Firewalls seem like a fixture of IT security, having been used for more than 15 years in most business environments to protect our internal assets from the hacks out there on the big bad Internet. Yet too often we read the headlines and hear about another network intrusion that begins with “Once the criminals obtained valid network credentials they were able to explore the network and smuggle gigabytes of personal information/credit cards/state secrets/medical records to servers under their control.”
Why, in the 21st century, when much of our workforce is currently sitting in a cybercafé, airport, hotel or home office, do we still think that our employees are on the inside? What about all of that data you shipped off to the cloud? Is it inside?
Modern firewalls are impressively equipped to help out with these problems. One really obvious way to get more out of your firewall is to start scrutinizing what is going out from sensitive areas of your network with at least as much effort as you put into stopping unwanted connections coming from the other direction. It can often be difficult to detect a perpetrator who has phished a valid set of credentials from one of your trusted users. In this case, noticing what information is being accessed and whether it is being sent off to a cloud storage service might be far more useful.
Many organizations have started using next-generation firewalls to protect internet-facing databases and web servers from SQL injection and other common data theft attacks.
Why not protect your internal web servers and databases the same way? Whether it is a malicious insider or a malware infection, it hardly matters. If the data inside those servers and databases is worth protecting, it shouldn’t matter whether it faces the Internet.
Another way firewalls can be used in “reverse” is looking for indications that you may be compromised by more advanced threats. Often these attacks are designed to bypass anti-virus protection and can worm their way into your infrastructure. Why not watch the network for command and control traffic used by the crooks to control their devious applications? The lack of segmentation has been a major problem with taking advantage of firewalls. When you think of them as gatekeepers, it makes sense to use one to segment off your HR, Engineering and Finance departments.
Many firewalls are available as low cost hardware appliances or can even operate as software on commodity hardware without any additional licensing cost. The cost of a small PC to protect your Finance department is pretty easy to justify.
Source: Cyber Security Intelligence