Why a Next Generation Firewall?

Yesterday’s security solutions…

Whether in Windows, in your antivirus, or in your network, you’re surrounded by firewalls. What is it anyway?

A firewall is a system based on conditional filters, which will allow or prohibit network communications between two elements: source, destination, use (port/protocol), ON/OFF, etc. Simple, efficient, sober, it is the Swiss Army knife of your IT network.

As long as threats, attacks and uses remained simple, we had it easy.

Today, hackers are smarter, codes more efficient, users more exposed, and new defences needed for your IT network protection.

No longer are the same as today…

A new generation firewall (Next Generation Firewall or NGF) will include collaborative work based on behaviours, application signatures, data correlation with agents, probes or other firewalls around the world in order to act beyond a traditional firewall perimeter.

The objective being to detect an attack BEFORE suffering the consequences.

Want to do a pentest or intrusion tests? Ask us.

And even less the one of tomorrow.

Security is a matter of point of view, and the administrator’s point of view is not the users. Fewer actions allowed means less risk for IT system, and less freedom for your users means more data security. A network security audit and NGF configuration will require a precise definition of your needs.

Logs, or transaction logs, will provide you with reports that will help you identify legitimate and vital uses of your system to make the right decision.

Logs will give you a general overview, allowing to identify new uses and justify bandwidth use, in addition, the law requires you to store some transaction logs anonymously.

What about ransomwares/destructwares?

This is the most popular attack in recent years. Hackers target your company (hacks are not done randomly) and will attempt to encrypt your data before asking for money: this is ransomware.

The destructware is based on the same principle, but not for money; the objective is to get you out of business.

SMEs are usual targets as they are often not well protected, most IT security revolving around an antivirus, which CANNOT be effective as this Ransomware and destructware are specially designed to avoid signature-based detection.

In most cases, ransomware propagates by email, not the malware itself but a program that will execute a download later, enabling the malware to communicate with the hacker’s server.

In each phase, the NGF will apply several lines of defences attempting to stop the attack.

First an analysis of the sender reputation, then an antispam and antivirus followed by a “Zero day” threat analysis. A smart move is to block specific types of content and attachments that have no place in an email to start with.

Then preventing download though web filtering, application control, reputation control, antivirus and “Zero day” threat analysis.

Finally, preventing communications with the hacker’s server by way of web filtering, application control, reputation control and network attack prevention.

Security means confidentiality

Putting all these controls in place, means carrying out an “https inspection”. Today, https traffic represents most network transactions. A “https inspection” consists in removing the “s” from “https” changing it into “http” so that frames are no longer encrypted and can be analysed by the firewall. Once analysed, the flow is encrypted again by an automated process so that emails and conversations remain private.

While this process is vital for your digital defence, it also has disadvantages: https traffic will be slower, some programs will have to be abandoned (file synchronization software) and some communications won’t be analysed, requiring vigilance.

Activité d’un Next Generation Firewall par heure

Safety also means agility!

Finally, once your strategies are implemented in your NGF, the work is not done with. You will still need regular log consultation, review policies, adapt to new threats, find alternatives to some user requests, and regularly challenge your internal policies.

A Next Generation Firewall means little time and many logs to reach a high level of security, regain control of bandwidth and usage, and face new threats quickly and effectively.

In the end, the biggest problem is not technical, it is the acceptance of security measures by users!

The 7 advantages of the Next Generation Firewall

• High level of security
• Network control through visibility
• Rapid response to new Internet uses
• Rapid response to new threats
• Bandwidth preservation
• HADOPI compliance
• GDPR compliance