Network firewalls aren't dead yet
After 20-plus years of service, the technology remains a core part of the IT security stack despite its long predicted demise
Computerworld - Phil Cummings says network firewalls will continue to be a critical piece of Health Information Technology Services -- Nova Scotia security portfolio for one simple reason: nothing's come along to replace them.
For the past 15 years, Cummings, a security administrator at HITS-NS, has been responsible for managing the enterprise firewalls that are used to protect the network for 20,000 Healthcare users in Nova Scotia.
Over that time, Cummings has seen firewalls evolve from relatively rudimentary tools for blocking threats at the network edge to sophisticated, policy-based, traffic filtering and intrusion prevention systems.
"We see firewalls becoming more than just a block" on the network, Cummings says. "We see a lot of perimeter firewalls taking more of an enforcement role in protecting the desktop" and mobile devices.
Networks firewalls are seen by some observers as an anachronism in an industry obsessed with the latest and shiniest security tools. Networks firewalls aren't sexy. They've been around for more than 20 years, plugging away as the threat landscape changes beyond recognition.
But rather than fading away like respectable mature technologies should, firewalls have stubbornly remained a vital part of enterprise security stacks.
For one thing, they still offer a reasonably strong first line of defense against an array of threats. Despite talk by some experts that perimeter technologies have become useless against modern malware, firewalls do block a lot of junk that would otherwise inundate enterprise networks. The technology continues to be critical in enabling network segmentation and in ensuring critical business and corporate systems are separated.
For most companies, a firewall is the only device that is designed and deployed inline as part of the network infrastructure. It remains in the best position to filter and regulate traffic flowing into the corporate network.
Firewalls have also evolved over the years to become a 'Swiss-army knife' of security technologies. A growing number of firewalls now integrate capabilities previously found in separate, standalone security devices.
Gartner says such emerging firewall technologies will eventually "subsume" mainstream deployments of new intrusion prevention system (IPS) appliance technology over time.
Not bad for a technology that some had predicted would have faded away by now.
Vendors such as Palo Alto Networks -- whose products are used at HITS-NS -- embody next generation firewall technology.
Founded in 2005 by a former Check Point Software Technologies engineer, Palo Alto is now one of the hottest security companies. Palo Alto is bankrolled by some of Silicon Valley's most influential venture capitalists and has 65 of the Fortune 100 companies on its list of 16,000 customers.
Palo Alto's firewall products are considerably different from the stateful inspection firewalls of the past that basically gave companies a choice of blocking something entirely at the perimeter, or letting it all through.
Palo Alto firewalls are application aware, said Lee Klarich, senior vice president of product management.
Instead of blocking Skype or Facebook entirely, companies can use Palo Alto's firewall products to control what users can do with these applications. Want to enable Webex, but only for a select set of users? Palo Alto has an app for that, Klarich says.
"What we would say first and foremost is our platform is designed to safely enable applications" instead of blocking them due to security concerns," Klarich said. "We go way beyond a traditional firewall."
- Pennsylvania, a 'Fortune 20' state, consolidates IT
- EPA urges efficiency, many data centers still far from it
- HP creates a new way to sell data centers
- The background on Apple's '103-degree data center'
- Network firewalls aren't dead yet
- Are CIOs losing power?
- As Unix fades away from data centers, it's unclear what's next
- Goldman Sachs, with 10,000 tech workers, embraces open computing
- IT managers are increasingly replacing servers with SaaS
- Microsoft sees huge potential in fuel cells
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Reducing the cost and complexity of endpoint management IBM now offers simpler, more affordable solutions for improving endpoint security, patch compliance, lifecycle management and power management within midsized organizations. Read this...
- Transforming Business Performance with Hybrid Networks IT organizations globally are faced with the challenge to transform network architectures to deliver the right performance and reliability cost-effectively while retaining control....
- Accelerating the Delivery Microsoft Office 365 Many organizations use Office 365's cloud-based mail, collaboration and communication services as the dominant workload. However, as services move to the cloud, data...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Endpoint Security White Papers | Webcasts