There is a common misconception among most organizations, particularly SMEs, that firewalls should protect them against modern data breaches and cyberattacks. In events of a successful cyberattack, most victimized organizations start raising the question: We have a firewall deployed, why was it unable to protect us?
Even though firewalls are an essential component of cybersecurity, they cannot stop the flame from rising on their own. The 2018 Verizon Data Breach Investigations Report states that were 53,000 confirmed cybersecurity incidents and over 2,200 data breaches in 2017. Furthermore, the 2018 Cost of Data Breach Study by the Ponemon Institute finds that the average cost of a single data breach is $3.86 million.
When you couple these statistics with the fact that 94% of organizations maintain their firewall as a part of their cybersecurity, there is something that is going wrong. That is the unreasonable amount of trust that businesses have on firewalls.
In this blog post, we describe the importance of moving past the basic security measure of firewalls to tackle sophisticated and modern cyberattacks.
Why are firewalls no longer adequate?
In the past, firewalls were an all-encompassing defense mechanism against cyberthreats. Even though security threats have evolved to become much more sophisticated, the basic function of firewalls has remained the same which leaves behind a loophole in security. With the increasing complexity of attacks as well as the higher number of insider attacks, firewalls no longer provide sufficient protection to be able to cope with all kinds of cyberattacks on their own.
Firewalls are primarily used for preventing attacks that originate from outside of the system. This raises the question: What if a threat makes it past the firewall or originates from within the network itself? This can be a concern particularly because network-level firewalls are ineffective against threats on the inside.
There are several workarounds proposed for this, but none of them are practically plausible:
- Hardware firewalls are expensive and difficult to maintain: One possible solution can be to use a firewall for each server that you have. The issue with this is that it is cost-prohibitive because of the high costs associated with deploying and configuring each firewall. Additionally, with multiple firewalls in place, it can be difficult to regulate and maintain a set of rules across all of them since this has to be done manually.
- Software (virtual) firewalls can create chokepoints: Though software firewalls are more economical than hardware firewalls, there is the cost of purchasing licenses for them and at a scale of thousands of firewalls, these can be quite expensive to deploy. Other than the expenses, virtual firewalls are slower when compared to hardware firewalls and using them can create chokepoints in your network that reduce performance and speed.
- Logical partitioning of the data center: Partitioning the data center into logical security segments does not involve the costs of deploying multiple firewalls but it has its own issues. First, if the segmented regions are large in size, then it provides a sizeable area for attacks within that particular segment. Second, changes to security policies at a physical level need to be manually configured within the logical segments. Third, firewalls do not filter traffic that comes from within the same network so if you have logical segments within the same Virtual LAN (VLAN) then it leaves increases the chances of exploits within those segments.
The failure of traditional firewalls to cope with the growing challenge of cyberthreats leaves us on the lookout for more sophisticated security mechanisms for preventing modern-day attacks.
Moving beyond firewalls: Micro-segmentation and network virtualization
Firewalls provide a first line of defense against malicious attacks and breaches but for more rigorous protection, you need to move past these traditional mechanisms. To address the issue of preventing threats from propagating within a network and insider attacks, a possible approach can be to make use of micro-segmentation.
Micro-segmentation is based on the concept of network virtualization and it helps in preventing attacks not just from outside the network, but within the network as well. This advanced security mechanism is a modern-day advancement that can protect individual devices within your network for better protection.
How does it work?
Micro-segmentation is made possible by a technique known as network virtualization. Network virtualization enables you to create, monitor, and manage virtual (or software) networks. The underlying physical network is just used as a mechanism for passing information whereas the security policies and networking rules are all defined in software for each virtual network. This process enables us to virtualize networking policies and functions so that whenever a new network segment is added or a current one is moved, all necessary policies can be applied automatically to it without requiring manual intervention.
