Five Ways Firewalls Keep Getting Better

Firewalls have been a mainstay for cybersecurity for many years, but they aren’t perfect tools. Despite advances in internet and device technology, basic firewalls haven’t changed much since their inception. But researchers and IT experts are working tirelessly to improve the foundational model and provide a better layer of protection for firewall users.

The firewall basics
Firewalls aren’t especially complicated, but they can work in a few different ways. All firewalls can be customized with specific criteria, allowing certain types of data to pass through while stopping others from passing into the network. Packet-based firewalls allow or deny specific packets entry to the network based on those protocols. Other types of firewalls retrieve the packets themselves as a kind of poison tester, before passing them onto the network. Most firewalls exist as an appliance or application, used in conjunction with your network.

How firewalls are evolving
So, how is this basic model starting to evolve?

  1. FWaaS. One major development in the firewall space has been the popularization of firewall as a service (FWaaS). FWaaS is cloud-based.Working much like a cloud storage system or similar cloud platform, FWaaS provides a layer of firewall protection to your network, no matter how remotely located it is or how many new links you add to the network. According to Cato Networks, this is advantageous because it means the firewall is more reliable, and covers a wider distance. In most cases, it’s more cost-effective as well. Plus, cloud-based firewalls are often updated automatically by providers, allowing for a mode of constant improvement.
  2. Lower costs. Firewalls are also getting less expensive. The tools necessary to create and maintain firewalls are becoming open-source and more available, and firewall management is becoming more intuitive thanks to better user interfaces. Overall, this means companies have to spend less time managing firewalls and less money getting the physical accessories necessary to maintain it.
  3. Higher throughput speeds. Throughput speeds are getting faster, which is good, because internet speeds are getting faster, and users won’t tolerate a slowdown just because the firewall needs extra time to kick in. Because the firewall takes action on data packets before passing them along (no matter what type of firewall is in effect), the time between requesting and receiving data is increased significantly under normal circumstances. Modern firewalls are becoming more advanced, enabling them to complete this process faster, and reduce lag in retrieving information.
  4. Awareness of users and applications. Traditional firewalls operate almost exclusively in layers 2 and 3 of the OSI model, in the network and data link, dealing with packets and frames. But modern firewalls are taking things a step further, according to findings by NSS Labs, improving awareness of applications and users. This gives firewalls more options in terms of blocking and allowing access to data, and gives organizations a wider berth of coverage to protect their systems. For organizations with hundreds of users and dozens of core applications, this functionality is indispensable.
  5. Third-party and multi-factor authentication systems. Authentication is a pivotal step for most firewalls, verifying that data has come from a trusted source and that the users attempting to access that data have the authorization to do so. Newer firewalls have more advanced means of authenticating; for example, they might partner with third-party authentication systems to define and/or allow certain groups of users access to specific information, while denying others. Multi-factor authentication can also use multiple protocols to ensure the validity of a given user (or packet of information).

Your cybersecurity should be one of your biggest priorities, so your firewall demands your attention and investment. Despite advances in other areas of cybersecurity, your firewall is still the first line of defense you have against the cybercriminals who would compromise your data, and the malware that could otherwise infiltrate your systems. Pay attention to these keystone developments, and make sure your firewall is upgraded enough to provide the best protection.

Anna Johannson, Writer

[ISACA Now Blog]

CSA Summit Returns to Infosecurity Europe 2018

Seattle, WA – May 9, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the agenda for the second annual CSA Summit at Infosecurity Europe 2018. The full-day event will be held Tuesday, June 5, as part of Infosecurity Europe 2018 (London, June 5-7).

The event will bring together leading security experts and cloud providers from around the world to discuss global governance, the latest trends in technology, the threat landscape, security innovations, and best practices, in order to help organizations fully understand the capabilities of cloud and how to properly protect themselves from its potential risks. Attendees will also have the opportunity to take advantage of Certificate of Cloud Security Knowledge (CCSK) exam training and a workshop – Achieving General Data Protection Regulations (GDPR) Compliance with the CSA Code of Conduct.

“Today, cloud adoption encompasses a wide range of mission-critical business functions. Some organizations, such as those in the financial and government sectors, have made significant steps thanks to regulatory mandates, requiring a change in technology security as well as the mindset of security professionals,” said Jim Reavis, CEO of the Cloud Security Alliance. “This year’s Summit will examine these advancements and others as we look to provide companies with actionable advice on how they can best apply these technologies to their unique business needs.”

