Network & Firewall Security for the Modern Enterprise

by: Dave Greenfield, CATO Networks (see the article here)
Cloud 9 Supplier Spotlight: CATO Networks

Network & Firewall Security for the Modern Enterprise
The Basics of Firewalls
So, what sort of firewall software and appliances exist to meet these demands? In addition to the software-based endpoint firewalls that can run on network endpoints, there are three main firewall appliance types enterprises can deploy.
- Packet-filtering firewalls:
Traditional firewalls that block traffic at the protocol, port, or IP address levels. - Stateful firewalls:
Like packet-filtering firewalls with the added benefit of analyzing end-to-end traffic flows. - Next-Generation Firewalls (NGFWs):
Offer all the functionality of stateful firewalls plus features such as deep-packet inspection (DPI), Intrusion Detection System/Intrusion Prevention System (IPS/IDS), anti-virus, and website filtering.
Given the sophistication of modern security threats, NGFW appliances are commonplace within modern WANs, and for good reason. They’re able to detect malicious behavior and provide protection legacy firewall security solutions can’t. However, there are still several pain points enterprises face with physical and virtual firewall appliances.
The Shortcomings of Firewall Appliances
- Limited scalability
NGFWs and UTMs have a limited amount of capacity to run engines for anti-malware, IPS, and secure web gateway (SWG). These resource constraints can lead to some functionality being sacrificed, create bottlenecks, or require additional appliances to be deployed. - Silos & disjointed security policies
- Multiple appliances and security solutions for cloud, mobile, and on-premises lead to communications silos between teams, limit visibility, and prevent the implementation of consistent security policies across the network.
- Complex and resource-intensive maintenance
Maintaining and patching a network of firewall appliances leads to a significant IT workload that doesn’t drive core business forward. Installations, configurations, upgrades, integrations, and patch management take time and divert resources from activities that could add business-specific value.
Integrating Firewall Security: Firewall as a Service and the Secure Access Service Edge
- Complete visibility
As all WAN traffic on the Cato Cloud traverses the cloud-native infrastructure, there are no blind spots and no need for backhauling. Multiple security engines and DPI are baked-in to the network. - Unrestricted scalability
The Cato Cloud provides the unrestricted scalability of a cloud service to the WAN. Not only does this eliminate capex and ensure security isn’t sacrificed due to limited capacity, it means deployments that may have otherwise taken days or weeks can occur in minutes or hours. - Enterprise-wide policy enforcement
A converged software stack and mobile clients ensure that all users benefit from the same level of security and policies span the entire network. - Simple maintenance and management
Because the entire security stack is integrated into a single solution, maintenance and management are a fraction of what they were with firewall appliances. This leads to reduced costs and more resources to dedicate to business-specific tasks that can positively impact the bottom line.