Page 23 - Cyber Warnings
P. 23
Getting the Most out of Data Centre Firewalls to Ensure Cyber
Security in Middle East Enterprises
Firewalls are an integral part of multi-layered defences for businesses. Today’s Next-Gen
firewalls secure the enterprise network and allow organizations to combat emerging cyber
threats.
Some of the latest data centre firewall products have capabilities including blocking volumetric
and application-layer DDoS attacks, advanced server load balancing, data acceleration and
SSL offload, multi-tenancy, flexible data filtering and so on.
However to get the most out of firewalls, enterprises need to pay attention to the areas outlined
below:
Performance-test your firewalls
Don’t judge your firewall just by how it performs in its default state. A lot of the applications and
services that used to be hosted in the data centre are SaaS and cloud-based these days. The
packets of traffic generated by mobile devices such as smartphones and tablets that need
network access have added to the volume of traffic that must be vetted at the network edge.
Security devices that are ill-equipped to handle the volume and the somewhat unpredictable
nature of the traffic can end up seriously increasing latency and degrading the performance of
critical applications and services.
Firewalls these days have a much bigger load to handle than before. Consider how your policies
impact performance. Make sure policies are written in such a way they don’t slow down
performance. Test the performance capabilities of your firewall when all rules are configured,
not when it's in its default state.
Inspect the encrypted stuff
Make sure you can inspect all traffic including the encrypted stuff. A lot of the traffic entering and
exiting a network use Secure Sockets Layer (SSL) and Secure Shell (SSH) encryption to protect
data in transit. While that’s generally a good thing, the problem is that threat actors also use
encryption to hide malicious activity and to conceal communications with compromised systems.
By some estimates, more than one third of all traffic that hits a corporate network is encrypted.
Without a way to decrypt the traffic, your firewalls are going to be blind to any attacks that a
threat actor might slip in via encrypted traffic or to any data extraction that might be going on the
same way as well, she says.
While some newer firewalls are able to decrypt and inspect encrypted traffic, many do not. If
your firewalls fall into the latter category, it’s a good idea to have a way to intercept the SSL
23 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
