The importance of using a firewall in the workplace is well established. But in response to today’s evolving threats, a sophisticated firewall is no longer enough. In an ever-changing environment, how do you integrate a firewall into your network architecture? How can you make optimal use of it?
Where to locate the firewall, how to segment the network, “zero trust” approach, centralized management and monitoring; We tell you everything you need to know about making the best use of a firewall in your network architecture.
Understand the need and protection environment
A firewall is one of the cornerstones of a company’s perimeter security. Historically viewed as an impenetrable wall around the edge of the network, its function has evolved significantly since then. To respond to the changing threat landscape and prevent all attempts at lateral movement by malware, system administrators have had to rethink their use of firewalls, adding new layers of protection.
The correct place of a firewall in a network architecture depends on the need for security. The traditional firewall located at the edge of the network – although it is still an essential part of the security arsenal – is no longer sufficient to provide a good level of protection. Changing business models (digital nomads, remote work, SaaS and other cloud infrastructure), coupled with increasingly sophisticated cyber threats, have forced companies to expand their use of firewalls. It is now necessary to move forward and deploy firewalls at different points in the company’s security perimeter. But this security perimeter is evolving and consists of a variety of elements, both internal and external.
So what is it? Strategic firewall locations? At an Internet connection point, at the edge or in the middle of the network, in the cloud… the options are many, and will depend on your security goals and the capacity of your firewalls. Note that, in keeping with the principle of defense in depth, it is recommended to install at least two firewalls to create a demilitarized zone. This double barrier provides an additional seal against (potentially malicious) data flows. The goal is to implement multiple levels of trust, from the Internet to the local area network (LAN), and even to data centers and other cloud environments.
Next Generation Firewalls (NGFW) can take network architecture security to even greater levels; For example, with network segmentation and “zero trust” approaches. We explain how.
The importance of network fragmentation and “zero trust”
Why is network segmentation important? Because the modus operandi of cybercriminals includes a reconnaissance phase. After hacking a device, they scan networked equipment in preparation for a potential rebound attack. To avoid any spread, strict segmentation must be applied on the main network and in the subnets. By dividing this area into distinct zones, the administrator can enforce strict access and flow controls.
The establishment of a demilitarized zone, as mentioned above, is “Special hash case“, according to Simon Dunsett, Product Manager at Stormshield. “It has the advantage of being able to segment the network for specific needs by blocking all options for lateral movement“. like Sebastian VioStormshield’s Director of Cybersecurity and Product Management notes:Protocol disruption is a principle designed to disrupt all network, transport, and application flows by interpreting and rewriting them. In essence, it should be impossible to do direct routing between the two firewalls“The double barrier principle is not to assemble a series of firewalls.”Believing that the first of them will fill the weaknesses of the other“But instead”To create trust zones and apply consistent security rules while controlling data flows. In sensitive industrial environments, network segmentation allows a number of actions to be taken. First, it isolates IT and OT environments, stopping lateral movement of ransomware that has infected IT infrastructure and is trying to spread to production environments. Second, this segmentation can go directly to the heart of operational processes, as close as possible to machines and programmable logic controllers (PLCs), applying granular filtering of flows, down to the single command sent.
To ensure the legitimacy of users and devices connecting to networks, companies can also apply the concept of “Zero Trust.” This “Zero Trust” philosophy is based on the principle that users and network components should not be assumed to be trusted by default, but must prove their identity and legitimacy every time they request access to resources. Zero Trust Network Access Architecture (ZTNA) involves both users and devices in authenticating and authorizing network access. Access is then precise and specific to the user’s needs. “In a Zero Trust architecture, the firewall must first be linked with strong authentication techniques to identify the user. But it must also be verified that the workstation to be authenticated is in order“, Dunsit explains. The latest firewall models use this philosophy to enable user access control to be implemented, rather than filtering solely on an IP basis (as traditional firewalls did). Traffic filtering rules can then be used to implement fine-grained security policies in real time. Dunsett explains,There are now interactions between EDR type Solutions and firewalls that allow the user to log in. These mechanisms take over the authentication process A step forward.” Therefore, the next-generation firewall becomes a key component of the Zero Trust architecture.
By applying specific or shared rules, upgrading equipment, monitoring and supervision, whether physical or virtual, the proliferation of firewalls in companies is forcing system administrators to rethink the way they are managed, moving from unit-based to centralized management. This is a tool that has now become a necessity.
Need for centralized firewall management
Whether you’re at the edge or in the center of the network, near industrial equipment or hosted in the cloud, the number of firewalls and their locations has multiplied to the point that managing them can quickly become a complex task. Deployment, configuration, maintenance, patch management… According to Dansette, centralized management allows “Reduce the complexity of managing various firewall connections and reduce network administration time, and thus the inherent costs“.
Centralized management also simplifies security compliance, ensuring that all security policies are applied uniformly across all firewalls on the network. This is a powerful asset for MSSPs and IT vendors. Centralized management makes it possible to manage the configuration of multiple firewalls with a single tool, managing them all from one platform. Changes can be made quickly and easily, providing security for their customers and productivity gains for their teams.
Also, by centralizing log management indicators, they can be viewed from a single interface, making monitoring and reporting easier. In cases where logs are collected, stored, and archived on a single platform, system administrators can find and correct configuration issues more easily. Dunsit says, “Centralization provides an overview that makes it easier to analyze where the problem is and then correct it on the offending firewall. This makes the troubleshooting phase easier for system administrators, and saves time in times of high stress“.
What about the future? Clearly, network security points are not the only growth area within an organization; Endpoint protections follow the same trend. However, the repeated success of cyberattacks demonstrates the ineffectiveness of this approach. Because the proliferation of detection solutions causes many diverse events with behavioral patterns that are difficult for administrators to interpret and correlate. This lack of visibility limits response, which in practice leads to a lower level of protection. In response to this problem, and in order to enable more comprehensive management, XDR (Expanded detection and response) has been developed. Three-pronged goal: reduce risks, correlate events reported by different cybersecurity solutions, and improve organizations’ cyber operational productivity.