February 1, 2021 By David Bisson 3 min read

Is a firewall a thing of the past? People have been questioning the utility of firewalls for years. Columnist and editor Roger A. Grimes wrote that “firewalls need to go away” in May 2012. Grimes reasoned this was because firewalls “have always been problematic, and today there is almost no reason to have one.”

Is Grimes right? Is there no more use for firewalls anymore?

How Do Firewalls Work?

Traditional firewalls control traffic entering and exiting the network based upon source IP address, destination IP address, port and protocol. These types of solutions define traffic as flow, not isolated packets. Therefore, these tools can apply rules to traffic flow and help security experts make decisions based on them. Firewalls of the past also use packet filtering to inspect ingress and egress traffic (otherwise known as north-south traffic) for connections initiated by potentially suspicious sources along with virtual private networks (VPNs) as a means of gaining secured entry to the network.

Recently, some users have turned to next-generation firewall (NGFW). These come with the same protection as a basic firewall, but add onto it in several ways. For instance, they use application awareness to set rules for specific applications instead of port numbers and IP addresses. This allows them to block unwanted applications. It even works if attackers rotate through different port numbers and IP addresses, tactics that could hop traditional firewalls. Many NGFWs also come with threat intelligence for staying on top of emerging threats.

The Cloud: Where Firewalls Fall Short

The majority of traditional firewalls and NGFWs aren’t as effective in the age of the cloud. Businesses are moving their data and systems outside of the data center to locations they don’t own. At the same time, employees are using their personal devices located outside of the network to access that data and those systems more often. Together, these facts have erased the concept of the single network perimeter, where most traditional firewalls and NGFWs have stood guard for years.

In doing so, the cloud has also helped to redefine what’s needed from a network security tool such as a firewall. Remote work makes it possible for attackers to target the network from anywhere in the world. They could leverage a real employee’s compromised account for malicious ends. Therefore, organizations need the capability to inspect east-west traffic for signs of suspicious activity, such as a malicious actor abusing a real account to move laterally through the network.

The Latest in Cloud-Based Firewalls

The emergence of the cloud has certainly challenged previous tenets of network security. But, it hasn’t gotten rid of the concept entirely. Entities need to secure their cloud-based systems just as they need to protect their on-premise assets. The means of doing so might be different, but the underlying concepts are the same.

The same is true for the firewall. The cloud has merely shifted the discussion to the need for firewalls that are equipped to provide protection over more virtual landscapes.

With that in mind, many organizations are investing in a NGFW hosted in the cloud or other ‘virtual firewalls.’ These types of solutions are useful for their many configuration options. These enable admins to microsegment the cloud network as their cloud landscapes constantly change. This helps keep critical data and systems safe against cloud-based threats.

Virtual firewalls can maximize security even further if you pair them with other tools. For instance, you can use these tools’ micro-segmentation abilities to lay the groundwork for building a zero trust network. Once you mark some assets as trusted, you can then use the cloud-based solutions to forbid attacks and other unapproved connections that originate from outside the circle of trust. This will help keep the cloud secure going forward.

The Firewall is Here to Stay

Is there an end in sight for the firewall of the past? Maybe. But not for the concept of the firewall and for allowing access and blocking unknown connections. As the network continues to evolve and become more complex, the firewall will have to change in order to provide a new quality of network security. That’s already what’s happened with the cloud, and that’s no doubt what will happen with whatever changes the network undergoes next.

More from Cloud Security

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Best practices for cloud configuration security

5 min read - Cloud computing has become an integral part of IT infrastructure for businesses of all sizes, providing on-demand access to a wide range of services and resources. The evolution of cloud computing has been driven by the need for more efficient, scalable and cost-effective ways to deliver computing resources.Cloud computing enables on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) over the internet. Instead of owning and maintaining physical hardware and infrastructure, users…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today