Firewalls have been a critical first line of defense in network security for decades. Over the years, they have evolved beyond simply filtering traffic between internal and external networks to offering more advanced features. Today banks and credit unions can capitalize on the technical innovations of next-generation firewalls (NGFW) to significantly enhance their network security.
NGFWs offer a combination of advanced elements that can help financial institutions better manage incoming and outgoing traffic. Encryption is one example and is a key defensive weapon—but it can be a two-edged sword. While encryption is designed to ensure that only the intended audience can see the data being sent, a network’s security system may not be able to properly view, examine, and identify the encrypted traffic.
When a firewall receives encrypted traffic, it has to unscramble it into readable, usable, plain text. Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) inspection are required to allow this unscrambling. Without these next-gen inspection features, it is estimated that more than 80% of internet traffic will traverse the firewall uninspected. This means encrypted web traffic can deliver malware to the client without the firewall ever knowing it. Additionally, many advanced firewalls employ “sandboxing,” which ensures suspicious traffic is processed in a secure alternative environment without posing risks to the production network.
Many NGFWs also use what are known as “dynamic” and “static” threat feeds. These lists of potential and current threats enable the firewall to determine whether certain traffic will be passed through or denied. Suspicious traffic gets flagged and remains in the database to support future evaluations.
With threat feeds, a static list is generally used for a small number of IP addresses – in part because it requires more manual labor for maintenance and updating. A dynamic list is typically automated from the cloud, which makes it less user-intensive, easier to keep updated, and more effective than a static list. Geo IP filtering, for example, is just one type of dynamic feed that institutions can use to block certain countries from accessing their outbound or inbound traffic.
Website whitelisting and cross-site hosting are additional tactics for managing and troubleshooting firewalls. Whitelisting allows access to websites that have been blocked by the firewall, and cross-site hosting comes into play when a different but related site is requested.
When it comes to advanced firewall devices, logs and log analysis are especially critical. Logs provide records of every action and event that happens on a network and provide valuable insight into identifying issues that impact performance, compliance, and security. As data logs can surpass millions of lines from just a single 24-hour period, manually analyzing this data is an overwhelming undertaking. With NGFW features such as automated log collection and analysis, institutions can improve data gathering and log management to detect and address potential security problems more effectively.
So which NGFW features are the most important? All of them are important. They’re intended to complement each other and work together toward a common goal: enhancing network security.
There are a few additional, important aspects to consider when implementing a firewall, such as ingress vs. egress rules, cloud services, or content delivery networks, protecting a remote workforce, and ongoing employee training. To learn more about these and all the advanced firewall features, listen to our webinar, “Firewall Chat: A Panel Discussion on the Technical Advances in Firewalls.”