Choosing a Firewall – Top Tips for Businesses

By Simon Crocker, Senior Director, Systems Engineering, Palo Alto Networks.

  • 2 weeks ago Posted in

All organisations are looking for ever more agile approaches to their security as they look to match it with the desired levels of agility they want from their business. Digital transformation, hybrid working, and market forces are all putting pressure on businesses and organisations to change and adapt. Next-generation firewalls (NGFW) are critical components for any network data security strategy, and a desire for greater agility here is no different. In achieving this, it is important to note that not all next-generation firewalls are created equal.

There are two high-level considerations to be made when deciding on a firewall strategy. Firstly, what is the determination that the solution can keep pace with the evolution of today’s advanced attacks? And secondly, how does the solution ensure business growth, agility and innovation are delivered? An essential balancing act needs to take place; here are the critical steps that need to be taken before you choose which next-generation firewall to go with.

Always Test Before You Buy and Size Correctly

Buying a next-generation firewall without doing your own research should never happen. The firewall needs to mould perfectly into your networking environment and the company’s individual security requirements. When testing, ensure that the firewall is well equipped to face real traffic patterns and assess the end user application experience, whether this is on-premises or a SaaS application. Layering all tests is critical as this will mirror real-world requirements and challenges.

One common pitfall to look out for here is that in a lot of testing, testers review one feature at a time, which could result in choosing the wrong firewall; you need to look at everything running together to guarantee the right choice. Knowing this, do not rely only on datasheets and other “performance on paper” analyses, as there are substantial differences between firewall vendors. Some might consolidate threat prevention features (e.g. intrusion prevention systems [IPS], antivirus, command and control, URL filtering) in factors of performance impact. At the same time, another might showcase performance impact based solely on best-in-class IPS capabilities in isolated criteria.

It is critical that you make sure you are making the perfect match. In that case, you need to understand the capabilities of your company’s environments’ real-world requirements like IPS, application control, IPSec Decryption and advanced malware detection with your traffic analysis. Capacity planning is vital for sizing; therefore, time must be taken to properly test your requirements for the most intense issues that might arise.

Pay Attention to the Past whilst Thinking about Future Business Requirements

Usually, a firewall vendor collaborates directly with the networking team to gauge the requirements of the project. However, with the importance placed on an organisation’s security efficacy, automation, agility and user application experience, it would be a mistake to just consider the needs of the networking team.

When assessing which firewall to choose, stakeholders should always be considered and involved across all business units. This includes application end users. You should also involve stakeholders in the beginning stages of the process for their differing views of the level of security and prevention needed. For example, data centre teams need automated features and capabilities, segmentation/microsegmentation of hybrid cloud environments, scalability to meet evolving needs,

and single-pane management. By contrast, the application teams want simple, quick, and secure application development and deployment, whether the application is SaaS or in the data centre.

Accounting for Integration and Scalability

A new firewall should drive your IT Infrastructure performance without complex integration. There should be a simple process of pairing it with your current environment without making you replace systems. Assessing API integration, automation capabilities and cloud management should be the main focuses of the evaluation since these are vital for an organisation’s approach.

Avoiding historically common mistakes, like vendor lock-in, will be beneficial. Choose a firewall vendor with a valuable community of technology partners to drive seamless integration with your environment from a security and networking stance. Remember, if you consolidate with one vendor, management issues and complexities can continue between security devices and individual networking, so making the right choice is crucial. Also, make it the vendor’s responsibility to manage the integration efforts of a new security platform – you should not have to implement this yourself.

As your company changes and evolves, scalability must be front of mind. A vendor that utilises cloud architecture for design and innovation can scale more efficiently without the need to consistently update hardware on the network edge. This will benefit the organisation when understanding the journey to SASE or hybrid SaaS – boosting your protection in the long term.

When everything is in place for these tips to work, an organisation must trial a new firewall in a real-life environment. Proof of Concepts (PoCs) are priceless in avoiding the mistakes that occur when understanding a firewall offering. A PoC implements a forensic test of next-generation firewall performance in your real-world ecosystem. It also helps you assess how successfully a firewall can sustain performance and security to promote scale and agility for digital transformation.

Overall, the necessary steps to ensure a company implements the right firewall are clear. Shopping for protection takes time and care. The necessary testing is vital, plus understanding your vendor’s history and prioritising scalability will take you closer to your perfect firewall strategy.

By Zoe Grist, Head of Security Operations Centre (SOC) at Orange Cyberdefense.
Data breach is almost inevitable – which means it is vital that companies and their Managed Services Providers (MSPs) understand exactly who is responsible and who bears the financial brunt. But recent research reveals that both companies and MSPs are disturbingly unclear about their legal and financial obligations. Contracts are ambiguous and the risks of legal wrangling severe. The truth is that when a breach occurs and data is exposed, neither party wins. As Simon Pamplin, CTO, Certes Networks, insists, rather than playing the blame game, the priority must be to protect the data to ensure that even when an attacker breaks through, there is nothing to see and nothing to gain.
By Tim Wallen, Regional Director, UKI & BeNeLux, Logpoint.
By Zeki Turedi, EMEA CTO, CrowdStrike.
By Michael O'Donnell, Data Ecosystem Specialist at Quest.
By Madalina Tanasie, Chief Technology Officer at Collibra.