Internet and Security: Top Considerations for a Firewall

Recently our MD quipped that there are four things required for a sustained living: Food, Cloth, Shelter and the internet! This got me thinking on how internet has really become a necessity in our lives. From starting our day with the daily dose of news on the go, connecting with the world, to finding solutions for our everyday problems, internet is omnipresent. For a Business, it means that you have access to the world and unlimited opportunity to be unlocked. However, like other essentials internet needs conservation and protection and one of the biggest threats plaguing Businesses globally is the security of its application, data, user credentials, infrastructure etc.

 Cyber-security is one of the top priorities for any online Business today as protection of revenue becomes as important as growing revenue. We will focus on Firewalls in this article which is a critical component of your Security posture. Let’s take a look at the top considerations when you evaluate your security posture and the need for Firewall.

   1.   Scalability

Cyber-attacks are increasingly becoming voluminous and it is imperative that the Firewall is able to scale to any volume of attacks typically know as DDoS. Firewalls have been historically known to have a certain capacity beyond which they are rendered ineffective and could expose your infrastructure. Here is a reference to one of the largest attacks seen recently.

Considerations for an online Business: What is the maximum capacity of the firewall?

• Is the capacity enough to mitigate any attack given the recent trends?
• What is the availability SLA?

    2.   Visibility

Visibility is the first step towards a solution. Similarly, real-time visibility into security events and the ability to drill down into attack alerts to learn what’s being attacked, by whom and what defense capabilities can thwart the attack will make our responses extremely efficient. Visibility needs to be accurate, detailed and timely.

Considerations: What is the time lag of the security analytics and logs provided?

• Is the information provided detailed enough to take intelligent timely decisions?

      3.   Accuracy

One aspect that gets missed out invariably when evaluating the security posture is the accuracy of Firewall. Accuracy is the ability to not just detect and protect against an attack but at the same time, ensure that real users are able to access the application at all times. There have been a few studies done recently which are using the industry standard for machine learning called Matthews correlation coefficient. In security parlance, accuracy is the ratio between the true and false positives and negatives. You can find some further details here.

 Considerations: What is the accuracy of Firewall?

• What is the business impact if Firewall starts blocking legitimate traffic as well?

    4.   Manageability and Self-learning system

The threat landscape is changing fast. Cyber-attacks are getting more sophisticated with organized cyber-crime activity becoming a norm and newer tools/vectors being identified. New vectors and vulnerabilities are being identified by the day and attackers are looking to exploit these. Hence, it becomes critical that the Firewall is able to manage all the new attack vectors coming in. This is where a self-learning system becomes critical to protect against all the new attack vectors that might be seen in the future.

Considerations: What resources does the Firewall leverage to keep updated with the evolving threat landscape?

• Does the Firewall vendor provide services to manage or is it a self-managed system?
  
  5.   Time to mitigate SLA

All said and done, there might never be a silver bullet to security. Hence, we need to have a mitigation plan of action if there is actually an attack and something fails. The most important part of your mitigation plan is to define a time-frame within which any attack should be mitigated.

Considerations: Is there a time to mitigate SLA the Firewall can provide?

• What is the Business impact of downtime (say 1 hour)?
  
  6.   Performance

This could be the first consideration as well given that performance and responsiveness is top priority for any online Business. However, with Firewalls inspecting traffic packets/patterns to determine the likelihood of it being a malicious activity or a legitimate user, performance could be negatively impacted. This processing and comparing each request adds a time lag which impacts the user experience.

Consideration: What % performance degradation is acceptable to your Business?

• What is the maximum % of performance degradation expected from the Firewall implementation?

Disclaimer: The opinions expressed within this article are personal opinions and do not reflect the views of any organization.