Light Dark
February 1, 2021 By David Bisson 3 min read
Cloud Security
Network

Is a firewall a thing of the past? People have been questioning the utility of firewalls for years. Columnist and editor Roger A. Grimes wrote that “firewalls need to go away” in May 2012. Grimes reasoned this was because firewalls “have always been problematic, and today there is almost no reason to have one.”

Is Grimes right? Is there no more use for firewalls anymore?

How Do Firewalls Work?

Traditional firewalls control traffic entering and exiting the network based upon source IP address, destination IP address, port and protocol. These types of solutions define traffic as flow, not isolated packets. Therefore, these tools can apply rules to traffic flow and help security experts make decisions based on them. Firewalls of the past also use packet filtering to inspect ingress and egress traffic (otherwise known as north-south traffic) for connections initiated by potentially suspicious sources along with virtual private networks (VPNs) as a means of gaining secured entry to the network.

Recently, some users have turned to next-generation firewall (NGFW). These come with the same protection as a basic firewall, but add onto it in several ways. For instance, they use application awareness to set rules for specific applications instead of port numbers and IP addresses. This allows them to block unwanted applications. It even works if attackers rotate through different port numbers and IP addresses, tactics that could hop traditional firewalls. Many NGFWs also come with threat intelligence for staying on top of emerging threats.

The Cloud: Where Firewalls Fall Short

The majority of traditional firewalls and NGFWs aren’t as effective in the age of the cloud. Businesses are moving their data and systems outside of the data center to locations they don’t own. At the same time, employees are using their personal devices located outside of the network to access that data and those systems more often. Together, these facts have erased the concept of the single network perimeter, where most traditional firewalls and NGFWs have stood guard for years.

In doing so, the cloud has also helped to redefine what’s needed from a network security tool such as a firewall. Remote work makes it possible for attackers to target the network from anywhere in the world. They could leverage a real employee’s compromised account for malicious ends. Therefore, organizations need the capability to inspect east-west traffic for signs of suspicious activity, such as a malicious actor abusing a real account to move laterally through the network.

The Latest in Cloud-Based Firewalls

The emergence of the cloud has certainly challenged previous tenets of network security. But, it hasn’t gotten rid of the concept entirely. Entities need to secure their cloud-based systems just as they need to protect their on-premise assets. The means of doing so might be different, but the underlying concepts are the same.

The same is true for the firewall. The cloud has merely shifted the discussion to the need for firewalls that are equipped to provide protection over more virtual landscapes.

With that in mind, many organizations are investing in a NGFW hosted in the cloud or other ‘virtual firewalls.’ These types of solutions are useful for their many configuration options. These enable admins to microsegment the cloud network as their cloud landscapes constantly change. This helps keep critical data and systems safe against cloud-based threats.

Virtual firewalls can maximize security even further if you pair them with other tools. For instance, you can use these tools’ micro-segmentation abilities to lay the groundwork for building a zero trust network. Once you mark some assets as trusted, you can then use the cloud-based solutions to forbid attacks and other unapproved connections that originate from outside the circle of trust. This will help keep the cloud secure going forward.

The Firewall is Here to Stay

Is there an end in sight for the firewall of the past? Maybe. But not for the concept of the firewall and for allowing access and blocking unknown connections. As the network continues to evolve and become more complex, the firewall will have to change in order to provide a new quality of network security. That’s already what’s happened with the cloud, and that’s no doubt what will happen with whatever changes the network undergoes next.

 |  | 
David Bisson
Contributing Editor

More from Cloud Security
December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 4, 2024

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature