First Step to Network Security & Protection: Reignite your firewall

Nov 30, 2017 - By Julius Suarez, SE Manager for ASEAN, Sophos

It is no surprise that Malaysia is ranked third among 193 countries in the Global Cybersecurity Index 2017 for its commitment to cybersecurity. Within just two months from the day we heard about the data leak reports, the government has already set up a special committee to combat cybercrime in the country. In the same time span, we have also heard many voices in the industry urging the public to be extra careful with their personal data. Businesses were asked to take the necessary steps to curb cyber security issues in the country.

Julius Suarez, SE Manager, Sophos

Not only that, recent ransomware attacks like WannaCry and Petya have spread largely unchecked through corporate networks in the recent year, extorting money to restore data and regain control of computers. Most notably, the WannaCry ransomware accounted for 90 percent of the attacks in Malaysia this year. Taking all these recent developments into account, it is time for businesses to take a closer look at the state of their security, especially their network security.

Organisations can start with a good firewall that integrates all the advanced networking, protection, user, and app controls they need to stay secure and compliant. IT departments do not have to think back too far to remember a time when firewalls were all about speeds and feeds, and not much else. Over the past few years, however, we have seen a shift from the firewall leading a lonely, isolated existence, to a new conversation about the firewall as an integrated component of the greater IT security strategy.

A firewall that is able to communicate as part of a larger IT security ecosystem is much more effective, providing a whole new level of security, responsiveness and insight. That does not mean the race for the fastest firewall has gone away, but measures like “gigabits per second” now need to work as part of the protection, performance and price mix.

Compare firewalls for the best performance and security effectiveness

No two network environments are the same and testing methodologies among vendors can vary wildly, making it fruitless to compare firewalls based on published datasheet numbers alone. In any case, just comparing datasheets completely ignores security effectiveness – which these days is a critically important metric.

That is why third-party testing labs are so valuable. When done correctly and fairly, independent tests bring all vendors to a common denominator and highlight what really matters: the price-performance ratio. Check out the recent NSS Labs Next-Gen Firewall tests to see how firewalls from the top vendors stack up when put to the test:

Visual: NSS Labs Group Firewall Security Value Map

Modernizing the Beast

IT departments often struggle to find time to upgrade their outdated firewalls due to budget and resource constraints. From our conversations with customers and partners, it appears that more organizations have a beast – an older firewall – in the datacenter, which nobody dares to touch as it cost a small fortune to buy and get set up. It may be doing its job – but that is the job a firewall was expected to do ten years ago. As a result, these firewalls typically lack the extras that their modern counterparts can offer.

For example, a lot of old firewalls cannot block unknown threats, automatically respond to incidents or reveal hidden risks on the network. The old beast of a firewall probably does not offer contemporary security features such as sandboxing or other forms of more advanced threat detection, response and mitigation. In contrast, an intelligently-deployed modern firewall can protect proactively against modern ransomware attacks like the recent WannaCry and Petya outbreaks.

Firewalls today provide more effective mechanisms to respond to and isolate threats by working with the rest of the IT ecosystem. By communicating and sharing information, they provide better protection and insight through added intelligence also known as Synchronized Security.

Deploying next-gen protection against next-gen threats

Ideally, organisations should replace their old firewall with the latest and greatest sort of firewall that can adapt, grow and respond not only to their changing needs but also the shifting IT security landscape.

For organizations with an old beast of a firewall, they can consider adding a more adaptable firewall in-line instead. In one simple and risk-free move, they could greatly enhance their network security without disturbing the beast. Sophos’ new XG Firewall and SG Series 1U and 2U rackmount appliances are the perfect fit whether IT departments are replacing or augmenting their existing firewall. They strengthen our price-performance ratio even further by providing the latest high-performance technology at the same attractive price point.

Both the XG Series and the SG Series have the same hardware specifications; it is the pre-installed on the inside that makes them different – organisations can choose either our XG Firewall (SFOS) or Sophos UTM as a software platform. Both can be enhanced with Sandstorm sandboxing technology without the need for additional hardware.

For automated incident response and real-time insight and control, businesses can also add Sophos Synchronized Security to their XG Firewall, giving them the Sophos Central Endpoint or Intercept X solutions, too. Together they give organisations unparalleled protection against ransomware and other advanced attacks. It’s next-gen protection against next-gen threats.

Considering a change? Keep the following best practices in mind

It is important to keep in mind that Intrusion Prevention System (IPS), sandboxing and all other protection the firewall provides is only effective against traffic that is actually traversing the firewall and where suitable enforcement and protection policies are being applied to the firewall rules governing that traffic. So, with that in mind, organisations need to follow these best practices for preventing the spread of worm-like attacks on the network:
  • Ensure you have the right protection, including a modern high-performance next-gen firewall IPS engine and sandboxing solution.
  • Reduce the surface area of attack as much as possible by thoroughly reviewing and revisiting all port-forwarding rules to eliminate any non-essential open ports. Every open port represents a potential opening in your network. Where possible, use VPN to access resources on the internal network from outside rather than port-forwarding.
  • Be sure to properly secure any open ports by applying suitable IPS protection to the rules governing that traffic.
  • Apply sandboxing to web and email traffic to ensure all suspicious active files coming in through web downloads and as email attachments are being suitably analyzed for malicious behavior before they get onto your network.
  • Minimize the risk of lateral movement within the network by segmenting LANs into smaller, isolated zones or VLANs that are secured and connected together by the firewall. Be sure to apply suitable IPS policies to rules governing the traffic traversing these LAN segments to prevent exploits, worms, and bots from spreading between LAN segments.
  • Automatically isolate infected systems. When an infection hits, it is important that your IT security solution be able to quickly identify compromised systems and automatically isolate them until they can be cleaned up (either automatically or through manual intervention).