Tuesday, February 24, 2015

Enterprise Firewall Architecture – Points to ponder!

Enterprise Firewall Architecture – Points to ponder!

One of the challenges security professionals face today is an all-rounder firewall which can perform most of the tasks to prevent an attack at the same time have loads of features and also ease of use. The issue is some firewalls provide many features with high costs and some provide different set of features with mid-level costs and few provide best of both worlds.
The question I have been asked many times by my clients is “which one is the best”. It’s very similar to asking which car is the best or which top 5 cities is best to live. Through years of experience (both good and bad) I have come to the conclusion there is none. The reason being there is no king of all and defense in depth with multi-vendor firewalls should meet 95% of the requirements.
Today enterprises face numerous attacks with varying levels of complexity and multi layered attacks from both ingress. One way to choose the right firewall solution is to consider what you are trying to protect which directly tell us the features we need and the right platform.
1. Stateful inspection (I do not think this should be ever be mentioned as a feature anymore)
2. Scalability (Checkpoint, Cisco, Juniper)
3. Protocol Security (Checkpoint, F5)
4. DDoS Attack Prevention (Almost all major vendors)
5. Complete DLP (None)
6. SSL termination (Mainly F5 and few top ones)
7. Content Security (Checkpoint, F5)
8. IPS Integration (Palo Alto, Checkpoint , Cisco)
9. Performance (Checkpoint, Cisco, F5, Juniper, Palo Alto)
10. Management (Checkpoint I believe will be the winner)
11. Ease of Deployment (Checkpoint, Cisco, F5, Juniper, Palo Alto)
12. Time to release patches (Checkpoint, Cisco, F5, Fortinet)
13. Global Presence (Checkpoint, Cisco, F5, Juniper, Palo Alto)
14. Sales Channel (Checkpoint, Cisco, F5, Juniper, McAfee)
15. Global Intelligence (McAfee, Cisco)
16. Support (Checkpoint, Cisco, F5, Juniper, McAfee)
17. R&D (Cisco, Checkpoint, Fortinet, F5, McAfee)
18. UTM (Checkpoint, SonicWALL, Fortinet, Sophos)
19. Price (SonicWALL, Fortinet, Juniper, McAfee, Sophos)
20. 3rd Party Integration (Checkpoint)
Choosing an enterprise firewall is not an easy task so the architects should consider all these options and many more like throughput, clustering, virtualization, proprietary software and identity management as well. From the above list one of the major vendors might seem to be stand out from the rest but the cost and ongoing maintenance and non-uniform pricing is a killer.
Every enterprise is different and varies in their approach to security. An aggressive nature at the perimeter is crucial when it comes to protecting customer data as well as proprietary data. So my 2 cents is to have multi-vendor devices with defense in depth configuration and introduce DLP in every asset an enterprise holds data.

No comments:

YouTube Channel