Yet each year, more and more cyberattacks hit, causing untold disruption and costing billions of dollars in downtime, lost data and ransomware payments.
And as the business world moves towards ever more complex, distributed and cloud-based systems, traditional firewalls are starting to look like legacy tech. Do simple, packet-filtering firewalls still serve a purpose? Can next-generation firewalls manage today’s threats? Here, we’ll explore what the future holds for this totemic cybersecurity tool.
Firewalls are your first line of defence
As firewalls become more sophisticated, it’s useful to look at why they were created in the first place. A firewall is a security service that acts as a gatekeeper, using a rule set to inspect traffic into and out of a network, letting data that meets its criteria through and blocking data that does not. The first firewalls were developed in the late 1980s, and became widespread commercially in the 1990s. And they were designed for their time: back when a single corporate network had a single perimeter where it connected to the internet. By guarding your front door, the firewall – in theory – kept the bad guys outside, and your data safe.
Firewalls evolved as threats developed
Firewalls have become more advanced over the years, and perform an important role in the logging and auditing of events, as well as acting as a first line of defence. Key types, in rough order of sophistication, include:
Packet-filtering firewalls: the oldest, most basic firewalls inspect and filter data packets based on a simple set of criteria, including the packet’s type and IP address. They’re fast and efficient, but because they examine each packet in isolation, they lack the wider context to combat many attack types.
Circuit-level gateways: these related tools monitor the Transmission Control Protocol (TCP) connections in network sessions.
Stateful firewalls: also known as dynamic packet-filtering firewalls, these solutions monitor packets by assessing their state and how they relate to other packets and connections. Stateful firewalls can combat spoofing and protocol vulnerability attacks more effectively than basic packet filtering.
Application-level gateway: these firewalls offer application-level filtering and can examine code to identify malware. These gateways are most effective when they operate via a proxy server, meaning traffic is routed through an intermediary.
Even multi-layered firewalls have vulnerabilities
Since each type of filtering has strengths and weaknesses, today’s firewalls often integrate multiple firewalls with additional tools such as an Intrusion Prevention System (IPS), which watches internal traffic and servers for evidence of attack, or Deep Packet Inspection (DPI), which analyses data packets in detail.
By combining these and other solutions, next-generation firewalls can block attacks such as malware and Distributed Denial of Service (DDoS). But even advanced firewalls have flaws:
human threats, whether malicious or inadvertent, can bypass the most sophisticated defences
your tools are only of use in detecting the most serious attack types if they communicate effectively with each other
poor patching or set-up can leave gaps in your defences
today’s networks are more complicated than ever, leaving traditional tools struggling to keep up
This final point is arguably the most important of all. The popularity of remote and hybrid work, increased use of cloud services and the rise of server-to-server traffic across complicated network structures means the idea of a “gatekeeper” feels increasingly redundant.
The future of the firewall
So is the firewall finished? Not exactly. It’s more accurate to say that the firewall – like every other cybersecurity device – is changing. On top of the shifts already seen in next-gen firewalls, current trends include:
the move towards more active firewall systems that can communicate with components such as vulnerability scanners, IPS and Virtual Private Networks (VPNs), and dynamically respond to sophisticated attacks
this trend also sees firewall incorporated into holistic Security Information and Event Management (SIEM) solutions
the shift towards software-defined perimeters (SDP) and zero-trust frameworks relies on credentials and behaviour being constantly analysed, and firewalls have a key role here as enforcement points within a network (rather than their old role as gateways to that network)
the rise of Firewall-as-a-Service (FWaaS), next-gen firewalls that live in the cloud, allowing them to inspect traffic for remote workers and servers, while taking advantage of classic cloud-service benefits such as ready scalability and flexibility
Why the firewall has a future
The firewall is no longer a one-stop solution to cybersecurity. What we mean by a firewall has changed too: a term that once described simple packet-filtering tools is now often applied to any solution that filters traffic for security, including complex, integrated solutions.
But while firewalls today are no longer the star of the show, that’s because most experts now suggest that the best approach to cybersecurity is a multi-layered strategy that relies on a suite of complementary tools, plus targeted awareness training. Firewalls still play a crucial role in filtering out threats, auditing incidents and facilitating cloud services and zero-trust frameworks across the world’s biggest organisations. The threats may be changing, but firewalls are here to stay.