What is a Firewall?
I am continuing my series of blogs that spends time discussing the components of the network and network security stack. Many/most organizations will have the basic components of the stack, and as we move towards other tools and solutions that fit further out on the edge of the stack, some may fall off. However, that doesn’t mean it will remain that way. As we all know, technology, networking, security and threats constantly evolves.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules (Access Control Lists or ACL’s). It is one of the major security solutions that organizations must consider for their security stack.
Firewalls have been a first line of defense in network security for over two decades. These devices establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.
Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.
This is the type of firewall portfolio I managed for many years. Multiple million devices were out there in the real world for years. I had multi-WAN and Dual-WAN models that ended up being the precursor idea that sparked the idea of SASE. Such fun times!
A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention (IPS) and antivirus (AV). It may also include additional services and often cloud management. UTMs tend to focus on simplicity and ease of use.
Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.
Next-generation firewalls include:
While these capabilities are increasingly becoming the standard for most companies, NGFWs can do much more. In fact from my experience, feature and technology leaps occur at break-neck speed. Almost as fast as the threats that we all face, today and tomorrow.
These firewalls include all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation. With a threat-focused NGFW you can:
A virtual firewall is typically deployed as a virtual appliance in a private cloud (VMware ESXi, Microsoft Hyper-V, KVM) or public cloud (Amazon Web Services or AWS, Microsoft Azure, Google Cloud Platform or GCP, Oracle Cloud Infrastructure or OCI) to monitor and secure traffic across physical and virtual networks. A virtual firewall is often a key component in software-defined networks (SDN).
Cloud native firewalls are modernizing the way to secure applications and workload infrastructure at scale. With automated scaling features, cloud native firewalls enable networking operations and security operations teams to run at agile speeds.
Advantages of Cloud Native Firewalls:
There's a number of use cases when we talk about the capabilities of our Cyber Range. One of them is stack optimization. The firewall is certainly a large part of any organization's security stack, so when it comes to checking (optimizing) configurations, firmware versions, and even your team's ability to configure and manage these devices, there's nothing else better than the Simspace Cyber Range. There are more use cases than you can believe. Want to hear more? Contact our Sales Team today!
I want to thank you for your time, from our team here at Simspace Corporation to yours, take care.
Take the next step toward continuous security improvement
With SimSpace, you can assess
and optimize your complete
security posture — all in one platform