Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Mobile
    • Networking

    Firewalls Gain Strength as Main Line of Network Defense

    By
    Brian Prince
    -
    June 24, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Sometimes in IT, the best defense is a good defense moved further up the network stack. At least that is what some vendors and analysts are predicting about the next generation of network firewalls.

      “The firewall is the piece of network security infrastructure with all the traffic … every frame going in and out of the network. It is absolutely the perfect place to provide visibility and control into these [Web] applications,” said Dave Stevens, CEO of Palo Alto Networks, based in Alviso, Calif.

      Vendors are increasingly looking to integrate IPS (intrusion prevention systems) with firewalls, but truly integrated, full-featured products are in short supply, said Gartner analyst Greg Young. He cited research by his firm stating that threats have become more complex and moved higher in the network stack, forcing firewalls to move beyond just providing stateful protocol analysis to having increasingly rich management and configuration tools.

      Robert Whiteley, an analyst with Forrester Research, agreed that firewalls will be more tightly integrated with all network security functions in the future.

      “We already see products under the unified threat management category that combine firewall, VPN, IPS, anti-malware, and content filtering – I think Ciscos ASA and Junipers SSG are good enterprise examples,” he said. “However, these are not truly integrated.”

      The ability to scan Web applications as they hit the firewall will be critical, Whiteley continued.

      “An organization will have a gaping hole in its security architecture if it thinks traditional network firewalls are protecting the perimeter. We see trends like Web 2.0, Web services and SOA [service-oriented architecture], and software-as-a-service dramatically changing companies application architectures,” he said. “It also means that far more mission-critical traffic is now flowing over the standard Web ports.”

      XML, Java, Flash and many other new Web protocols will allow for new, innovative application types – but they also carry with them an unknown number of vulnerabilities, Whiteley added.

      “Companies will have to migrate to application-level protection in order to stop evolving exploits,” he said, adding that exploits are increasingly sophisticated and targeted. “It will be critical for the next generation of firewalls to provide better visibility to better tackle todays threatscape – never mind tomorrows.”

      But bringing all these technologies together in the firewall will only succeed in the marketplace if it can be done without sacrificing latency and the throughput of basic firewall functions, analysts said. To this end, Check Point Software Technologies is putting its focus on performance.

      /zimages/5/28571.gifClick here to read about how a simple Unicode flaw could undercut firewalls and intrusion protection systems.

      “Were leveraging our open performance architecture so that performance is not just about how fast the firewall can go, but how fast it can go while it is actually protecting your network with intrusion prevention and other security measures activated,” said Bill Jensen, product marketing manager for Check Point, headquartered in Tel Aviv, Israel, and Redwood City, Calif.

      Todays corporate users are installing applications—for both personal and business use—that have been designed to dodge detection by legacy network firewalls, Palo Alto Networks officials said. A new approach that leverages features such as application control, IP reputation technology and gateway anti-virus filtering in network firewalls is required to meet the needs of the modern enterprise, company officials said.

      “Modern applications,” Stevens said, “are starting to adopt a communications model which is pretty effective at bypassing the existing security infrastructure … by hopping from port to port, or tunneling through encrypted links or just masquerading as port 80.”

      As a result enterprises have effectively lost control over those connections and created compliance and information leak issues at some businesses, he said. To help companies address the situation, Palo Alto Networks has added application classification technology into its recently released PA-4000 Series, a family of firewall devices that can identify application traffic across ports.

      “We can open the SSL [Secure Sockets Layer] links if necessary to identify the application,” Stevens said.

      In addition, the PA-4000 devices perform deep packet inspection, apply filters and enforce policies based on the application. For example, an organization might choose to allow Web-based mail, but scan files being transferred for viruses, Stevens said.

      With Ciscos marriage with IronPort now complete, Cisco officials have said they will look to weave IronPorts IP reputation technology into the firewall.

      Armed with reputation data from IronPorts SenderBase Web site, Ciscos firewall will be aware of the reputation of the servers it is connecting to, said Tom Gillis, vice president of marketing in Ciscos IronPort Business Unit, in San Jose, Calif.

      /zimages/5/28571.gifTo read about how a modern Windows firewall can fit on a USB key, click here.

      “In the first release of that, which will be in the first half of 2008, [it] will allow you to provide visibility into these connections so you can see how many clients are in your network that are connecting to servers that are known to be botnet control nodes,” Gillis said, adding that users would be able to block, throttle or deny connections considered suspect.

      Connection blocking is the most obvious use of reputation technology, Gillis said. But he also said he foresees it being used to route traffic that hits the firewall. For example, if content is coming in from a server that is considered to be “rogue,” the traffic can be blocked; if the server is considered beyond reproach, the traffic can be routed around the spam scanning engine. Traffic from servers not known to be good or bad can be sent past a number of different signature-based scanning engines, he said.

      “Future firewalls are going to have the ability to route traffic through the appropriate scanning measure based on the reputation of the connecting server,” Gillis said. “The firewall is effectively the traffic cop.”

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Brian Prince
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×