Telecom & Tech
Data Castles
Next-gen firewalls and managed IT security
By Tracy Barbour
A

s a growing company with locations across a wide geographical area, Alaska Rubber Group (ARG) thrives on employing top-of-the-line technology. The Anchorage-based business has made a huge, successful push with digital transformation over the past few years. Having a solid and secure IT infrastructure allows ARG to give customers access to services when, where, and how they need them. It also enables the company’s remote employees to connect and communicate consistently across teams scattered throughout Alaska, Washington, and Oregon.

But none of this would be possible without the help of a good IT provider, says Mike Mortensen, CEO and president of ARG, a supplier of belts, hoses, and ropes to the oil and gas, mining, fishing, timber, agriculture, marine, and construction industries. “Because of the tools we have deployed the last few years, it has really brought our company together and helped us streamline processes and procedures,” he says.

ARG relies on a range of managed services provided by Arctic IT to support its complex computer network and growth-oriented strategy.

“Having a partner like Arctic IT—which is not only servicing us with the tools we need today but is looking around the corner for what’s coming, partnering with us and understanding our vision, and coming to the table to provide ideas and solutions to help us prepare for growth—has been key to us,” Mortensen says.

Many organizations like ARG are integrating the latest technology to protect their network, information, and other assets. They’re using next-generation or next-gen firewalls (NGFWs) that not only filter network traffic but incorporate more complex functions—deep packet inspection (DPI), intrusion prevention systems, virtual private networks (VPNs), content filtering, and secure sockets layer (SSL)/transport layer security inspection—to help IT administrators monitor and respond to security threats. This advanced technology, often facilitated by third-party providers, is helping companies detect suspicious activity and block modern threats like advanced malware before they can have a negative impact.

“Because of the tools we have deployed the last few years, it has really brought our company together and helped us streamline processes and procedures.”
Mike Mortensen
President and CEO
Alaska Rubber Group
Important Features
Every business should have a firewall installed, but with the increasing threat landscape, it’s now even more important to leverage the increased security provided by a next-gen firewall, says Erik Fredrickson, program manager for information security at Alaska Communications. “Next-gen firewalls offer greater security protection flexibility than a traditional firewall by protecting devices from a much broader spectrum of threats,” he says.

Conventional firewalls are primarily limited to information contained on the hardware itself and rigid rules for classifying traffic, including internet protocol (IP) address and IP port. Using these methods, it’s difficult or impossible to allow valid business applications while blocking known threats. “Hence, traditional firewall rulesets can be more vulnerable to dynamic attacks that take advantage of common port/protocol openings found in all organizations, such as those that allow standard web traffic,” Fredrickson says. “The static rulesets in traditional firewalls also create an endless stream of change requests that consume significant amounts of a security team’s time.”

A next-generation firewall has all the features of a standard firewall, but it also uses many resources outside of the firewall, such as threat intelligence feeds. “Next-gen firewalls have the ability to perform DPI, which is inspecting the contents of the IP packet instead of just the packet header,” Fredrickson says. “Since the contents of the packets are known, DPI allows administrators to apply additional security, such as data loss prevention rules by searching for specific patterns or data sets.”

With this sophisticated technique, next-gen firewalls compare packets—which comprise user data and control information—to databases containing application identifications. Organizations can then define which applications to allow or deny in their network environment as well as assign appropriate access to users and groups inside and outside the organization. Next-gen firewalls also can compare packet contents to databases containing threat IDs.

Icons
Tips to Maximize
Your Next-Gen Firewall
Make sure the firewall product you choose can perform in your environment with all the services turned on. Don’t try to save money by picking and choosing features.

Train staff or engage in professional managed security services to ensure proper configuration. Otherwise, they can lead to a false sense of security.

Make sure as much network traffic as possible is going through the next-gen firewall. Its advanced features provide the maximum value if all data goes through the firewall. Don’t set it and forget it. Security is never-ending.

Next-gen firewalls do not replace other security measures. They shine as part of a comprehensive security strategy.

Source: Erik Fredrickson, Program Manager, Information Security for Alaska Communications

In essence, a next-generation firewall builds upon existing firewall technology to deliver an improved set of features. This allows the firewall to detect and block malicious traffic, allow or restrict connectivity to specific applications, and decrypt SSL traffic in transit, according to Mitch Kitter, director of security architecture and planning at GCI.

“While traditional firewalls allow for protections at a port level, they are unable to monitor application-level traffic,” Kitter says. “NGFWs do, however, have the ability to be aware of the content transmitted to and from applications. This enables organizations to have stronger protection against malware and viruses that may be hiding within applications or web pages.”

Ideally, next-gen firewalls should understand modern protocols and web applications and process traffic beyond traditional, stateful packet inspection, says Kuda Mazorodze, Arctic IT’s security operations manager. Typical NGFW capabilities include intrusion detection and prevention, software-defined wide-area network, content filtering, advanced malware protection, domain name system filtering integration, remote access VPN, and site-to-site VPN. In Alaska, the most common advanced firewall features Mazorodze is seeing are site-to-site and remote access VPN, content filtering, and intrusion prevention.

