AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

Welcome to the Jungle… Thinking Differently about Our Firewalls

by
[addtoany]

Last week I had the privilege of chatting with @Ira_Victor from the Cyber Jungle on the topic of thinking differently about how we configure corporate firewalls. While we typically think about firewalls as blocking bad network traffic, firewalls aren’t just security devices. If we flip it around a bit, firewalls can also be enabling devices.

What do I mean by this? Well, oftentimes firewall rules end with “Allow” as opposed to “Drop”. Yes the firewall is there as the first line of defense, but we poke a lot of holes in the firewall to enable something – and most of the time that “something” is a business application that needs connectivity. It could be an external-facing application such as an e-commerce application or it could be an internal application. At the end of the day, it’s all about the applications that enable the business.

A really interesting statistic that highlights the importance of business applications from a slightly different perspective comes from a Palo Alto Networks’ infographic highlighting key findings from their Feb 2013 Application Usage and Threat Report. The report findings show that 95% of all exploited logs were found in just 10 applications, 9 of which were business applications! So business applications not only drive the business, but they also are key targets for the bad guys.

If you look at an application and all of the inter-connectivity needed for it to actually run (across different databases, servers, etc.), it is quite complex. What if we start with the business need and accurately translate that into technical requirements (e.g. firewall rules) that do not create unnecessary risk? With this approach the security team can end up saying “Yes” much more quickly and more often instead of “No”, which is an important point to consider as security tries to move higher up the chain of command. Competitiveness in today’s business environment demands that information security teams are able to move more quickly to address dynamic business concerns. And by linking business requirements with security rules, the potential opportunity is to improve security AND be much more agile all at the same time!

You can listen to the entire conversation on The Cyber Jungle either by streaming it or downloading it. Enjoy!

Subscribe to Blog

Receive notifications of new posts by email.