By utilizing the virtual networks hosted on virtual machines (VMs) created by network virtualization, micro-segmentation scales down protection to individual devices. This enables you to define security policies and network controls at a granular level for establishing security inside the physical network as well. This is how micro-segmentation goes beyond the traditional perimeter defenses of firewalls.
For using micro-segmentation, you need to first virtualize the network and then define security functions and policies for individual networks or VMs. Micro-segmentation enables you to scale firewall capabilities down to the level of individual devices and groups for a highly customizable and highly focused level of security.
The benefits of micro-segmentation:
There are several benefits of using micro-segmentation as a security mechanism for preventing cyberattacks and data breaches. These include:
- Intelligent Grouping: Before network virtualization, a security policy was applied to static groups that were defined at the physical network layer using IP addresses or subnets. The problem with this is that when there is a change in the network topology, it affects the groups and security policies. With micro-segmentation, the benefit is that grouping can be done dynamically on the basis of common security characteristics or other features that make it more convenient to redefine security policies and improves adaptability, even if the physical network changes.
- Demilitarized Zones (DMZ) Everywhere: A demilitarized zone is a secure region that exposes an organization’s services to external networks such as the Internet. Traditionally, there is just a single DMZ defined at the network perimeter where all security policies for external services need to be applied. With micro-segmentation, you can have a DMZ with specific security policies defined for any system within your physical network, regardless of where the system is within the network. This enables improved control over security and allows for quicker provisioning and monitoring of information from external untrusted networks.
- Better Security: Virtual networks within the same physical network are isolated from one another which mitigates the risk of threats spreading within the data center. Virtualization also helps in preventing cyberattacks from affecting hardware infrastructure since it separates the physical layer from the virtual layer of the network. Policies can be conveniently applied to all virtual networks without having to define physical subnets or firewall rules manually leading to higher convenience and improved security.
What is threat intelligence and its benefits?
Threat intelligence is the process of collecting, organizing, and analyzing information about current or potential cyberthreats to an organization. The primary purpose of threat intelligence is to help organizations evaluate the risks associated with common and rare cyberthreats such as zero-day attacks.
Often, threat intelligence is considered to be an essential first step towards protecting your business. According to a Forrester Research recommendation, businesses should start with strategic intelligence capabilities. By knowing that threats are coming your way and understanding the risks associated with these threats, you can align your resources to mitigate these risks.
With cyberthreats constantly growing in terms of complexity, preventive cybersecurity measures are no longer enough. To make your system foolproof against attackers and hackers, it is essential that you make use of precautionary measures such as threat intelligence.
Here are the benefits of threat intelligence for businesses:
- You can detect insider attacks by monitoring and analyzing the behavior of employees within your network. Using threat intelligence, you will be able to identify if certain groups of employees are stealing data or sabotaging your systems.
- You can track the activity of accounts to determine if an account has been compromised. Whether using malware or through phishing attacks, if an employee gives out his/her credentials to an attacker by mistake, threat intelligence can help limit the damage by such a compromised account.
- You can detect brute-force attacks, breaches, and other forms of cyberthreats by monitoring the traffic and activity on your network in real-time.
- You can determine if there have been recent changes made to user permissions and/or creation of super users that can be used to grant other users unnecessary and unauthorized permissions to data.
Modernizing security for preventing data breaches and cyberattacks
Most organizations will agree on the fact that security needs to be at least as modernized and sophisticated as potential threats. However, very few of these companies actually follow-through on this and believe that firewalls provide adequate protection for their datacenter.
This misunderstanding is a major weakness in the security of most businesses. These organizations dedicate all their efforts to securing the perimeter of their network and pay little heed to securing the network from within. This can prove to be a costly mistake if not taken care of with due diligence.
The increasing severity, frequency, and complexity of cyberattacks are causing organizations to now rethink and examine their approach. The bottom line is that firewalls are not enough, not on their own. For better protection against modern threats, it is advised that you make use of network virtualization and micro-segmentation. These defense mechanisms are the next step forward beyond firewalls and help to prevent attacks from outside the network, as well as from within the network.