Firewall: The future of network security?

Network security. Until recently, the workhorse of this world was still the good old “on premise” firewall. The network segments were wired together and the individual, defined firewall rules were enforced and monitored. In the meantime, a lot has changed around the firewall. Most applications have moved to the public cloud and many users have left the office building to work from home. Hybrid working is suddenly calling the entire WAN concept of companies into question. What does all this mean for network security in companies? And what is the future of the firewall?

The evolution of network security

1st generation of the firewall

Corporate networks have gone through several generational changes, each requiring a slightly different approach. The first major generation was what we call the “lock and moat world”. A private corporate WAN that was usually built on the basis of MPLS VPN and only included a separate dedicated path to the public Internet. The firewall was always set up “on premise”. Everything in the private WAN was considered trustworthy and everything on the Internet was considered “dangerous traffic” and untrustworthy. The link between the two worlds was the network firewall, which enabled part of the communication between the private WAN and the Internet so that employees could surf the Internet and private users could access private applications via a VPN.

2nd generation of the firewall

In the second generation, many applications were moved to the public cloud and companies’ firewalls became more and more “mixed mode”. Network administrators had to adapt quickly by bringing virtual versions of their firewalls into the public cloud and extending their WANs. However, the principle of the firewall remained essentially the same. From an IT staff perspective, the end result was that more devices had to be managed – the old “on premise firewalls” plus the virtual firewall applications in the cloud – which massively increased complexity and operating costs.

3rd generation of the firewall

In the second generation, many applications were moved to the public cloud and companies’ firewalls became more and more “mixed mode”. Network administrators had to adapt quickly by bringing virtual versions of their firewalls into the public cloud and extending their WANs. However, the principle of the firewall remained essentially the same. From an IT staff perspective, the bottom line was that there were now more devices to manage – the old The third generation is today’s world, where hybrid working and SaaS have become the new normal. All users and applications are on the Internet. Companies still have offices, retail stores, factories and distribution centers that they need to connect via WAN. However, the old WAN concepts are becoming less and less suitable for the new requirements. The “lock and key world” model no longer works, and network security requires a fundamentally different approach.n “on premise firewalls” and also the virtual firewall applications in the cloud – which massively increased complexity and operating costs.

Zero Trust Security: Benchmark on the Internet

Zero Trust

The next generation of corporate networks will inevitably be based on the Internet (SD-WAN). This requires a fundamentally different model of network security – a “zero trust” approach. Zero Trust simply means that all traffic on the network is untrusted by default and, depending on identity, location and device origin, is only granted access to certain resources for the duration of the task. Secure Access Service Edge (SASE) provides a solution for integrated network connectivity and zero trust security that is deployed on the same platform, allowing security services to be enabled on demand without fundamentally changing the organization’s network architecture. This security solution presents itself as an “as a service”, where a firewall is a function on a SASE platform, rather than a separate application to be plumbed and managed.

Conclusion on the future of the firewall

Today, almost everything in IT is provided as a service. Network and firewall applications are only now undergoing this change. With Firewall-as-a-Service, the focus is shifting from the management and scaling of firewall applications to the management of security policies. The firewall is no longer a separate element. It is now a function that is implemented everywhere in the network. You no longer have to worry about forwarding rule changes to individual applications. This effort is completely eliminated.

Forecast

This is a significant positive change in the world of network security that many organizations are beginning to take advantage of. In fact, in the Magic Quadrant for Firewalls, Gartner estimates that by 2025, as much as 30% of new deployments of firewalls for distributed branch offices will be Firewall-as-a-Service.

Practice

We know from practical experience that such a changeover often happens in conjunction with the conversion of the corporate WAN to SD-WAN. You can find our latest video series on the major topic of SD-WAN here with all the important information on this very “comprehensive” topic. You are also very welcome to contact us directly and receive an immediate solution that meets your requirements, including a quote from me.