For the most part, we all have heard about Firewalls. There is nothing new about them, and in fact,
they first originated in the mid 90’s when Windows 95 was first born and the
Internet Explorer was the brand-new replacement to Netscape Navigator.
Back then, VDs and VMs were, or Azure were not even in our vocabulary. Probably some of the best-known Firewalls
back then were that of Linksys and Cisco (can’t really remember any others).
At the time, they were basic security tools. Their main function was to scan data packets
that were inbound to the IT and Network infrastructure of a company, and discard
them before they could penetrate through.
The reverse of this is also true.
The way that a Firewall knew in what sort of data packets to discard
were built upon a set of rules and permutations that were programmed into them.
But over time, technology of course advanced, and then came the
Router. This was deemed to be a huge
step up over the Firewall, as now this newer security tool could also to
determine the most optimal network path that the data packet should take in
order to reach its destination in the quickest and most efficient manner.
But what was nicer about a Router, was that it also
contained an Access Control List, or ACL for short.
This was once again a listing of what kinds of data packets
should be blacklisted, and not allowed through.
But this time, it could actually learn from the past, and build its own
database of known threat vectors from that.
This was then compared to the new influx of data packets. Then after this, Cryptography for uses in
security was the next big advancement, and with this data packets were further
protected from falling into the hands of a malicious party.
But the problem here is that with this, it was far more
difficult for the Firewall and/or the Router to detect for any malicious data
packets. In effort to combat this, some
of the major vendors improved their technology to the point that the Firewall
and/or Router could literally disassemble the data packet inspect it, and
reassemble it again so it could move forward.
But all of this took a lot of processing and computational power,
which was not fruitful in the end.
Then came AI and ML, which has given a whole new twist to the
Firewall and Router technology. For
example, not only could these tools build their databases of threat signature
profiles, but they could now learn how to do this on a real time basis.
This simply means that almost no human intervention is required,
the Firewalls and Routers can even predict what future malicious data packets
can look like. But the downside here is that
is with AI and ML, a huge amount of data has to be fed into them first before
they can learn anything.
But not only this, they have to keep continuing to be fed this
data. And the datasets that are used
have to be optimized and cleansed also on a real time basis so that the here is
no statistical based skewness that is produced into the output. So the toss up here is that with the new
advances being made, there is always a lot of time spent on something else in
order for the whole thing to happen.
Now enter the COVID-19 pandemic. Although the concept of WFH has been around for
quite a long time, Firewalls and Routers were meant to work at peak capacity
only about 25% of employees working remotely.
They were not designed at all to work at the peak capacity that we are
seeing now, which is over 99%. As a result,
many types of Firewalls and Routers (and even VPNs) have been broken down, which
has now made them a prime source of attack.
My Thoughts On This:
I forgot to mention, that in between all of this, anther technological
advancement was made a few years ago also, which is known as the “SIEM”, and is
still being used actively by IT Security teams in Corporate America today.
This is a centralized dashboard which presents all of the
needed information and data in one, holistic view. One of the key advantages of this is that it can
also filter through false positives, thus only presenting the real threats to the
IT Security team.
Another technique that has been attempted to ease the burden
on Firewalls and Routers is to simply log into them any blacklisted
domains. While this has been to a proven
technique to use, it does not take into account any blacklisted ones which have
become whitelisted. In other words,
human intervention is still required, which defeats the whole purpose of any
technological advancement.
But believe it or not, in all of these situations, there is
still yet another viable solution that is present, and seems to be working
well. This is the known as the Next Gen
Firewall. This is the latest, and most cutting-edge
technology out that is out there.
For example, not only does it consist of all of the advancements
mentioned in this blog, but it is also designed to handle the capacity of the
near 99% Remote Workforce, and even beyond that as well.
But as far as I know, this new breed of technology is now available
in the Cloud, such as Microsoft Azure.
So if you want to use one, you are going to have to open up a brand-new
account, and pretty much migrate almost all of your IT and Network infrastructure
into it.
But the best of all, there is no added cost to start using the
Next Gen Firewall from Azure. It is
already factored into your overall, monthly bill.
While this powerful tool is there, don’t expect Microsoft to
configure for you also, based upon your security requirements. That is entirely your responsibility, and if
there is any data leakage, you will be held accountable. Therefore, it is always wise to check in with
a Cloud Services Provider (CSP) in order to fully ensure that your migration is
complete, and all the necessary configurations have been set correctly.
No comments:
Post a Comment