Page 110 - Cyber Defense eMagazine December 2022 Edition
P. 110
Next generation firewall picks up some additional functionality that can happen in the device or firewall
service including web filtering, antivirus services, and intrusion prevention, which are all cybersecurity
solutions that any business would need.
Web Filtering: This function gives business owners the ability to block websites or allow them with some
limitations. Categories can also be included to filter out the types of content allowed. Web filtering was a
separate box in the past but now it's functioning inside the next generation firewall.
Network Antivirus: Another function that the next generation firewall can perform is the antivirus
protection. In most cases people are used to using software such as Norton or McAfee separately. These
security applications live on the end user’s device or the network server. The problem with this is that
these antivirus solutions only target things that arrive at the device after traversing the network. An
example of this would be if someone was to open a web page and click something leading to a virus.
Network antivirus will monitor the network traffic as it enters the firewall, detect the virus, and stop it. This
firewall-based network antivirus feature does not replace antivirus software running on devices but rather
compliments it.
Intrusion Prevention: In this case, a firewall would block the same way it would a virus but instead of a
specific virus file targeting a machine, it goes after attacks that are targeted to a particular operating
system or application that lives on one’s network. If there is a main file server that lives in one’s office
and it runs a certain version of a program that's known to have a vulnerability, this is where intrusion
prevention would be helpful. As traffic comes in, intrusion prevention looks at what appears to be an effort
to exploit a vulnerability, detects and stops it.
When looking at web filtering, network antivirus, or intrusion prevention services, it's important to
remember that these threats change constantly. Protection should not be purchased only once because
a single installation of software won’t provide a stream of constant updates. What will allow updates are
subscribing to more evergreen, managed services solutions such as hosted or cloud-based firewall
capabilities delivered as a service.
Physical vs Hosted/Cloud Based Firewall Capabilities
Firewall is essentially available in two formats. One is a physical box that is placed into a location that
would typically sit between the internet and the rest of someone’s network. The hosted or cloud-based
firewall sits in the cloud, taking the internet with it.
Cloud firewall can be built with geodiversity, where multiple cloud-based firewall platforms operate and
allow continued secure connection to the internet even if one of the cloud platforms should suffer a
connectivity or device failure. If a company with many locations were headquartered in Charlotte and
had a physical firewall at that data center, and there was an issue with the fiber going into that data
center, all the offices that are connected would be down because the Internet lived at the corporate
headquarters. This level of diversity and availability is difficult to duplicate with a premise-based firewall
solution.
Cyber Defense eMagazine – December 2022 Edition 110
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
