Firewalls have come a long way since they first appeared in the late 1980’s. Back at that time, they did little more than basic packet-filtering duties, monitoring the packets being sent between computers for any potentially mischievous traffic. They gradually added features such as stateful inspection, addressing vulnerability exploits at the application layer, anti-bot capabilities, sandboxing, and more.
Here are five of the top firewall trends:
1. Firewall variety
Firewalls have taken on a wide range of formats and specialties. As well as the obvious division between software and hardware firewalls, we now have cloud-based firewalls, proxy service firewalls, stateful multi-layer inspection firewalls, unified threat management firewalls, next generation firewalls (NGFW), network address translation (NAT) firewalls, virtual firewalls, network-based and host-based firewalls. They have dipped their tentacles into so many functions that some believe the name firewall will gradually disappear as they are subsumed into large security suites as one of many functions.
2. Protecting cloud workloads
Firewalls have moved on in recent years. Organizations initially wanted to protect individual PCs, then it expanded to servers and general enterprise protection. But the cloud changed everything. Firewall services now must encompass the cloud and on-premises infrastructure. Hence, cloud-based firewalls and firewall-as-a-Service (FWaaS) options are now commonplace.
Vishal Jain, Co-Founder and CTO at Valtix, said this was an important year for the maturation of firewalls for protection of cloud workloads. Driven by the necessity to mitigate Log4shell at the beginning of the year, more and more organizations realized that defenses outside of the app were just as critical in the cloud as making the apps invulnerable. That said, the network is still the best place to put these defenses to protect against inbound threats, lateral movement, and data exfiltration.
“Cloud firewall offerings from cloud service providers, traditional NGFW vendors, as well as third parties focused on cloud-native, multi-cloud offerings, saw significant uptake from cloud security engineers and architects looking to improve their cloud security defenses going forward,” said Jain.
3. Network access control unification
Another big trend in firewalls is how they have become part of the fabric of so many other security functions. Network Access Control (NAC), for example, has morphed into zero trust network access (ZTNA) whereby login identities are no longer enough to gain free passage within a network. Zero trust is all about keeping people out of places where they shouldn’t be, giving them access to a small subset of overall data, and verifying they are who they say they are at various points along their journey through network resources.
4. Disaggregation into microservices
The complexity of the cloud and organizational workloads has risen exponentially in recent years. Businesses continue to retain many on-premises systems for reasons of security, compliance, latency, and sometimes even cost. But they typically have an expanding cloud footprint. As well as a private and public cloud footprint, they also have their feet firmly planted into multiple clouds. Sometimes they use software-as-a-service, sometimes infrastructure as a service, and sometimes platform as a service. And then there can be line of business heads who are running cloud applications independently of IT. This can add up to a labyrinth of interconnections, dependencies, and integrated elements. Misconfigurations and vulnerabilities are inevitable.
“With the ascent of cloud-native architecture, where applications are composed of or disaggregated into hundreds of microservices operating independently across multi-cloud and hybrid environments, the need for network access controls has shifted from the perimeter to each individual workload,” said Ratan Tipirneni, President & CEO at Tigera. “We are seeing network access controls such as ingress and egress policies, segmentation policies, and threat detection being applied at the individual workload level, and applied for any traffic between workloads inside a cluster as well as between workloads in the cluster and entities outside of the cluster.”
5. Network detection and response trends
Similarly, threat detection and response (whether it’s an IDS/IPS or WAF application) is transitioning from the perimeter to the workload level. This is due to the nature of modern applications. Their design tends to limit the efficacy of network detection and response functionality when it is only deployed at a perimeter level.
“We’ll see all the functionality that was traditionally available at the perimeter move directly to the workload level,” said Tipirneni. “In the world of edge computing (IoT, autonomous cars, etc.), where a lot of the services are deployed directly at the edge, we’ll see a lot of network access controls and network detection and response capabilities deployed at the workload level as well.”