Over the past decade or two, an inevitable digital transformation shift has meant that organisations of various sizes and capacities have started storing assets and information digitally and are now reliant on a plethora of servers and applications to keep their business up and running. Presence of bespoke business applications and system like Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Financial and Accounting and Industrial Control Systems etc. has seen an exponential growth. With companies now moving at pace towards achieving this technological excellence to maximise business outcomes, cyber-attacks have also seen a surge with well-resourced bad actors threatening to not only steal sensitive information but also permanently delete or expose said information. Attackers have become incredibly intelligent in exploiting vulnerabilities and shortcomings in modern day systems and application designs.
Most common cyber-attacks like Malware (trojans, viruses and ransomware), Phishing, Drive-by-attacks, DoS/DDoS, XSS etc. target vulnerable systems and users and threaten to steal, expose or harm/delete sensitive information like financial information and credit card details, user account credentials, logging keystrokes and can even take remote control a victim’s computer.
For an organisation that has hundreds of users and systems relying on the internet to function, and is spread across multiple locations, the prospect of a cyber-attack can be even more devastating.
Hence, it becomes pivotal for all organisations to invest and focus on Cyber Security practices to prevent any mishaps in the future. One of the most effective ways a company can do that is by using Network Firewalls.
A firewall forms the first and the most important line of defence by constantly screening all incoming and outgoing internet connections and filtering out any malicious requests or connections. Most “Next Gen Firewalls” (aka NGFW) now come pre-built with capabilities to handle specific cyber security controls like Intrusion Prevention and Detection (IPS/IDS), Security Zones, Application and Web Filtering etc.
Some of the capabilities of a modern-day Firewall (like Fortigate) are –
1. Intrusion Prevention and Intrusion Detection: This module or “blade” uses signature-based sensors to detect traffic type and discern legitimate traffic from potential cyber-threats and zero-day attacks. Fortinet’s Threat Intelligence database has thousands of logged signatures of all known and unknown vulnerabilities and threats. In addition to preventing any zero-day attacks, an IPS blade can help prevent attacks like DoS, Brute force attacks and vulnerability exploits on unpatched and outdated systems and applications.
2. Application Control: Unlike traditional firewalls that only monitor Source and Destination IP address and port numbers, NGFW firewalls can identify applications like Remote Access (TeamViewer, VNC), Video steaming (Youtube, Netflix), Proxy, Torrent engines etc. Using an extensive Application database, Fortinet blocks access to and from risky applications like Keyloggers, Miners, Unauthorised Remote Control, etc.
3. Web Filtering: This blade is responsible for preventing access to untrusted and malicious websites on the internet. As malicious webpages and insecure web connections become one of the first vectors of initiating cyber-attacks, knowing which websites/pages to not visit becomes a challenge. Fortunately, a good firewall’s Threat Intelligence database holds the vast majority of known malware download sources which can be implemented using Web Filtering blade thereby preventing any malware related attacks such as ransomware.
4. Deep Packet Inspection (DPI): As most cyber attacks have evolved from using less secure and non-encrypted channels and now exploit vulnerabilities over HTTPS, the conventional way of only assessing HTTP traffic is obsolete and it becomes imperative to also screen HTTPS traffic. With Deep Packet inspection also known as Packet Sniffing, Firewalls examine the content of data packets and determine how to handle threats they come across. DPI can actively prevent malware spread and data loss.
As the threat landscape rapidly expands due to co-location and multi-cloud adoption, failure to offer protection at scale can not only lead to a weak security posture but can jeopardise key business assets that can bring an organisation to its knees. By investing in the right Cyber security measures, companies can move at pace and expand demand with the peace of mind that comes with identifying and safeguarding against the potent threats out in the wild.