One of the main benefits of next-generation firewalls is their ability to handle modern web 2.0 applications that otherwise would be invisible to a traditional firewall, Mazorodze says. Businesses can define granular rules to govern network traffic. “This could include prioritizing business communication protocols like video/voice conferencing and identifying and deprioritizing traffic that a business may consider non-essential,” he says. “Traffic management in this manner helps with maintaining the availability of key business resources and maintaining productivity.”

NGFWs also offer network-level protection against harmful code/applications by filtering out dangerous or inappropriate content before it reaches endpoints—such as a laptop, mobile phone, server, or virtual environment. “This is essential because many cyber criminals have turned to encryption to hide their nefarious activities,” Mazorodze says, “but thanks to SSL inspection on next-generation firewalls, companies can scan encrypted traffic [and find threats] to stop security evasion by encryption.”

“Next-gen firewalls offer greater security protection flexibility than a traditional firewall by protecting devices from a much broader spectrum of threats.”
Erik Fredrickson, Program Manager for Information Security, Alaska Communications
Threat Intelligence and Geo-IP Filtering
Businesses are layering various sophisticated firewall technology to protect their information, network security, and reputation. Real-time threat intelligence and user and event behavior analysis (UEBA), for example, are increasingly valuable tools. “Threat intel feeds can be used to populate dynamic lists of known bad IP addresses and domains, which are then used in rules that block or restrict high-risk traffic automatically,” Fredrickson says. As for UEBA, he explains that it “learns your digital behavior and will flag anomalies. For example, your employees might always use the same four web applications to perform their jobs. If an employee starts suddenly using a different application, the UEBA system will send a flag, and the next-gen firewall can perform an automated action, such as allow or deny use.”

Another popular technology is Geo-IP filtering, which allows businesses to scrutinize traffic from places that are known for launching cyberattacks. For instance, if a company only conducts business in the United States, it could set a protocol to block incoming traffic from Russia or China.

Companies are also adopting multifactor authentication (MFA) and identity management services for everything from online banking to social media activities. MFA dramatically enhances security because it grants users access to a network, system, or application only after confirming their identity with multiple credentials, such as a password, token, or biometrics. When enabled, MFA blocks 99.9 percent of automated cyber attacks, according to Microsoft.

In addition, remote work is accelerating the use of technology advancements. With many workloads transitioning to cloud environments and more people working from home, several related technologies support cloud workloads and a remote workforce, according to Kitter. They are secure access service edge (SASE), cloud access security broker (CASB), and zero trust network access (ZTNA). SASE represents a cloud-based network architecture for delivering secure access for users and devices. CASB enables firms to have greater control of their data as it transits in and out of cloud environments like Dropbox or Microsoft’s O365. ZTNA functions like a VPN but with user, application, and device specific controls.

Businesses are also integrating modern security solutions with endpoint detection and response. A prime example is Microsoft Defender for Endpoint. The security platform combines antivirus, antimalware, ransomware mitigation, and other forms of threat protection with centralized management and reporting to create advanced protection.

“Many cyber criminals have turned to encryption to hide their nefarious activities, but thanks to SSL inspection on next-generation firewalls, companies can scan encrypted traffic [and find threats] to stop security evasion by encryption.”
Kuda Mazorodze
Security Operations Manager
Arctic IT
Leveraging External Resources
Finding and keeping skilled cybersecurity personnel to capitalize on NGFWs and other high-tech security features can be both challenging and expensive. However, partnering with a managed service provider like Arctic IT, Alaska Communications, or GCI can give companies access to mature technologies.

Take, for example, the partnership between Alaska Safety Alliance and Arctic IT. The small nonprofit has relied on the managed solutions and technical expertise of Arctic IT for the past seven years. “We are not IT experts, but we offer fairly technical services,” says Alaska Safety Alliance Executive Director Cari-Ann Carty. “Having Arctic IT there has been really crucial to us delivering successfully to our customers.”

Arctic IT gives customers access to Cisco Meraki next-gen firewalls that are capable of up to layer 7 or application visibility into network traffic. Traditional firewalls only analyze traffic at layers 3 and 4. “The Cisco Meraki cloud-based console helps consolidate network and security management in one place, which eases deployment management,” Mazorodze says. “We believe that security can be likened to the layers of an onion, and next-generation firewalls are only one part of the layers. Security no longer starts and ends at the perimeter, and we believe in taking the zero-trust approach by authenticating devices, users, apps, et cetera.”

There’s no silver bullet when it comes to protecting a business, Fredrickson says. Today’s threats require more than just a next-gen firewall, which is why Alaska Communications also emphasizes layers of security.

Security products can seem overwhelming and unattainable for businesses, Fredrickson says. That’s why many companies opt to work with a trusted partner who can devise a solution suited to their unique needs and budget. “When selecting a provider, look for a partner who understands your business and industry,” he advises. “The more invested your partner is in your business, the better the outcome. In addition to a trusted partner for security services, we recommend having a third-party security audit at least once per year. We recommend outside audits to our managed security customers.”