by Stuart Hardy, Business Unit Manager of EOH’s Carrier and Network Solutions Division
Network firewalls are among the top security measures that businesses depend on to protect their networks. Like gatekeepers, these solutions wait at the network perimeter and scrutinise all data entering or leaving the company for any violations of security policies.
However, unlike people, these gatekeepers cannot make their own judgement calls. They depend solely on a set of rules, carefully designed by security professionals, on how to react to specific incidents. This is further complicated by the fact that companies are having to manage up to five different security devices to achieve a complete security perimeter. This adds complexity, skill requirements as well as latency.
As organisations increasingly adopt next-generation firewalls into their security arsenal, to try and reduce the complexity of running several security devices to deal with different types of threats, they are realising the added complexity due to potential misconfiguration and change management mistakes. This is even more likely to happen if firewall management is already a bugbear in their traditional firewall solutions.
This is where having a managed service provider comes in. One that will ensure that the necessary firewalls are specified and properly managed, so that security levels are maintained according to best practice standards and in line with customer policies.
Even Next Generation Firewalls bring complexity
Firewalls have always come hand in hand with complexity. They are highly complex, utilising a very technical set of rules. It is very easy to end up with a messy and ineffective firewall if it is not properly managed. And while the introduction of Next Generation Firewalls provides an integrated set of functions such as historically separate DOS and IPS (Intrusion protection) capabilities and more, managing these devices is becoming more complex.
This is why today, most (if not almost all) companies outsource their firewall management to service providers. Service providers have a far better understanding of the requirements and management of these services, particularly Next Generation Firewalls.
The risks of firewall complexity
Operations can’t always keep up with demand, which moves rapidly in response to pressures on the businesses, resulting in mistakes and poor record keeping. The rules that firewalls rely on should not be underestimated in terms of their complexity, which translates to their being vulnerable to human error and needing regular maintenance. Should errors remain undetected, or rule bases not be properly maintained, performance can be significantly degraded, and vulnerabilities allowed to enter the network, and possibly exfiltrate sensitive data.
Firewall logs – there’s gold in them thar hills
Bear in mind that the network firewall has a unique perspective on a company’s network infrastructure, serving as a sentinel guard, protecting the network with a view of everything entering and leaving the network. The logs it creates can be an invaluable source of information to the business, and to networking and security practitioners.
Your managed services provider should ensure that the firewall is configured to log appropriate activity and send it to a secure log server for archiving. These accumulated log entries are the best possible tool a business has for analysing past network traffic and incidents, and can be used as an audit trail in the event of a security breach, or used to pinpoint a network connectivity issue. They can also act as a proactive monitoring tool to prevent intrusions, rule violations, or sudden bursts in traffic. This is even more important in the Next Generation Firewall space as these are doing so much more than the traditional firewall, which includes analysis web and application based traffic and related attacks.
A managed service provider is needed to supplement firewall solutions
Enterprises rely heavily on their firewalls to secure their networks, but it is too easy to become complacent about the routine functions firewalls play in the network security chain. A good managed service provider will take care of all of that, ensuring that rule base monitoring, log analysis and upgrades happen as and when they are supposed to, and that the firewall remains a valuable tool in protecting the network from attacks.
Firewall management becomes straightforward for service providers as a result of their expertise and experience. Security requirements for some larger organisations are more complicated due to public facing servers and information, which necessitates a different architecture (DMZ), but this should also be set up and provided by the operator to some degree. It is best practice today to leave operators to address these complex areas, as the skill set and capability in the operator world far exceeds that of business.
Stuart Hardy has been in the ICT industry since 1997, has been in the Telecommunications industry since 1997, intimately involved in product development, operations and product marketing roles. He has held Executive level positions in some of the largest Operators in South Africa and has founded and driven two successful start-up companies in the Mobile data and Wireless networking spaces. Today, Stuart is a Divisional Director for EOH in their Telecommunications sector.