M+E Connections

Firewalls have been around for a long time but next-generation firewalls (NGFWs) have now become critical to companies’ security strategies, according to Amazon Web Services  (AWS) and the SysAdmin, Adult, Networking, and Security (SANS) Institute.

That is because modern enterprise application stacks require protection at several levels and with multiple capabilities — two things that traditional firewalls just don’t offer, security experts from AWS and SANS said April 20, during the webinar “What is a next-generation firewall (and why does it matter)?”

During the webinar, the experts broke down the myths and realities of what a NGFW is, how to use one and what a company can do for its security posture. Multiple use cases of applying a NGFW on-premises or in the cloud were provided.

“Everyone’s been familiar with [firewalls] in some way, shape or form, especially from a security perspective,” for a long time, Matt Bromiley, SANS analyst at SANS Institute, pointed out.

Now, NGFWs are “also an important addition into the cloud,” he said, adding he will highlight “what I would consider to be some of the key technologies or key components that I would look for inside of a next-generation firewall.”

Some will argue that they already have “all these security tools in place inside of my environment [so] why do I need to go and buy a whole bunch of new things?” he noted.

But Bromiley explained: “Consider how your stack has changed over the past few years. I can go really straightforward with this question and I can say, ‘When was the last time you updated your security posture, your overall high level tooling set versus when was the last time your cloud footprint changed?’ Most of the time, the cloud footprint changed a lot sooner or a lot more recently than the security stack may have changed. That’s kind of maybe takeaway number one.”

He added: “Takeaway number two: Something else [to consider is] when we talk about modern applications, when I use the adjective modern to describe these, what I’m asking you to do is consider a lot of different kind of who, what, why, where, whens and hows of applications that folks are now deploying out there. So what I mean by that obviously is where are they being hosted? Are they being hosted at a cloud service provider? Are they being hosted on-prem? Are they being hosted by a third party?”

Use cases for NGFWs include: behavioral analysis, machine learning, deep packet inspection (including to detect malicious activity based on data and metadata), application awareness, malware “sandboxing” (such as to “detonate” malware in a “safe” space, outside of production, to identify key characteristics and determine severity) and for third-party support teams because most NGFW vendors have analysis and threat intelligence teams that can provide additional support and/or context around threats, according to AWS.

Success Stories

Geoff Sweet, senior security solutions architect at AWS, went on to talk about some of the success stories companies had with NGFWs.

For example, BK Bank’s challenge was that it needed to protect its critical applications by minimizing or eliminating fraudulent requests — up to 80,000 of them every five minutes, according to AWS. BK “used a disparate mix of tools that detected specific security concerns, but couldn’t provide a complete view of the bank’s network and applications,” AWS said in one of the slides Sweet showed during the webinar. Also, to meet regulatory security standards, BK used manual processes that added time and complexity.

The Solution for BK was that it selected Fortinet to “leverage automated tools to block malicious activity, balance workloads, and protect its communications,” according to AWS. The bank now runs network and applications traffic through FortiGate NGFWs to detect known and unknown threats and vulnerabilities.

While FortiAnalyzer provides advanced log management, analysis and reporting to help it proactively prevent attacks, BK had a large online presence that made it  a “fairly ripe target for abuse and intrusion attempts to the point where BK” said it was “monitoring upwards of 80,000 attempts a day to try to gain access or to abuse the applications,” according to Sweet.

So the bank turned to Fortinet “as part of the larger architecture that they put in place,” including firewalls and to be able to see “what was going on, investigate their traffic and put in place policies that made sense,” he said.

To watch the entire webinar, click here.