Tackling the Legacy Firewall challenges

66
CHRIS GAEBLER

 

 

The first step is to understand that firewalls have significant limitations in the modern world (cramping agility) and have anyway been made almost redundant in their security function by today’s sophisticated attackers,” says Chris Gaebler, CMO, Guardicore in an exclusive interview with ITSecurityWire.

 

 

ITSW Bureau: According to the study, what challenges do enterprises face when relying on firewall technologies for cybersecurity?

Chris Gaebler: According to the new Ponemon study “Rethink Firewalls: Security and Agility for the Modern Enterprise,” digital transformation and cloud computing is a world beyond the capabilities of traditional network security tools. Firewall technologies were never designed for these purposes.

The report is based on a survey of over 600 security professionals and sponsored by Guardicore. It indicates a clear view that older security technologies such as firewalls are failing to block hackers from accessing data and applications across data centers and clouds. The survey also highlights this well-informed group’s opinion that firewalls are inflexible to change when agility and speed are being demanded of every other aspect of IT and the wider business.

In terms of security:-

–  60 percent of the survey respondents said they believe firewalls are ineffective in stopping cyber-attacks against applications, data centers, and data in the Cloud.

–  61 percent of respondents say their organizations’ firewalls could not contain a breach of its data center perimeter.

–  64 percent believe that legacy firewalls are ineffective against modern attacks like ransomware.

–  Fewer than 50 percent of the respondents trust their firewalls to segment data traffic flows, a key pillar of modern security.

In terms of supporting an agile enterprise:-

– 57 percent of respondents indicate it can take a month or more to adapt firewall rules to support software updates or new applications. Protecting assets in the cloud and across distributed workforces requires speed and agility; something, which legacy firewalls simply can’t support.

Read More: Analyzing the Easily Missed Facts While Fixing the IT Skill Gap

– According to the survey, 53 percent of organizations are moving away from firewalls because they find them too costly and overly complex to manage.

ITSW Bureau: Why are legacy firewall systems rendered ineffective for securing data across data centers and cloud environments?

Chris Gaebler: Firstly, firewalls are easily bypassed. Hackers have learned to encrypt attacks, so firewalls can’t spot them. Deep packet inspection becomes impossible and such attacks pass through firewalls unimpeded. Hackers know this and today, nearly three in every four attacks use encryption.

Certainly firewalls that offer basic SSL proxy support can support the detection of encrypted attacks. But administrators often find this approach to processor intensive to use; it slows down networks and applications, hitting business productivity.

One option is to turn to web proxies and email security MTAs to prevent attacks, but this is a weak response and many will get through undetected. Furthermore, firewall issues with encrypted traffic get worse when you understand that most web traffic is encrypted and about half of the enterprise applications run over encryption. Firewalls simply cannot protect the enterprise from nefarious traffic when it is not obviously different in nature from what’s legitimate.

To make matters worse, firewalls are easily traversed when attackers incorporate port forwarding, fragmented packet attacks. At the application layer, there have been many powerful HTTP and DNS protocol spoofing attacks that have today become highly incorporated into the standard toolkit of the modern hacker.

ITSW Bureau: What approaches can assist today’s enterprises in protecting cloud infrastructure and a distributed workforce in the surging cyber-attacks scenario?

Chris Gaebler: The report and Guardicore’s experiences in the field indicate that companies are increasingly moving toward more modern security solutions, like software-based segmentation, to overcome legacy firewall limitations.

Software-based segmentation is the technique of inserting security services between two workloads to isolate them from one another and secure them individually. This allows system administrators to deploy flexible security policies that restrict traffic between workloads based on the least privilege principle.

54 percent of survey respondents say their organizations have adopted software-based segmentation. Out of these respondents, 66 percent say it is important to their organizations’ security posture.

ITSW Bureau: What steps can enterprises take to eliminate their dependency on legacy firewall systems in favor of more innovative security technologies?

Chris Gaebler: There is a type of IT decision-maker who is willing to challenge conventional assumptions.  She or he recognizes that the world moves on, sees the bigger security picture and does not just keep buying what is/what was commonly accepted.

The first step is to understand that firewalls have significant limitations in the modern world (cramping agility) and have anyway been made almost redundant in their security function by today’s sophisticated attackers. More than 50 percent of organizations are reducing their firewall footprint because of these limitations.

The next step is to look for more modern, stronger security approaches; ones are less complex to administer, more flexible and accommodating of change. Many organizations are moving to software-based segmentation.

Software-based segmentation allows companies to apply workload and process-level security controls to the data center and cloud assets that have an explicit business purpose for communicating with each other. Once enterprises have defined and built their policies, segmentation is extremely effective at detecting and blocking any unauthorized lateral movement in data center, cloud and hybrid-cloud environments.

Read More: Cybersecurity with Data Sovereignty

It’s important to recognize that good segmentation is dependent upon the creation of good permissive policies. To have your administrators define the roles of hundreds, even thousands of data center machines and accurately determine which individual ports to open to which other machines would be a very big, time-consuming and expensive ‘ask’.

Fortunately, the best software-based segmentation platforms automate much of this process. A visual map of the entire data center is provided, all the way down to the process level. With this map, the teams can home-in on specific parts of the data center and link relations between different servers. Admins and security teams can easily discover running applications. They can then create policy rules tying the discovered applications and security groups, visualizing it all on screen. Then they can test, monitor and optimize their created policies before deploying them, updating as and when necessary.

Chris Gaebler leads Guardicore’s global marketing initiatives. Before joining Guardicore, Chris was the CMO of Netscout, Arbor Networks and VP of marketing at Kaspersky and Sony. Gaebler finds the mission of Guardicore – to protect the customers most critical assets – to be a great brand story.