next-generation”?

There are indeed a set of best practices, qualifying criteria and information available to help organisations assess whether their NGFWs capabilities are adequate and effective in identifying and providing security against coordinated threats.

Here are some useful tips:

User behaviour analyses

Statistics have shown that 80 percent of security risks are introduced by user behaviour. A NGFW must be able to identify risky user behaviour and identify weaknesses in the current security policy. Through analysis of network traffic, a NGFW can identify patterns of human behaviour that can be used to predict and prevent attacks. This information is used to calculate a user threat quotient, providing IT with an understanding of which users require education and additional protectio. The user threat quotient assists in prioritising which policies to fine tune, remediating threats and identifying which users will benefit the most from security awareness training.

Organisations should select a firewall that correlates each user’s surfing habits and activity with advanced threat triggers over time to identify users prone to risky behaviour. It is also useful to deploy a firewall that comes with pre-defined best practice policy templates. This accelerates the deployment of effective protection.

Stop the attack kill chain

A NGFW must offer visibility into the inventory of users, servers and traffic traversing the network environment, and provide intelligence to proactively block attacks early in the cyber attack kill chain. One way to achieve this is to ensure the NGFW can identify and block malicious traffic connecting out to known command and control networks used by cyber criminals.

Integration between network and endpoint security

Modern security solutions are critical to protecting organisations from attacks that leverage polymorphic malware and advanced persistent threats (APT).

Next-generation detection and protection capabilities are required both at the gateway and on each endpoint. Synchronised security solutions that provide insight into activity at each endpoint and across the network provide a 360 degree view of suspicious and malicious activity. By sharing this intelligence, both endpoint and firewall can identify emerging threats and automatically terminate malicious activity. Furthermore, investigation into security incidents is quick and simple when using a firewall that automatically correlates which user and process on the endpoint initiated a connection to a malicious site. This capability significantly reduces the time and resources needed to investigate and address security incidents.

Fast remediation

Remediation can become a lengthy and expensive process when restoring systems after a security incident. This can add up to weeks or months of effort in even mid-sized environments. Therefore, it is vital to choose a NGFW that is able to pinpoint the exact troubling areas so that remediation can be performed within minutes.

Easy to use

Simple security is the best form of security. A NGFW or any security solution should be simple to deploy, configure and manage, as well as cost effective and equipped with automation capabilities to minimise human intervention, hence freeing up time and resources for other project implementations.

Above all, a NGFW must offer effective defense against emerging threats and visibility into user activity and use of the network.

Wana Tun is Regional Technical Evangelist at Sophos

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersrisky behaviourcyber threatsnext-generation firewallattacksNGFWcyber security

More about APTindeedModernSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Wana Tun

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place