Network firewalls are as relevant to information security today as they were 20 years ago, according to industry pioneer Gil Shwed, co-founder and chief executive of security software firm Check Point.
In 1993, Shwed invented and patented stateful inspection, a technology to keep track of the state of a network's connections. This served as the basis for the company's FireWall-1, released in 1994.
Since then, the internet has developed and security threats have emerged and multiplied, prompting regular predictions over the years that firewalls are about to become irrelevant.
"As threats and infrastructures have evolved, the ability to control the flow of traffic on the network is more useful than ever," Shwed told Computer Weekly.
"Firewalls have evolved to become more comprehensive and, for most organisations, still form a key part of the information security technology stack."
Some critics have challenged the relevance of the firewall as network perimeters have become increasingly fragmented. Company data is no longer stored only in-house, but also in external, cloud-based datacentres and mobile computing devices.
But Shwed argues that, even though perimeters have become more extended and fragmented, they still exist. "There is still a clear separation between the internal trusted infrastructure and external untrusted networks," he said.
Read more about firewalls
- Top firewall purchasing decision factors
- McAfee Next Generation firewall addresses siloed security risks
- What to look for in Web application firewall products
- Fortinet, SonicWall release new enterprise firewalls
- Comparing firewalls: Differences between an inbound & outbound firewall
- Picking the best firewall software, hardware or application
- Cisco-Sourcefire integration creates threat-aware ASA firewall
- Juniper links threat intelligence, SRX firewalls for improved security
- How to conduct a next-generation firewall evaluation
- Are next-generation firewalls critical enterprise security tools?
- Final considerations before a next-gen firewall purchase
- Achieve consolidated security with a next-generation firewall
- How to decide if a cloud firewall is better than a traditional firewall
Multiple firewalls for segmented networks
While acknowledging that endpoint security is important, Shwed said it is impossible to ensure the highest level of protection on every device on the network at all times.
"The printer in my office is incapable of running the latest security software -- and yet it is hackable and needs to be protected. This can be done by controlling access to the printer using a firewall," he said.
A simple analogy is the fact that the ability to enter a country by air, rail, sea and road has not made border security controls obsolete. Just as there remain controls at airports, sea ports, railway ferry terminals and international railway stations, firewalls can be deployed to control traffic at each segment of a network.
Firewalls have evolved beyond simple monitoring of certain ports, IP addresses or packet activity between addresses, and allow or deny decisions.
They first included stateful inspection at a single point, monitoring the data flowing across them and enabling pattern matching and analysis.
Firewalls evolve to combine technologies
"The next step was to make the firewall a more distributed system, to enable businesses to create an enterprise-wide set of rules and to compartmentalise the network," said Shwed.
"In the 1990s came the introduction of virtual private network (VPN) capabilities, to encrypt the traffic that goes from site to site or from mobile devices to corporate networks."
This evolution meant the firewall became a standard component of enterprise platforms for secure communication.
"From 2005 to 2010, the firewall included more technologies, that provided additional layers of security, than just controlling traffic flow," said Shwed.
These technologies included scanning traffic for malicious traffic and bad URLs to prevent network users accessing malicious websites.
The next evolution was the inclusion of intrusion-prevention capabilities, to detect attacks carried out using valid communication protocols.
"The result is that, today, most of the capabilities that gave rise to the intrusion-detection and prevention industries are now incorporated into the firewall," said Shwed.
Firewall intelligence capabilities
The latest generation of firewalls includes a threat-emulation capability and an "intelligence layer" that feeds all other layers with real-time information.
Threat emulation enables the firewall to analyse files travelling over a network in a sandbox environment in real time, to identify known and unknown threats and vulnerabilities.
These firewalls can inspect specific application and user activity, and identify exactly which corporate and web applications are in use and which users are running them.
Shwed believes this granular awareness -- of the type of traffic and who requests it -- is important, because it enables organisations to improve and manage the use of sub-applications.
Firewalls have evolved to provide insights that IT teams can then adapt and use to tailor network application usage, according to each user's requirements and the operational needs of the business.
In addition, they now offer optional capabilities such as URL filtering, anti-spam, anti-virus, anti-bot, data loss prevention (DLP), mobile access control and many others.
Check Point uses a modular, software-driven approach to enable organisations to add and deploy these additional capabilities as the need arises.
"Today's firewall is an entire platform for analysing and securing network traffic flow, using many different layers and technologies," said Shwed.
The firewall still guards the perimeter of the network but, instead of becoming obsolete, it has evolved to enable a whole host of different security features and functionality to stand sentry over the organisation's data.
Growing network opportunity
Shwed believes the firewall will become even more active in securing network traffic.
"This means a growing number of technologies in the firewall are going to be used to clean up and modify the traffic into secure data, not just scan and block data," he said.
Shwed predicts the firewall will increasingly control or work in concert with other security technologies in the enterprise.
"We will see greater interoperability with servers and endpoint devices, including mobile devices," he said.
Real-time capability will be an important element of this, he said. The ability to identify and respond quickly to threats -- and adapt to new threats -- will increasingly become an important differentiator between businesses.
"If firewalls are agile and can be modified quickly in response to threat intelligence, organisations will be able to defend themselves against anticipated targeted attacks," said Shwed.
The firewall of the future, he said, will play a more active role in cleaning up network traffic; will be incorporated into more security systems; and will be able to respond dynamically to external threat intelligence, as well as its own threat analysis.
This means it is unlikely it will become obsolete any time soon, but will continue to evolve as a platform for combining existing and future security technologies.