Is my network secure? There is no quick or simple answer to this. Network risks come in many guises from disgruntled employees to software updates to phishing attacks to active network ports (you would be surprised the types of data that traverses your network unencrypted). As an example, in my practice we need to provide internet access to our workstations for our HealthOne updates. This carries its own inherent risks as was borne out by the solarwinds attack in 2020 which used a similar delivery mechanism (SolarWinds Cyber Attack).
Network security is a huge area and as small medium sized businesses with very valuable data to protect we need to ensure we are taking the necessary steps to protect this data. The Cybersecurity & Infrastructure Security Agency has a very good website with tips on how to secure all elements of your network. Securing Network Infrastructure Devices | CISA
As its such a big area to cover and as many of us host our own servers on site I thought for this blog I would focus on unified threat management (UTM) or what is now described as Next Generation Firewalls. Last month we covered backups and restores now I will look at ensuring our perimeters are protected and all types of access are provided in a secure fashion eg internet, remote access etc etc
What is a Next-Generation Firewall (NGFW)?
Gartner describe Next-generation firewalls (NGFWs) as deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.
According to Gartner’s definition, a next-generation firewall must include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention and detection
- Application awareness and control to see and block risky apps
- Threat intelligence sources
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
What should I look for in a next-generation firewall?
The best next-generation firewalls deliver five core benefits to organizations, from SMBs to enterprises. Make sure your NGFW delivers:
Breach prevention and advanced security
The No. 1 job of a firewall should be to prevent breaches and keep your organization safe. But since preventive measures will never be 100 percent effective, your firewall should also have advanced capabilities to quickly detect advanced malware if it evades your front-line defences. Invest in a firewall with the following capabilities:
- Prevention to stop attacks before they get inside
- A best-of-breed next-generation IPS built-in to spot stealthy threats and stop them fast
- URL filtering to enforce policies on hundreds of millions of URLs
- Built-in sandboxing and advanced malware protection that continuously analyses file behaviour to quickly detect and eliminate threats
- A world-class threat intelligence organization that provides the firewall with the latest intelligence to stop emerging threats
Comprehensive network visibility
You can’t protect against what you can’t see. You need to monitor what is happening on your network at all times so you can spot bad behaviour and stop it fast. Your firewall should provide a holistic view of activity and full contextual awareness to see:
- Threat activity across users, hosts, networks, and devices
- Where and when a threat originated, where else it has been across your extended network, and what it is doing now
- Active applications and websites
- Communications between virtual machines, file transfers, and more
Flexible management and deployment options
Whether you are a small to medium-sized business or a large enterprise, your firewall should meet your unique requirements:
- Management for every use case–choose from an on-box manager or centralized management across all appliances
- Deploy on-premises or in the cloud via a virtual firewall
- Customize with features that meet your needs–simply turn on subscriptions to get advanced capabilities
- Choose from a wide range of throughput speeds
Fastest time to detection
The current industry standard time to detect a threat is between 100 to 200 days; that is far too long. A next-generation firewall should be able to:
- Detect threats in seconds
- Detect the presence of a successful breach within hours or minutes
- Prioritize alerts so you can take swift and precise action to eliminate threats
- Make your life easier by deploying consistent policy that’s easy to maintain, with automatic enforcement across all the different facets of your organization
Automation and product integrations
Your next-generation firewall should not be a siloed tool. It should communicate and work together with the rest of your security architecture. Choose a firewall that:
- Seamlessly integrates with other tools from the same vendor
- Automatically shares threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools
- Automates security tasks like impact assessment, policy management and tuning, and user identification
I personally use a Palo Alto cloud firewall for my practice but there are many providers of NGNFWs that provide excellent virtual and hardware solutions. To name a few:
- Palo Alto
In the next blog we will look specifically at email and how to reduce the risk when using it within your practice.
We also have a webinar this Friday the 2nd of July at 8am which will give a quick GDPR refresher on our responsibilities as data controllers. All are welcome.
Registration link: GDPR Webinar