In this Help Net Security interview, Raymond Brancato, CEO at Tufin, discusses the considerations organizations must weigh when selecting a next-generation firewall to effectively balance security needs with network performance. Firewall rule histories are an important tool for network and security teams. Evaluating the current network architecture and security requirements and any key assets or sensitive data will help a team determine the most suitable firewall type and configuration. You already said the most important part – security needs, useability, and network performance must be balanced, and it’s not always easy to find that common ground. In short, security teams can use firewall rule histories to identify both one-off issues and recurring patterns beyond what is immediately visible. Automation is an excellent tool for security professionals, and many aspects of a modern firewall can be automated – from checking and granting (or denying) access, to deploying new connections. Organizations can also take this to another level by automating specific responses to requests and rule deviations, removing a mundane and time-consuming process from the plates of their security teams altogether, while ensuring that networks continue to perform at a high-level. By automating the review of these guardrails, busy security teams can rest easy that any deviations from the established rules will be identified – and that they will receive an immediate notification if there is an issue, so they can respond quickly. While it is a mistake to ‘set it and forget it,’ it can easily overburden security teams if firewall management does not incorporate as much automation as possible. By regularly auditing rule histories, teams can identify risky behaviors, such as changing security policy or rules to enable a request, or a failure to update or remove outdated rules. An organization’s firewall policy sets the framework for inbound and outbound traffic management, administrative rights and access, which threats should be blocked and how best to adhere to regulatory and organizational compliance standards. Be sure to focus on key variables such as what network access levels are necessary to support, the desired level of security, internal segmentation (e.g., DMZ), regulatory and compliance requirements, the complexity of the network topology, and common/potential threat types. Regularly revisiting and adjusting the organization’s firewall ruleset to adapt to evolving network demands – and threats – is essential. It’s easy to ignore a problem and hope it goes away, but when it comes to false positives, teams need to find the root cause of legitimate traffic being blocked. This knowledge helps teams become proactive, both in preventing vulnerabilities – and in improving the security, and therefore the performance of their networks. When selecting a firewall, the first step an organization must take is to take a deep dive into the existing network infrastructure. Teams should verify that all rules have been applied correctly and that authorized traffic is getting through the firewall as planned. Weaknesses in network segmentation, control or governance processes can be uncovered, giving teams what they need to understand and address a potential issue before it’s too late. Emphasizing these factors as a firewall is selected will help to ensure that the choice ultimately reflects the unique challenges and needs of the organization. When configuring a firewall to govern incoming and outgoing traffic, it is important to understand the elements and endpoints of the new firewall (and/or the old one, if only adjustments are being made). Many firewall management tools offer visibility into rule sets and traffic patterns.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 02 Oct 2024 05:43:05 +0000