Long ago, in a land far away, there used to be a network perimeter. Those were the good old days where the network perimeter was the all-encompassing traffic control point, and where traffic was all funneled through a single point, no matter where it came from. But the cloud changed everything by decentralizing the network, making the perimeter vaporize, and giving IT many a sleepless night.
OneNeck Security Practice Director, Nick Santilli, describes the situation like this. “The largest cybersecurity threat still revolves around end users. As technology has evolved, we now have our phones, our tablets – we can work from anywhere on just about any device. And so, the security perimeter has expanded from being just at an office or company location to Starbucks or the movie theater, or even a beach – it’s wherever I am with my device.”
So, with the lack of one point of protection, today’s security teams are having to adapt to protecting multiple points (aka micro-perimeters) across a complex and dispersed environment. And just as IT is evolving their approach, traditional firewalls are evolving too and being replaced by a mixture of physical and virtual appliances, some embedded into the network while others are delivered as a service, are host-based or included with public cloud environments.
What Should I Look for in a Next-gen Firewall?
While threats continue to get more complex, many organizations are still using yesterday’s firewall. So, what should you consider when updating your firewall technology? Cisco lays out these five tips when choosing your next-gen firewall…
- Does it deliver breach prevention and advanced security? Clearly, breach prevention is a firewall’s primary job, but it also should quickly detect a breach should malware make its way inside.
- Does it give you visibility across the network? The first rule of detection is being able to see what’s out there. So your firewall should give you a holistic view and contextual awareness.
- Does it come with flexible management and deployment options? A firewall does no good if it’s too complex to deploy, not easily managed, and cannot be customized to meet your environment’s unique needs, making this a critical consideration.
- Does it detect threats fast enough to mitigate risk? With many of today’s high-profile breaches, it’s discovered later that they’ve been in their network for 100+ days, which is truly terrifying to any security professional. Speed to detection is a must in a modern firewall.
- Does it play well with others? Like any component of a solid security strategy, it has to be integrated with other security components to truly be effective. The automated sharing of threat information, event data, policy and contextual information is what leads to a solution that can secure an environment across multiple points.
The Network Security Game is Changing
Network security in general is becoming more complex on a daily basis, and this requires new strategies to keep the network safe from attack. Point tools, manual processes and lack of qualified staff are only making it harder on today’s CISO to stay ahead of threats. But with integrated technology, consistent network security policies automation, there is hope. Interested in learning more? Check out this informative ESG research report, Navigating Network Security Complexity.
You’re Not Alone.
Still not sure where to start? At OneNeck, we recognize that organizations often need support evolving their security programs, but they don’t have unlimited resources — or in many cases, a chief information security officer (CISO) — to accomplish this important goal. To address this gap, we offer our Virtual CISO service to provide you with on-demand strategic and operational support to meet your unique security needs, without the time delays and high cost of hiring a full-time security expert.
“We stay up to date on the latest security threats, so you don’t have to,” says OneNeck’s CISO, Katie McCullough. “If cybersecurity strategy and risk assessments are a core competency of yours, that’s great. But if not, we can stand in the gap and help you create a security program that accomplishes what you need, without over-engineering systems or processes.”
So, hang in there. You’re not alone. We’re here to help, wherever you are in your security journey.