Light Dark
May 7, 2021 By David Bisson 2 min read
Zero Trust
Cloud Security
Data Protection
Network
Security Services

Older perimeter-based firewalls aren’t up to the task of safeguarding today’s more distributed networks. But that doesn’t mean the end of the firewall is in sight. On the contrary, businesses and other groups are turning to next-generation firewalls (NGFWs) hosted in the cloud to fulfill their evolving security needs. These ‘virtual’ firewalls can be even more useful when combined with other digital defense concepts such the zero trust model.

Can Firewalls and Zero Trust Work Together?

Not everyone thinks they can. For example, Daniel Schiappa explained to Forbes how he felt the future of security will have “no corporate firewall, no network.” He noted that zero trust can help organizations achieve this future by treating users as consumers who need to provide everything for the purpose of authentication. Therefore, they are “eliminating the need to jump through hoops like VPNs [virtual private networks] and firewalls.”

Data Center Knowledge put it even more bluntly in a 2019 article: “The firewall is dead, and zero trust is here to replace it.”

Learn more on zero trust

Working With NGFWs and Zero Trust

However, NGFWs and zero trust can work together. In fact, Forrester sees NGFWs as “the cornerstone of zero trust.” In that view, NGFWs don’t act as firewalls in a zero trust network. Instead, they function as segmentation gateways.

As noted by Forrester, segmentation gateways offer the security controls you get from firewalls, plus more. They also include web application firewalls, network access controls and VPN gateways in a single solution. This means segmentation gateways can sit not at the network perimeter, as with basic firewalls, but in the center. With this type of deployment, Forrester explains, admins can use segmentation gateways to gain insight into data access. From there, they can increase their chances of spotting an intrusion before it balloons into a full-fledged attack.

Segmentation gateways uphold a core tenet of the zero trust model: micro-segmentation. Micro-segmentation uses security policies to create secure zones based not around a user’s IP address, but based on the apps and data they need in order to do their jobs. This reduces the attack surface by limiting lateral movement between different sections of a divided data center.

Enforcing Tomorrow’s Defensive Needs

With a NFGW acting as a segmentation gateway, businesses can enforce zero trust in their networks. Specifically, it helps extend the principle of least privilege to the NFGW. From there, you can create firewall rules that restrict traffic between network segments based on users’ and the business’ needs. Admins can also configure their firewalls to look at all inbound and outbound traffic for signs of suspicious behavior, and to check that behavior against disallow lists and domain name system rules. Both of these measures will help you place virtual firewalls at the center of their zero trust strategies.

 |  | 
David Bisson
Contributing Editor

More from Zero Trust
October 5, 2023

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

April 27, 2023

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

April 17, 2023

How zero trust changed the course of cybersecurity

4 min read - For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods inadequate. Clearly, the perimeter no longer exists. Then the pandemic turned the gradual digital transition into a sudden scramble. This left many companies struggling to secure vast networks of remote employees accessing systems. Also, we’ve seen an explosion of apps,…

March 7, 2023

SOAR, SIEM, SASE and zero trust: How they all fit together

4 min read - Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature