Last month, I promised to spend some time on the features all businesses should seek when purchasing a firewall. These are the “must haves”—minimal criteria for protecting your company. It’s certainly possible to purchase even more feature-laden firewalls, but many business owners focus on cost ahead of security. That’s a dangerous approach, in our opinion, but there is a middle ground. With prudent evaluation and selection, it is possible to find an affordable firewall with all the features I list here.
Some key “mission critical” firewall features, in our viewpoint, are:
- Near-continuous updates for signatures. Signatures are patterns in code or traffic that help identify viruses, malware and intrusion attempts. The ability to use and update all types of cyber-signatures is critical to firewall performance.
- Real-time statistics on current usage and activity. All activity should be logged and available for review in real time, and should also be archived—and preferably emailed or otherwise distributed to specified users/devices on a daily (or more frequent) basis.
- Network “elasticity”—the ability to use multiple public IP addresses. Network appliances such as firewalls generally perform best when they have access to multiple IP addresses on a network interface.
- Deep Packet Inspection. Many years ago, firewall developers began offering what is known as “stateful inspection”—an approach that tracks the state of connections and blocks data packets that deviate from the expected state. Now, the better ones offer deep packet inspection, which adds stateful protocol analysis to stateful inspection. In layman’s terms, deep packet inspection compares profiles of benign protocol activity against observed events to identify deviations, enabling the firewall to allow or deny access based on how an application is running over the network.
- Policy-based monitoring of both inbound and outbound traffic. Firewalls should be able to monitor network traffic in both directions and apply pre-determined policies based on Internet addresses and address ranges, protocols, applications and content types to determine how and when traffic should be secured. Ideally, all inbound and outbound traffic not expressly permitted by the firewall policies should be blocked.
- Network Access Control: Ability to create security zones and firewall rules based upon organizational security policy, and to perform checks on incoming connections from remote users and systems and allow or disallow access based on the affected zone and its governing rules.
These criteria can be confusing to understand and complicated to master, which is why so many enterprises outsource their firewall purchase, implementation and management to security experts. To learn more about firewalls and how they can benefit your firm, or to explore any other security-related question, feel free to email us or give us a call at 770.643.4400 (toll-free: 877.841.8069).