Saturday, July 23, 2022

The Slow Rise & The Meteoric Fall Of The Traditional Firewall

 


For the most part, we all have heard about Firewalls.  There is nothing new about them, and in fact, they first originated in the mid 90’s when Windows 95 was first born and the Internet Explorer was the brand-new replacement to Netscape Navigator. 

Back then, VDs and VMs were, or Azure were not even in our vocabulary.  Probably some of the best-known Firewalls back then were that of Linksys and Cisco (can’t really remember any others).

At the time, they were basic security tools.  Their main function was to scan data packets that were inbound to the IT and Network infrastructure of a company, and discard them before they could penetrate through.  The reverse of this is also true.  The way that a Firewall knew in what sort of data packets to discard were built upon a set of rules and permutations that were programmed into them.

But over time, technology of course advanced, and then came the Router.  This was deemed to be a huge step up over the Firewall, as now this newer security tool could also to determine the most optimal network path that the data packet should take in order to reach its destination in the quickest and most efficient manner. 

But what was nicer about a Router, was that it also contained an Access Control List, or ACL for short. 

This was once again a listing of what kinds of data packets should be blacklisted, and not allowed through.  But this time, it could actually learn from the past, and build its own database of known threat vectors from that. 

This was then compared to the new influx of data packets.  Then after this, Cryptography for uses in security was the next big advancement, and with this data packets were further protected from falling into the hands of a malicious party.

But the problem here is that with this, it was far more difficult for the Firewall and/or the Router to detect for any malicious data packets.  In effort to combat this, some of the major vendors improved their technology to the point that the Firewall and/or Router could literally disassemble the data packet inspect it, and reassemble it again so it could move forward. 

But all of this took a lot of processing and computational power, which was not fruitful in the end.

Then came AI and ML, which has given a whole new twist to the Firewall and Router technology.  For example, not only could these tools build their databases of threat signature profiles, but they could now learn how to do this on a real time basis. 

This simply means that almost no human intervention is required, the Firewalls and Routers can even predict what future malicious data packets can look like.  But the downside here is that is with AI and ML, a huge amount of data has to be fed into them first before they can learn anything.

But not only this, they have to keep continuing to be fed this data.  And the datasets that are used have to be optimized and cleansed also on a real time basis so that the here is no statistical based skewness that is produced into the output.  So the toss up here is that with the new advances being made, there is always a lot of time spent on something else in order for the whole thing to happen.

Now enter the COVID-19 pandemic.  Although the concept of WFH has been around for quite a long time, Firewalls and Routers were meant to work at peak capacity only about 25% of employees working remotely.  They were not designed at all to work at the peak capacity that we are seeing now, which is over 99%.  As a result, many types of Firewalls and Routers (and even VPNs) have been broken down, which has now made them a prime source of attack.

My Thoughts On This:

I forgot to mention, that in between all of this, anther technological advancement was made a few years ago also, which is known as the “SIEM”, and is still being used actively by IT Security teams in Corporate America today. 

This is a centralized dashboard which presents all of the needed information and data in one, holistic view.  One of the key advantages of this is that it can also filter through false positives, thus only presenting the real threats to the IT Security team.

Another technique that has been attempted to ease the burden on Firewalls and Routers is to simply log into them any blacklisted domains.  While this has been to a proven technique to use, it does not take into account any blacklisted ones which have become whitelisted.  In other words, human intervention is still required, which defeats the whole purpose of any technological advancement. 

But believe it or not, in all of these situations, there is still yet another viable solution that is present, and seems to be working well.  This is the known as the Next Gen Firewall.  This is the latest, and most cutting-edge technology out that is out there. 

For example, not only does it consist of all of the advancements mentioned in this blog, but it is also designed to handle the capacity of the near 99% Remote Workforce, and even beyond that as well.

But as far as I know, this new breed of technology is now available in the Cloud, such as Microsoft Azure.  So if you want to use one, you are going to have to open up a brand-new account, and pretty much migrate almost all of your IT and Network infrastructure into it. 

But the best of all, there is no added cost to start using the Next Gen Firewall from Azure.  It is already factored into your overall, monthly bill.

While this powerful tool is there, don’t expect Microsoft to configure for you also, based upon your security requirements.  That is entirely your responsibility, and if there is any data leakage, you will be held accountable.  Therefore, it is always wise to check in with a Cloud Services Provider (CSP) in order to fully ensure that your migration is complete, and all the necessary configurations have been set correctly.

No comments:

Post a Comment

Protecting Yourself From The Coming Worldwide Cyber War

  As the world becomes more digital by nature, and the Remote Workforce now taking a permanent foothold here in the United States, security ...