By Sam Erdheim, AlgoSec
We have entered the “application age” which has been a blessing for business productivity when organisations effectively manage their users and application usage. But it has also created security gaps.
The increased use of apps and virtualisation, a growing mobile workforce and more sophisticated threats have all played a role in driving IT security innovation and changing how we manage and secure the disappearing gateway.
Next-Generation Firewalls (NGFWs) represent the latest advances in gateway security, but while they provide you with more granular control, they also increase the complexity of your policies.
AlgoSec recently conducted a 2012 State of Network Security survey and while 84% of respondents believe that NGFWs have improved their security, 76% noted that these devices added significant management burden.
We all know that when it comes to IT security, complexity is not a good thing, so how can we take advantage of the clear benefits of next-generation firewalls without adding significant administrative burden and risk?
Next-generation firewalls go beyond traditional firewall traffic filtering of ports and give you more control by providing the ability to filter by application type and user identity.
With this added granularity you can define what groups of users can do with a particular application, allowing for better security and ultimately a business advantage (i.e. a marketer such as myself has a business need to be able to post to Facebook, but a developer does not).
Firewall policy decisions are no longer black or white.
When setting policies at an application level, you must understand each application, its business value to different users and any potential risks that come with it.
More granularity leads to more rule sets and more rule sets lead to more complexity, so you need to have a plan and make sure that all involved teams are on board with it.
When deploying more granular, next-generation firewall policies, here are some tips to think about:
- Run your NGFWs in a “learning mode” so you can get visibility of what apps are being used in your environment and by who. This can provide you with critical information in starting to define more granular policies, which you can continue to build out over time in a methodical fashion.
- Streamline and automate the management of your next-generation policies in tandem with your traditional policies. While NGFWs provide more details and more control, for productivity and operational efficiency, you will want to make sure you can add, update, change and delete policies across all your firewall estate in a normalised way.
- Run risk queries against specific applications as another security check, and leverage third party risk databases to provide actionable recommendations of potential things you may want to change in your policy.
Next-generation firewalls certainly provide some additional benefits over traditional firewalls, but in order to truly reap the benefits (without adding to complexity and in turn increased management burden and risk) you must map out a plan in advance of your implementation and have a process to manage these policies over time in the context of your broader network environment.
