The firm had relied on traditional port- and protocol-based firewall rules for many years and wanted to migrate to more modern technology to improve its security posture.
Understanding NGFW Capabilities
Before we could select a specific product for the financial services firm, we needed to explore the organization’s unique needs. We did this by reviewing the common capabilities of NGFW platforms. These include:
Legacy firewalls examine only basic information about network traffic, looking at its source and destination addresses, ports and protocols without analyzing the actual content of the communication. This is the digital equivalent of only reading the outside of an envelope without peering inside. NGFW solutions look inside the envelope by analyzing the content of network packets to determine the nature of the communication.
While traditional firewalls rely on IP addresses to identify the sources of network traffic, NGFWs go beyond this to tie network traffic to specific users. This approach allows organizations to make security decisions based on who a user is, or what groups they are a part of, rather than simply where they reside on the network.
Anti-Virus and Anti-Malware Defense
NGFW platforms provide anti-virus and anti-malware capabilities that filter out malicious traffic as it attempts to traverse the network. While servers and endpoints should always have their own malware protection platforms in place, this NGFW feature adds a layer of protection for sensitive systems and the network as a whole.
New vulnerabilities arise on a daily basis, and it’s not always possible to immediately patch vulnerable systems. NGFWs monitor network traffic for signs of vulnerability exploits and can then take action — such as alerting or blocking — based on those indicators of compromise.
Sandboxing Potential Zero-Day Threats
Zero-day exploits threaten even the most secure organizations, bypassing signature detection products by using previously unknown exploits. NGFWs include sandboxing technology that can detect zero-day vulnerabilities by quarantining potentially unsafe files and sending them off to a cloud service for execution and analysis. Files that exhibit malicious or unusual behavior are blocked from entering the network until cleared by a security administrator.
Migrating to a NGFW Solution
After helping the financial services firm select a product that delivered the features it needed, we then turned our attention to helping the company deploy its chosen product in a safe and effective manner. These firewalls supported critical production systems, and it was essential that we made the switch with only a brief disruption of service. We achieved this goal by using a like-for-like replacement approach, where we first replicated the rules of the existing firewall on the NGFW platform without implementing any advanced features. This let us put the new hardware in place and ensure it was working properly.
We then left the firewall alone for an agreed-upon period of time, allowing the rules to stabilize, making sure that we hadn’t introduced any new issues. Once we were confident in the new hardware and its associated rule set, we began slowly implementing application and user determination, anti-virus and anti-malware defense, zero-day protection and other advanced features, advancing the state of the firm’s security program while protecting the integrity of its day-to-day operations.