Page 111 - Cyber Defense eMagazine December 2022 Edition
P. 111
Cloud-based firewall solutions are particularly beneficial for businesses and enterprises with multiple
locations, as they eliminate the need for multiple boxes and receive constant updates if the firewall is
hosted on the cloud. Cloud-based firewalls bring multiple capabilities such as not worrying about the
capital expenditures of buying a box, having high availability, and geodiversity.
DDoS Protection vs Carrier-based DDoS Solutions
The next table stakes security issue is paying attention to DDoS attacks, which is an attack from multiple
locations around the internet all coming into a central point with the goal to overwhelm the protection that
sits there, the firewall at the end, or to overwhelm a web or application server. DDoS attacks usually
intend to either take a company out of service or for some type of a political statement.
A firewall itself can prevent DDoS, but if the firewall is busy worrying about throwing away the trash that's
coming in with an attack, it would become overwhelmed, causing the end goal of a DDoS attack to be
achieved since the firewall stops doing its primary function.
The best way to combat a DDoS attack is to let a carrier deploy protection in their network, preferably at
the very edges of a network, which is known as carrier-based DDoS solutions. The value of that is if
multiple businesses are located in the same general market and one of those is attacked, it could impact
everyone, not just the targeted business due the overall network being overwhelmed. By pushing that
mitigation of the attack as far out as possible, such as to the edge, nobody sees it and the attack is
prevented by the carrier.
DDoS protection should be considered regardless, but the more optimal way to deploy it would be to use
carrier-based DDoS solutions as they gain the benefits of being able to push it out to the edge.
A carrier deployed DDoS protection solution may also benefit from threat intelligence related to attacks
around the country or the globe. This intelligence allows an attacker’s signature to be known even before
the attack spreads to the carrier’s edge.
Endpoint Protection vs Holistic Endpoint Protection Solutions
The next thing that would be considered table stakes is protection of the end points in a network, known
as endpoint protection or EPP. When you go online to a secure website, such as an online banking login
page, you would most likely see that little lock on the left side of the address bar, which basically means
that traffic is being encrypted.
Encryption is a good thing, but as more and more Internet traffic becomes encrypted, firewall itself can't
see what's going on as traffic passes through, so threats are going to get through to the end user's
computer. Something may look normal to the user but could contain a virus or malware.
And just like the firewall needs to have those regular updates, it's terribly critical that endpoint protection
software is updated continuously, also. Buying EPP individually and putting it on individual computers is
good, but it's not ideal. What you want is a holistic endpoint protection solution for a company. A holistic
Cyber Defense eMagazine – December 2022 Edition 111
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.