A severe cybersecurity incident is the most dangerous risk most companies face. It is the greatest threat to a company’s ability to deliver for its customers, and so it’s value. This is the thirteenth in a series of posts about cybersecurity risk, and how you can reduce it to give customers and investors confidence.
Firewalls - the OG of cyber security
The word “firewall” first appeared in the late 1600s to describe a solid wall built to prevent fire from spreading between buildings or sections of a structure. For example, after the Great Fire of London in 1666 building codes required fire-resistant walls (made of brick or stone) to compartmentalise buildings. It was therefore a long established concept before companies trying to connect their computer networks in the late 70s and early 80s realised they needed security gateways to control data flow and establish some perimeter security, resulting in the arrival of firewalls in the late 80s; years before most people were using computers, never mind accessing the internet!
As with all other technology firewalls have evolved hugely in the intervening forty years from basic packet filters to highly advanced software defined gateways that can open and inspect encrypted traffic before encrypting it again for onward travel (depending on configuration), using AI and real time intelligence feeds to identify and block dangerous traffic. Firewalls are no longer just on computer networks, but are now on almost any device that connects to a network, but that ubiquity means they are often overlooked.
So firewalls are everywhere? Then what do I need to do?
Although firewalls are pretty much everywhere now, there are a number of steps you need to take to ensure they are providing the protection you need.
-
Take a layered approach. Make sure you have firewalls correctly configured at every level to defend cloud and server infrastructure, site (office, warehouse etc) networks and user devices.
-
Device Management is key. The only way you can ensure user devices have their firewalls properly configured (and they stay that way) is using device management policies, so make sure people are locked down to managed devices.
-
Use market leading hardware for site networks. All firewalls will have vulnerabilities in them, so applying regular software updates is just as critical as it is for your user devices. Whilst market leading firewalls will get attacked more, they will likely find their vulnerabilities and fix them faster, creating a more secure solution.
-
Cloud Firewalls for your product or server infrastructure. If your cloud infrastructure is hosted by any of the top three hyper scalers (AWS, Microsoft Azure or Google Cloud Platform) then you have a variety of cloud firewall services to choose from. If you are hosting with smaller cloud provider, make sure you understand how they are approaching firewalls and that they meet your needs.
-
Get expert support. Managing firewalls and ensuring they are regularly updated is unlikely to be a job handled by your internal team below a certain scale. Make sure everything is configured in such a way that your MSP (Managed services provider) can help support with updates and configuration as required. Once you know the cadence with which firewalls should be updated, make sure the MSP is following that cadence.
-
Check your config, then check again. Firewalls can be configured in a number of ways with different ports set to open or closed depending on how you need them to work. Make sure your firewalls are configured the right way for your organisation, and then get somebody to check them. A full pen test is great but expensive and takes time - getting your IT support company to do a quick review will likely be faster and cheaper, giving you piece of mind until you get to your pen test.
-
Integrate into your XDR and SIEM tooling. Some firewalls (like the Microsoft Defender firewall build into all windows devices) integrate with broader XDR tooling with just a few clicks; some need a more considered integration. Either way considering routing firewall log data into your SIEM tool to get a richer understanding of what is happening on your networks. Be warned however, this can produce a fire hose of data and push up log ingestion costs so needs careful consideration and possibly a trial period to get a sample dataset for evaluation.
Bottom line
Properly configured firewalls are absolutely critical to cybersecurity, and in many cases are already good to go out of the box. Make sure you double and triple check everything though as the cost of an error can be substantial - the cyber equivalent of opening the door and rolling out the red carpet for an attacker.
If you are navigating some of these challenges at the moment we can help. Our mission is to help you reduce your cyber risk, and so our help can be in whatever form is most helpful to you, from conducting an assessment of your current setup, to advising on system architecture and config, introducing trusted partners, training up staff or helping with op model development or hiring. Please reach out below 👇