The CSA Summit at Infosecurity Europe 2018 will feature keynote presentations from some of the industry’s most notable thought leaders in cloud, who will speak on such topics as:

  • Security as a Service: Work Where Your Engineers Live. Julia Knecht, Adobe Experience Cloud’s manager of Security & Privacy Architecture, will explain how Adobe leveraged existing software development processes to enable their engineers to get security work done when and where it needs to get done —without the overhead of constantly trying to reinforce security-specific processes.
  • Confessions of a Cloud Security Convert. In this talk, Michael Farnum, solutions architect manager/South Texas for Set Solutions, Inc., will share what he has learned as he transitioned from a career in network and application security to one in cloud security and take attendees through his journey of converting to the cloud.
  • Quantum-Safe Cloud Security. ID Quantique’s Quantum Safe Product Manager Bruno Huttner will discuss quantum-safe security and the recent work of the CSA Quantum-Safe Security Working Group.
  • Threat Modeling: The Ultimate DevSecOps. Learn how to take DevSecOps to the next level using threat modeling in this session from Fraser Scott, senior cloud security & DevSecOps engineer, with Capital One. He will walk the audience through a threat model of a cloud-based service using the Open Web Application Security Project (OWASP) Cloud Security project, looking at it from the perspective of development, operations and security. Attendees will walk away with an understanding of how threat modeling can dramatically improve the security of services by identifying and addressing threats, and will have the basic tools and techniques they need to get started threat modeling their own cloud services.
  • Secure by Design IoT. In this session, Matthew Theobald, a Cloud Security Architect with Schneider Electric, will show how to significantly reduce an Internet of Things (IoT) device’s attack surface using an alternative approach for bi-directional data flows to arrive at an IoT solution that is secure by design. The session will include a demonstration of an IoT device which sends telemetry to the cloud and responds to commands from a web application to perform actions on the board. The demonstration will include a network scan to show the device does not have an addressable server endpoint.

Also on the agenda is the EMEA Chapters Panel, during which time attendees will have the chance to provide feedback on cloud issues that are specific to Europe, as well as:

  • Discover what is going on in their country;
  • Understand what research is being undertaken within Europe; and
  • Learn of various projects’ progress and how they can contribute to areas of their own areas of interest.

Additional Training

CCSK v4 at Infosecurity Europe 2018. Attendees who are thinking of taking the CCSK exam or who simply want to deepen their knowledge of cloud security controls and implementation will want to register for this 1-day training workshop on June 7. Taught by Peter HJ van Eijk, an authorized CSA training partner and noted cloud computing expert, the provides students a comprehensive 1- day review of cloud security fundamentals and prepares them to take the CSA CCSK certificate exam.

Starting with a detailed description of cloud computing, the course covers all major domains in the Guidance document from the Cloud Security Alliance, the CSA Cloud Control Matrix (CCM), and the recommendations from the European Network and Information Security Agency (ENISA). Participants are encouraged to take advantage of some of the online training that is provided in advance of the course in ordered to maximize the training’s benefit. Students receive an exam token as part of the course fee.

Achieving GDPR Compliance with the CSA Code of ConductThis workshop on June 7 (10 a.m. – 1 p.m.) provides a brief overview of the European General Data Protection Regulations (GDPR) requirements. It explains the key role of the principles of accountability and transparency within the scope of the law and finally introduces the CSA Code of Conduct for GDPR compliance. During the workshop, representatives from CSA, the auditing community (ICT Legal and EY Certify Point) and a cloud service provider will walk-through a real-world scenario of how they can adopt the Code of Conduct for their organizations. Attendees of this workshop will walk away understanding:
which are the GDPR requirements for data controller and processors in the cloud.
what the CSA Code of Conduct for GDPR compliance is and how to integrate the CSA Code within their existing security program.

the importance of transparency and accountability from both the cloud service providers and customer perspective.
Presenters include Daniele Catteddu, CTO, Cloud Security Alliance; Paolo Balboni, founder of ICT Legal Consulting and chair of the CSA Privacy Level Agreement Working Group; Mayank Joshi, Manager, Ernst & Young Certify Point; and a representative from a cloud service provider.

To register or learn more, visit csacongress.org.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security- specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.

Media Contact


Kari Walker for the CSA 
ZAG Communications
703.928.9996
kari@zagcommunications.com

[Cloud Security Alliance Research News]

The EU’s Network and Information Security (NIS) Directive Goes Live Amidst Range of Expanding Cybersecurity Efforts

Yesterday was the “go live” date for the EU’s Network and Information Security (NIS) Directive. The NIS Directive was adopted in 2016, and as a directive, it sets out objectives and policies to be attained through legislation at an EU member state level within a certain timeframe (a process called transposition). Member states were required to transpose the NIS Directive into national law by May 9, 2018.

As the first EU law specifically focused on cybersecurity, the NIS Directive has three parts, affecting both industry and member state governments.

