There is growing general acknowledgement that when it comes to cybersecurity most organizations should assume they’ve been compromised. Cybercriminals have become quite skilled at employing a variety of techniques to bypass cybersecurity defenses, usually in the form of a targeted spear phishing campaign that tracks an end user into downloading malware directly on to their system.
As true as that may be, however, is doesn’t necessarily follow that defense of perimeter doesn’t matter anymore. The definition of where the perimeter lies may be expanding. But firewalls deployed on the perimeter still play a critical role in blocking thousands of attacks daily that are being launched by ever increasingly sophisticate bots.
The truth of the matter is that most organizations are not doing enough in way of cybersecurity fundamentals, says John Kuhn, senior cyber threat researcher for IBM X-Force. That makes they easy prey for cybercriminals that have almost unlimited resources. In many of those cases, the only thing standing between those organizations and total chaos is the firewall.
“The perimeter still very much exists,” says Kuhn. “We would not recommend investing less in firewalls.”
In fact, there are no less than three scenarios where the role of the firewall has been expanded. The first is inside the data center where firewalls now play a critical role in helping to microsegment the network. That’s critical because in the event malware does make it pass one firewall there’s a better chance of preventing that malware from spreading laterally across the network.
The second use case where firewalls are expanding their mission is in the cloud. Beyond merely defending the perimeter of the cloud, it’s quickly becoming apparent that firewalls are providing higher levels of cybersecurity command and control across federated instances of clouds.
A third emerging use case for firewalls applies to Internet of Things (IoT) projects, where firewalls are being deployed at the edge of the network to protect gateways from the same types of attacks that are routinely launched against the data center.
Cybercriminals, of course, are getting more sophisticated with each passing day. They have automated the mechanisms they employ to the point where the cost of launching a cybersecurity attack is nearing zero.
Those same cybercriminals are also investing in machine learning algorithms and other forms of artificial intelligence (AI) to discover where vulnerabilities lie faster than ever. That means it’s only a matter of time before cybersecurity turns into an AI arms race. Cybersecurity professionals will soon find themselves relying more on those same machine learning algorithms to hopefully discover those vulnerabilities first. Algorithms, however, don’t just magically work. They first need to be exposed to massive amounts of data through which they learn about environment. The best place those algorithms are going to be exposed to that data is most often going to at the firewall.
Cybersecurity, of course, now requires relying on a mix of technologies to create the right level of defense in depth. The odds are good, however, that every one of those technologies is in some way or another going to be tied back to the firewall.