Older perimeter-based firewalls aren’t up to the task of safeguarding today’s more distributed networks. But that doesn’t mean the end of the firewall is in sight. On the contrary, businesses and other groups are turning to next-generation firewalls (NGFWs) hosted in the cloud to fulfill their evolving security needs. These ‘virtual’ firewalls can be even more useful when combined with other digital defense concepts such the zero trust model.

Can Firewalls and Zero Trust Work Together?

Not everyone thinks they can. For example, Daniel Schiappa explained to Forbes how he felt the future of security will have “no corporate firewall, no network.” He noted that zero trust can help organizations achieve this future by treating users as consumers who need to provide everything for the purpose of authentication. Therefore, they are “eliminating the need to jump through hoops like VPNs [virtual private networks] and firewalls.”

Data Center Knowledge put it even more bluntly in a 2019 article: “The firewall is dead, and zero trust is here to replace it.”

Learn more on zero trust

Working With NGFWs and Zero Trust

However, NGFWs and zero trust can work together. In fact, Forrester sees NGFWs as “the cornerstone of zero trust.” In that view, NGFWs don’t act as firewalls in a zero trust network. Instead, they function as segmentation gateways.

As noted by Forrester, segmentation gateways offer the security controls you get from firewalls, plus more. They also include web application firewalls, network access controls and VPN gateways in a single solution. This means segmentation gateways can sit not at the network perimeter, as with basic firewalls, but in the center. With this type of deployment, Forrester explains, admins can use segmentation gateways to gain insight into data access. From there, they can increase their chances of spotting an intrusion before it balloons into a full-fledged attack.

Segmentation gateways uphold a core tenet of the zero trust model: micro-segmentation. Micro-segmentation uses security policies to create secure zones based not around a user’s IP address, but based on the apps and data they need in order to do their jobs. This reduces the attack surface by limiting lateral movement between different sections of a divided data center.

Enforcing Tomorrow’s Defensive Needs

With a NFGW acting as a segmentation gateway, businesses can enforce zero trust in their networks. Specifically, it helps extend the principle of least privilege to the NFGW. From there, you can create firewall rules that restrict traffic between network segments based on users’ and the business’ needs. Admins can also configure their firewalls to look at all inbound and outbound traffic for signs of suspicious behavior, and to check that behavior against disallow lists and domain name system rules. Both of these measures will help you place virtual firewalls at the center of their zero trust strategies.

More from Zero Trust

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…

Effectively Enforce a Least Privilege Strategy

Every security officer wants to minimize their attack surface. One of the best ways to do this is by implementing a least privilege strategy. One report revealed that data breaches from insiders could cost as much as 20% of annual revenue. Also, at least one in three reported data breaches involve an insider. Over 78% of insider data breaches involve unintentional data loss or exposure. Least privilege protocols can help prevent these kinds of blunders. Clearly, proper management of access…