A Managed Firewall is More Important Than Ever for Your Company’s Security.
A few years ago, some members of the IT community declared the firewall to be dead. You would think that in the age of breaches and security compromises, this would be furthest from the truth. The fact is, they were right. The traditional firewall is dead. But, with technology advances, elevated loads on software/local firewalls and application security software, as well as the need for sophisticated threat protection, a comprehensive managed firewall solution is more important than ever before.
Firewalls come in two types – hardware firewalls and software firewalls. Each has its benefits and drawbacks.
Software Firewalls
A software firewall is installed on each device that you want to secure.
- Benefits: Since the firewall is locally installed on a specific machine, granular traffic analysis can be done, and security alerts let administrators know what is happening on each individual device.
- Drawbacks: The software will need to be installed on every device on your network. This can be quite a task if you have hundreds or thousands of employees. Also, if software firewalls are implemented without a hardware firewall to support them, there is no security in place at your network’s edge. With no hardware firewall in place between your network and the Internet, attacks could be unleashed before they reach individual machines. Software firewall installation may also cause some devices to run slower and there could be compatibility issues between the firewall software and the device’s operating system.
Hardware Firewalls
A hardware firewall is a piece of security hardware that sits between the Internet and your network.
- Benefits: Because it sits at the network’s edge, all data coming in from the Internet will pass through the firewall before it hits your network. This ensures that you have complete control over the traffic on your network. There is no requirement to install security software on each device and no performance degradation. Hardware firewalls are easy to configure by setting rules which apply to all traffic or enabling more granular controls.
- Drawbacks: Modern firewalls analyze vast amounts of data to identify and combat sophisticated cyber-attacks. While this is a benefit, it requires 24/7 monitoring and maintenance by professionals who are specifically trained in security management. Most businesses don’t have the required level of security professionals on their in-house IT team.
HOW MULTACOM’S MANAGED FIREWALL STRATEGY WILL KEEP YOU PROTECTED
While it’s understood that a firewall is a critical line of defense for your company’s protection, the implementation of advanced security measures by your IT staff may not be as comprehensive as it should be. It’s common for an internal IT department to install a software firewall on each user’s device or a hardware firewall at the edge of their network, but it is less common to implement a blended solution where both types of firewalls are used.
At MULTACOM, we believe that a combination of hardware and software firewalls provide the best solution.
First, let’s address the idea that a hardware firewall is no longer needed. In principle, this is true. Application layer support can quickly perform automatic updates and other actions on the server at a fraction of the former cost. Local security software also detects viruses and other threats that typically get past hardware firewall systems. The software firewall has the ability to scan the infection after the fact, while the hardware firewall can only have an impact at the time of transmission. ConfigServer, for example, is free security software for cPanel servers which performs firewall and application layer protection and is absolutely critical.
The problem with a software firewall-only strategy is that without a hardware firewall in place, the server can receive a massive number of requests from external sources which will overwhelm the local software firewall. You then run the risk of the local firewall being exploited by an external application that is used to attack it or bypass it to threaten other servers on the network. Placing a hardware firewall at the edge of the network, between the Internet and your devices, is your company’s first line of defense.
- It provides initial front-end protection by filtering out threats that will hurt or bypass your software firewall.
- It limits the amount of work required of the software firewall.
- It enables the hardware firewall and software firewall, in a unified way, to complete the actions in which they each specialize. Meaning, it enables each firewall to do what it does best.
MULTACOM colocation clients, for example, benefit from a unified firewall strategy when utilizing a lights-out management port. Since a LOM port is not part of the operating system, it can only be protected by a hardware firewall. A software firewall would never know it existed.
One of the most well-known examples of exploiting security vulnerabilities was the use of Dell EMC’s iDRAC lights-out management server and IPMI/BMC controllers to gain management console access. Since this port is not related to the operating system, a software firewall alone would not have protected anything. A malicious hacker using this means of entry can acquire the content of the server’s console, gather keyboard input, turn the server on and off, and do anything else that a legitimate user can do.
In the case of a Hyper-V, the virtual machine on which the operating system is running is not protecting the Hyper-V itself. We could include many additional examples of threats that can arise when software and hardware firewalls are not used together, but you get the picture.
A well-managed and robust security strategy that consists of a software security system installed on local machines combined with a hardware firewall is great, but it’s just the first step.
The next step is to have a data center partner like MULTACOM implement this comprehensive security strategy. When you outsource responsibility for firewall management to MULTACOM, we also provide 24/7/365 monitoring by security professionals who are on-site in the data center rather than working remotely.
The benefit of on-site security monitoring cannot be overstated. In addition to confirming that everything is working properly, any security alerts or hardware failures can be addressed without delay by the on-site staff. This is critical to ensure that security threats are addressed immediately before potential attacks negatively affect your business.
MULTACOM also takes over the responsibility for hardware purchases and repairs. This eliminates the burden of hardware maintenance and the need to travel to the facility to evaluate and fix the problem. We also keep an inventory of hardware in stock so a firewall can be deployed or replaced as needed without having to wait for a week or more before the equipment is received from the vendor.
THE LAST WORD
While a managed firewall solution, which is maintained and monitored by a data center’s team of security professionals will give you the advantage you need to stay ahead of the latest threats, not all managed firewall solutions are created equal.
To save time and money, it’s quite common for data center providers to add a firewall or security blade to an existing router or distribution switch. While this makes the installation easy for the data center, there are significant limitations for you.
In this situation, a firewall blade will be added to the primary router which may deliver service to many clients and hundreds of racks. Since the data center will be creating rules for a shared unit, you will most likely not receive the level of service and type of security measures you require. Also, security blades place additional demands on the router equipment which was originally installed to do routing and distribution. It was not installed to implement advanced security measures.
At MULTACOM, we don’t recommend a one size fits all solution. We meet with you to gain an in-depth understanding of your security needs to determine which of our various Cisco and Fortinet firewall options will be most appropriate for you.
We don’t connect hundreds of customers to one firewall. We deliver direct connections to individual firewall hardware dedicated specifically to the needs of each of our clients. Once installed, our on-site team of highly trained security specialists monitor, manage and maintain all firewall equipment on your behalf to keep you protected around the clock.