The Evolution of the Firewall
Credit to Author: Phil Quade| Date: Fri, 21 Jul 2017 19:06:05 +0000
As the Internet and Digital Economy have grown up, the humble Firewall has continued to serve as their go-to security appliance. In this first of a two-part series, we will examine how, in spite of the evolution of the Firewall through a number of shapes, functions, and roles, it remains the security foundation for implementing the strategic pillars of Segmentation, Access Control, and Real-time analytics/action now and into the future.
Change is a fact of life; what doesn’t change usually withers and dies. This is true for both the biological and the digital world. Generally, we make leaps forward because of one or more of the following:
- We are forced to endure and adapt to dramatic change. This can be anything from an asteroid striking the earth to a radical disruption to a digital economy.
- Some may see change coming, and they exercise the extreme agility that allows them to thrive during difficult or changing times. For example, some organizations have adapted rapidly to the changes required to compete in the new digital economy, while others struggle to adapt.
- Sometimes, inspiration allows us to see a problem differently and approach its solution from a radically new angle that has a huge impact not only on the individual or organization, but the entire ecosystem that they operate in.
- And sometimes, we simply, but importantly, move forward steadily, gradually evolving over time.
Regardless of whether evolution moves forward in giant leaps or through incremental change, the important thing is that people and things are able to adapt. Because they either adapt to change or they die.
Security is no different. There are a number of evolutionary forces at work, driving its evolution. Some of them, like the growth of IoT or the cloud, can force rapid change. Others, like the more sophisticated attacks being developed by nation states and cybercriminals, require both agile and consistent security adaptation.
Firewalls are not immune to these evolutionary forces. They have remained central and foundational component of any security strategy. But to do this, they have had to evolve in the decades since their invention in a number of important ways.
The Evolution of Firewall Functionality
Firewalls are the Adam and Eve, or Big Bang, of Internet security. Far from being single dimensional, they have four distinct but related evolutionary traits, and each genus has undergone important changes since their inception. By taking a look at how these elements have evolved over time, we can not only get a better idea of the fundamental role they play in protecting digital assets, but also track this trajectory to make educated guesses on what the future of security will look like.
- Form Factor: Firewalls were born as a software tool to control access from largely unstructured and non-targeted threats. Over time, they evolved into purpose-built hardware devices. These appliances were not only forced to adapt to ever-increasing performance requirements, but as attacks became more sophisticated they had to adopt additional security and non-security functionality. With the advent of the private and public cloud, a branch of firewalls has had to revert to a software-based, virtualized form factor. And now, as networks become more interconnected, firewalls will need to expand their scope beyond securing IT environments to include SCADA and other OT (operational technology) environments like manufacturing floors and control systems.
- Speed and Throughput: The constant challenge shouldered by the firewall is to meet the increasing data and performance requirements of the networks they protect, as well as the increasingly processor-intensive inspections they are required to deliver. Digital transactions happen in the blink of an eye, and organizations cannot afford to choose between performance and protection. Today’s carrier-class networks not only require firewalls able to operate at terabyte speeds, but to also provide deep inspection into encrypted traffic and unstructured data.
- Persona and Function: The role that the firewall plays in a cyber ecosystem has gotten much more sophisticated. Having evolved from a simple gateway sentinel, some types of today’s firewalls serve as highly sophisticated cybersecurity defense systems, taking on the most challenging, robust, and sneaky adversaries (e.g., the multi-solution Unified Threat Management (UTM) and Next-Generation Firewall (NGFW) solutions). They have also evolved to be able to specialize for the environments in which they serve, with different firewall solutions designed to protect places like the perimeter, the data center, virtual and cloud environments, or to provide specialized security such as internal segmentation. As these different network environments or ecosystems become increasingly interconnected, the next evolution of the firewall will require being able to connect all of these specialized solutions into an integrated firewall framework.
- Security: Finally, the nature of the type of security provided by the firewall has also evolved. Access Control List-based firewalls gave way to stateless and then stateful solutions designed to track and monitor a wide variety of connected devices. Next, additional security functionality was added to consolidate essential security functions and shorten detection and response time. These included tools such as Intrusion Detection, Intrusion Prevention, Virtual Private Networks, Anti-virus, Web site filtering, and others. Today these firewalls are often able to coordinate with highly specialized extensions, such as sandboxes designed to detonate and analyze suspicious content (e.g., email attachments). And as they move forward, it will be critical for firewalls to interoperate with and orchestrate a variety of analytic tools and extensions.
While its form and function may have changed over time, the firewall remains the central pillar of any security strategy. As networks shift towards hybrid, elastic, and borderless ecosystems, expand across cloud environments, and become meshed with other networked environments such as OT and critical infrastructures, the firewall will need to continue to adapt. Specialized firewall iterations will need to be integrated together for centralized orchestration and correlation, automation will need to compensate for the inability of human engineers to track the scope and scale of devices and data across the expanding network, and advanced analytics will need to anticipate threats in order to shorten the time to detection and response.
The most important thing that the cybersecurity community can do, to underpin our digital economy, is to innovate and integrate. Diverse, fast firewall technology, that provides and integrates cutting edge techniques to counter emerging threats, is the strategy/product of choice by those who not only seek to endure, but to thrive.
Fortinet was recently named a Leader in the Gartner Enterprise Firewall Magic Quadrant. Read the full report here.