IT Focus Area: security
October 21, 2020
What’s Next in the Evolution of the Firewall Ecosystem?
In the beginning of cybersecurity, there were access control lists. But before there was a need for access control lists or cybersecurity, there first had to be a recognition of potential harm. That threat was recognized in 1971 when a developer working on the U.S. government’s ARAPNET project wrote the program for the first worm, called Creeper. Soon to follow was the development of the Reaper program designed to find and delete Creeper.
Not only did this set the stage for the development of anti-virus solutions, it also created a larger awareness of risks to the network, launching what would become the cybersecurity industry. Access control lists were used for the first time in the 1960s as part of an early time-sharing operating system, and the control they provided over file systems access made them the precursor of dedicated firewall systems.
Firewalls are a cybersecurity essential
The birth of firewalls marked the first real development in network security dedicated to guarding the perimeter of protected networks. With continued developments, firewalls soon outpaced the abilities of access control lists. Early iterations enforced protocol behavior and acted as network address translation gateways. Researchers at NASA in the late 1980s are credited with the design of the first firewall program. The strength of this design rested on the use of routers which separated the network into smaller units to limit the attack surface.
The next major evolution of firewalls brought significant improvements. Advanced capabilities for user authentication, content filtering, VPN, intrusion detection/prevention (IDP), and other security features were added. With all traffic flowing into and out of the network required to go through the firewall, firewalls became essential for an organization’s cybersecurity efforts.
Firewalls in perimeter-less networks
As we rush toward the reality of an “access anywhere, anytime” world, the firewall solutions developed to protect a physically-defined network are facing new challenges. The defensive actions needed today are significantly different than those that firewalls were originally intended to deliver.
Users and their identity are now the perimeter. And users are now accessing data and applications from home, the coffee shop down the street, or nearly anywhere that connectivity is possible.
To deliver on their expectations, organizations are moving toward a direct-to-cloud approach. This type of network traffic does not always go through a firewall. This remote traffic flow doesn’t eliminate the need to protect network traffic—it actually increases it.
In response, firewall vendors have built-out an ecosystem of protections to protect systems, no matter what network they are on. This ecosystem has continued to broaden to include multiple security technologies all working together to secure systems.
The firewall evolution happening now
Many organizations are migrating workloads to the cloud, and many have started with the business productivity standard—Office 365. By moving this one application suite to the cloud, organizations have moved all of their email traffic, whether internal or external, and most of their document access to the cloud.
Before migrating to the cloud, this same traffic was bound by the physical aspects of the network, with nothing in between the user and the application. Now that both users and applications are beyond that physical perimeter, that same traffic now goes in and out of the enterprise network through the firewall. This puts a large burden on legacy firewalls and network infrastructure. Traffic flow increases are also coming from the Software as a Service (SaaS) offerings organizations are adopting. From HR and ITSM to security and infrastructure management, a growing number of organizations are now working primarily with applications that are external.
The expanding role of firewalls in direct-to-cloud access
By moving to a direct-to-cloud approach, the strain of external users and applications can be reduced on firewalls. With this model, remote user traffic only flows through the firewalls when internal resources are accessed, or when users are working in the physical perimeter.
It’s not only users and applications that are moving to the cloud. Companies are also migrating their server workloads to cloud environments with Infrastructure as a Service (IaaS). Moving these systems to new environments comes with some similar challenges as on-premises, but also the addition of new risks.
The direct-to-cloud move doesn’t eliminate the necessity of firewalls, but it does require changes in the solutions. Firewall vendors are actively adapting to the need for different capabilities, including protecting servers and the IaaS environments where they reside.
What’s next for firewalls?
Firewall technology providers haven’t been sitting idly by as the migration to SaaS and IaaS and the move to a direct-to-cloud approach occurs. Most have extended their solution capabilities to include protections for systems wherever they are located, developing complete security solutions that span cloud security, the software-defined perimeter, endpoint protections, and compliance.
One of the more interesting developments occurring at the top firewall vendors is the investment in anti-virus (AV) and endpoint protection technologies. By adding AV and endpoint detection and response (EDR) capabilities, these technology solution providers are bringing endpoint and network security into a single platform. This evolution hasn’t always been smooth, with early versions delivering less-than-desired performance, but advances are being made. Many of the leading firewall solutions now offer similar capabilities to dedicated, best-of-breed AV and EDR solutions—with the benefit of a single-vendor, integrated approach.
Firewalls get SASE
The secure access service edge (SASE) is a solution concept identified by Gartner that packages technologies around SD-WAN, secure web gateways (SWG), cloud access security brokers (CASB) and other core abilities with additional capabilities also possible. Some firewall solutions are moving to SASE technology to protect the network traffic of end-user systems.
These SASE solutions offer full-featured firewalls to protect systems on any network, and with access points distributed across the globe. These solutions minimize latency and provide security as close to the system as possible. Integrating a SASE solution into existing firewalls allows policies to be configured in one platform, following the user wherever they are.
Integrating cloud security posture management (CSPM)
As systems move to the cloud, an entirely new realm of security controls is required due to the configuration of cloud environments. Misconfiguration of services in the cloud have resulted in some of the largest data breaches we have seen. Some of these breaches were possible due to misconfigured storage like Amazon S3 buckets, and some because people didn’t realize systems like elastic databases were exposed.
The challenges presented by maintaining and monitoring configurations in the cloud has led to the rise of CSPM solutions. Most firewall vendors have purchased companies in this space to acquire CSPM capabilities. It’s a logical fit, providing a natural extension of what a firewall does. When CSPM is fully integrated into these firewall solutions, there will be great potential for crossover of configuration, compliance and firewall policies.
Drop-in firewall replacement
Firewall vendors are now fully virtualizing their systems, designing them to be drop-in replacements for cloud-native firewall capabilities. This allows firewalls to be managed from one console and to have policies that function the same, no matter what environment a workload runs in. This also allows migration of servers from internal data centers to the cloud, and back again, without having to re-test with different security infrastructure.
The future of cybersecurity includes firewalls
With all of the additional features and capabilities this new firewall ecosystem brings, there is value in an integrated stack that includes firewalls as a key component. The true advantage lies in endpoint protection, cloud security and firewalls working together as a unified solution. With tight integration, the multiplier effect occurs, and the combined solutions are more effective than the individual parts.
As cloud migration continues and security becomes more complex, firewall manufacturers appear prepared to adapt their technologies to meet new challenges as they emerge. The truth of evolution is that it’s always the strong that survive. Technologies that help organizations advance their security posture in the face of changing risks, resources and expectations likely have a strong role in cybersecurity well into the future.