  • Requirements on organisations: The directive establishes security and incident notification requirements for “operators of essential services” (OES) (e.g., providers of energy, transportation, healthcare, drinking water, some financial services) and, to a less stringent extent, “digital service providers” (DSP) (online marketplaces, online search engines, and cloud service providers). The NIS Directive requires these companies “to have regard to the state of the art technologies” to manage risks posed to the security of the networks and information systems used to provide the covered services, and take appropriate measures to prevent and minimise the impact of incidents. Security incidents of certain magnitudes must be reported to national competent authorities. The above obligations apply whether the OES or DSP manages its own network and information systems or outsources them.
  • National activities: The directive requires member states to adopt national cybersecurity strategies; to designate national competent authorities; and to have one or more computer security incident response teams (CSIRTs), corresponding at least to the sectors covered by the directive, to detect, prevent, and respond to cyber incidents and risks.
  • EU-wide collaboration: The directive emphasises coordination among member states, setting up a CSIRT network (also to include CERT-EU) to promote swift and effective operational cooperation regarding threats and incidents, and a strategic NIS “cooperation group” to support and facilitate cooperation and information exchange among member states.

Officials in Brussels and other EU capitals have worked hard to make NIS successful. Many countries have updated or issued, for the first time, their national cybersecurity strategies. CSIRTs have been established, and legislation has been readied to transpose NIS. The European Commission has issued guidance to countries on effective implementation of NIS.  ENISA – the EU Agency for Network and Information Security – has also issued a range of guidance, including recommendations on the use and management of CSIRTs and recommendations regarding the security and incident notification measures for DSPs. .  The NIS cooperation group –  composed of representatives of member states, the Commission, and ENISA– reportedly meets regularly to coordinate efforts among EU countries, including sharing information about how to implement NIS as consistently as possible. To that end, the cooperation group has issued  non-binding guidelines on security measures and incident notification for OESs. The EU member states that have held the EU Presidency since NIS was adopted- Slovakia, Malta, Estonia, and now Bulgaria—have all made NIS implementation a priority, driving NIS-related activity including in the Cooperation Group.

Of course, steps remain. Some countries need to finish transposing NIS (not all countries made the deadline). Per the directive, they also have another six months to identify the operators of essential services established in their territories (this information might not be made public for security reasons).  And equally importantly, organisations covered by NIS will be determining if they must change their security practices to meet its requirements, and if so, how. The European Commission understands that more needs to be done, and announced May 4 that, to help member states rapidly transpose the NIS Directive and build their capabilities, the Connecting Europe Facility programme is providing €38 million in funding until 2020 to support national CSIRTs as well as other NIS Directive stakeholders, such as the operators of essential services and digital service providers.

As part of the May 4 announcement above, European Commission Vice-President Andrus Ansip, responsible for the Digital Single Market, Commissioner for Migration, Home Affairs and Citizenship Dimitris Avramopoulos, Commissioner for the Security Union Julian King and Commissioner Mariya Gabriel, in charge of Digital Economy and Society, issued a statement, noting that “The adoption of the NIS Directive two years ago was a turning point for the EU’s efforts to step up its cybersecurity capacities.” This is true.  However, NIS is just one of an expanding list of activities driven out of Brussels to improve cybersecurity. Many people close to the action in Brussels reported that attention to cybersecurity rose quickly among senior policymakers in the wake of the May 2017 WannaCry ransomware attack. In September 2017, EU President Jean-Paul Juncker made cybersecurity a major theme – for the first time ever — of the “State of the EU” address, highlighting the need for the EU to better protect Europeans in the digital age. That same month, the European Commission issued a package of cybersecurity legislative and other proposals. This included a new EU cybersecurity strategy, “Resilience, Deterrence and Defence: Building Strong Cybersecurity for the EU,” with a focus on protection and prevention of cyberattacks. Further, the Commission announced the intention to set up a “cybersecurity competence network” and a “European Cybersecurity Research and Competence Centre,” and a recommendation to establish an EU-wide “Coordinated Response to Large Scale Cybersecurity Incidents and Crises.” It also proposed a new law – the Cybersecurity Act — to increase and make permanent ENISA’s mandate, as well as develop an EU-wide certification scheme. This Act is currently being debated in Parliament and the European Council.

All these EU efforts are essential. They include important plans and activities: increasing cybersecurity-related education and training, stepping up law enforcement activities, and accelerating cyberthreat information sharing, to name a few. They also, of course, complement an array of actions being taken by the member states individually.

Palo Alto Networks commends European policymakers for putting cybersecurity front and center.  The NIS Directive hits a key milestone today, but today is simply a stage on a journey. The EU understands that cybersecurity is essential to economic activity and growth as well as to the user confidence in online activities that underpins it.  Companies in Europe, across all sectors, must ensure their business are resilient to cyberattacks as they embrace the digital world, EU governments need secure online operations, and consumers need trust in their online experiences. Ultimately, the more all EU member states can raise the collective bar the more the global digital infrastructure will benefit.  Palo Alto Networks looks forward to continuing to contribute to Europe’s efforts.

[Palo Alto Networks Research Center]

English
Exit mobile version