Let’s Talk about the Bank’s Firewall. With the evolution of network security technology, there are more sophisticated firewalls available called next generation firewalls (NGFW). An NGFW is a network security device that provides more security than the traditional firewall appliance. The NGFW results from the increase over the years in cyber threats that have become more sophisticated in finding ways to breach traditional firewalls and ultimately gain access to company networks.
So, What Does a Traditional Firewall Do?
It allows or blocks traffic based on state, port, and protocol and filters traffic based on administrator-defined rules. The traditional device mainly controls the flow of traffic based on the rules that were set or configured. Depending on the type of protocol being run, these devices would accomplish the objective using a “stateless” or “stateful” method. A stateless method for traffic monitoring only focuses on individual packets, using preset rules to filter traffic. A stateful method for traffic monitoring will oversee and detect states of all traffic on a network to track and defend based on traffic patterns and flows. With traditional firewalls, the more effective version of the two types would be the stateful firewall. However, a traditional firewall still does not go as far as a next generation firewall in helping a bank with cyber threats. Here are some things to consider with cyber threats for 2021:
- Due to COVID-19, cyber threats are on the rise, according to PurpleSec.
- Remote work increased, which resulted in more security vulnerabilities, according to IBM.
- According to CPO Magazine, more than a half-million Zoom user accounts were compromised and sold on the dark web.
Statistics Regarding Data Breaches. While assessing the needs of the NGFW appliance, the Bank should consider the following statistics on data breaches:
- Based on the ID threat resource center, there are over 11,000 recorded breaches since 2005.
- In 2020, the average time to identify a breach was 207 days, according to IBM.
- Around 43% of cyberattacks target small businesses, according to Cyberint.
- The global average cost of a data breach, according to IBM, is $3.86 million.
Now Let’s Talk about the Next Generation Firewalls
A next generation firewall does the same as a traditional firewall and so much more. NGFWs are the third-generation and current standard for firewall technology. An NGFW combines traditional firewall capabilities with outer network device filtering functions to help detect and prevent cyber threats. A next generation firewall is a more unified threat management system for a bank’s network. The NGFW impacts three areas significantly: 1) consolidation of technology components; 2) deeper visibility and traffic controls; and 3) unified management.
When considering an NGFW appliance, the following standard and advanced features are available:
- Application and identity awareness within the NGFW appliance can identify, allow, block, and limit applications, regardless of port or protocol.
- Centralized Management, visibility, and auditing – Most NGFW appliances provide log analysis, policy management, and a management dashboard that provide ways to track security health, traffic patterns, and export rules.
- Stateful Inspection – Also known as dynamic packet filtering, traditional firewalls used stateful up to layer four, and NGFW appliances are built to track layers two through seven. This allows the NGFW to evaluate further between safe and unsafe packets.
- Deep Packet Inspection (DPI) – The DPI process goes a step further than the stateful inspection. DPI can locate, categorize, block, or reroute packets with problematic code or data not detected in a stateful inspection.
- Integrated Intrusion Prevention (IPS) – The IPS portion will inspect, alert, and even actively remove malware and intruders from the network.
- Network Sandboxing – A method of advanced malware protection that allows the appliance to send a potentially malicious program to a secure and isolated environment so it can be tested before entering the network.
- HTTPS, SSL/TLS, and encrypted traffic – This feature allows the appliance to encrypt/decrypt communication over the internet.
- Threat Intelligence and Dynamic Listing – NGFW appliances make threat hunting more automated.
- Integration Capacity – Integrating third-party products with the NGFW appliance allows for easy integration and less stress navigating between software.
In prior years, banks would have to have different solutions to achieve some of these objectives.
A Next Generation Firewall includes the Following Benefits:
- Breach prevention and advanced security
- Comprehensive network visibility
- Flexible management and deployment options
- Time detection capabilities
- Automation and product integration
Assessing the Risk
As the bank evaluates and considers the firewall appliance in place, whether a traditional or next generation appliance is used, consider setting the risks associated with the current firewall(s). Consider the cyber threats that could impact the bank along with the mitigating controls in place. Ensure that the assessment is documented within your risk assessment and cyber risk assessment, if applicable.
As the bank reviews the firewall solution in place, keep in mind the vendor may have both traditional and next generation firewall solutions available for purchase, so the bank may have to evaluate the model type to determine if it is a traditional or next generation firewall. Also, the types of service appliances provided should be an indicator.
The bank should also evaluate the end of hardware and software dates associated with the firewall in place. While reviewing the future of software dates, consider the fate of software vulnerability dates in addition to the end of support dates.
In January 2021, the following firewalls were eSecurity Planet’s selections for the top next generation firewalls:
- CrowdStrike
- Palo Alto
- Check Point
- Fortinet
- Forcepoint
- Cisco
- WatchGuard
Conclusion
With the increasing cyber events and sophistication of those events and attacks, it is critical for organizations, including banks, to understand the difference between the traditional and next generation firewall appliances. The initial step is to consider reviewing the firewall solution in place and understanding what it is doing and, more importantly, what it is not doing. Assess the risk associated with the appliance. In addition, evaluate other solutions/services that the bank is utilizing (i.e., intrusion prevention solution, etc.) that a next generation firewall could achieve.
Trista Cline is a Manager of Arnett Carbis Toothman LLP, Certified Public Accountants, in the Charleston, West Virginia office. Ms. Cline has over 12 years of experience in information technology audit and security services in the financial institutions’ industry. Additionally, Ms. Cline has extensive experience in database analysis and the use of database analysis tools.
Ms. Cline can be contacted at 800-642-3601 or trista.cline@actcpas.com.