Industry Trends

Executive Insights: Evolving Towards Intent-Based Security

By Phil Quade | July 26, 2017

In this second installment, begun with ”The Evolution of the Firewall,” we will take a look at the direction security is headed. From its humble beginnings, the firewall has evolved through several stages of development. Its latest incarnation, built on the legacy of its first two generations, implements the strategic pillars of Segmentation, Access Control, and Real-time analytics/action to realize intent-based network security.

The Three Generations of the Firewall

With the advantage of looking backwards in time, it’s now clear that we have seen two major generations of Firewalls, and that we’re about to embark on a major evolutionary leap toward a third. 

The evolution of the firewall can be divided into three distinct generations.

  1. The first generation was connection-oriented. These firewalls served as gateway sentinels designed to primarily defend against unstructured and non-targeted attacks
  2. The second generation of firewalls was content-oriented. These more sophisticated tools were required to defend against single-stage, targeted attacks. They added additional security functionality, and began to be placed in specialized places in the network.
  3. Today, we are at the precipice of an important evolutionary leap. This third generation of the firewall is intent-oriented. These firewalls need to look at a variety of indicators to determine the intent of an attacker, and then leverage appropriate security and countermeasures deployed across the infrastructure to counter that malicious intent. This new generation of firewall will address increasingly sophisticated, multi-stage attacks, blended attacks, and even outright sabotage.

To leverage the power and protection offered by this next evolution of the firewall, specialized security devices will need to be woven together into an integrated unit, often called a Security Fabric, that spans across today’s borderless network environment. This requires deploying security mitigations where needed, regardless of the ecosystem being used, and then binding individual mitigations together to enable centrally-defined security intentions.

Once integrated, these security solutions can compare and correlate threat intelligence to not only see new threats, but also begin to anticipate the intent of the network security manager, as well as that of threats, allowing these fabric-integrated solutions to shorten the time to detection and response. Intent-based security also enables organizations to automatically pre-empt threats by automatically translating business events into infrastructure policies. For example, the act of adding a mobile phone to an application results in actions such as assigning policies, assigning ports and connections, and extending privileges. When tied to the integrated security framework, the fabric can simultaneously apply appropriate protections across the distributed to initiate such things as monitoring and inspection, policy assignment and enforcement, and orchestration and threat response.

With the Firewall evolving from being a simple gatekeeper to delivering the most sophisticated and critical set of tools, it has become, from a security perspective, the fundamental component around which a CISO needs to build his/her security architecture. Its secure and efficient operation is the equivalent to being trusted with the keys to the kingdom. 

The Evolution to Intent-Based Firewalls

Because this third generation of the firewall is brand new, we can’t see what it all looks like yet. But it is poised to dominate our digital security strategy, and we already know what its strengths and purpose are:  To take on the cybersecurity problems of speed and scale you must employ solutions that leverage the power of automation and integration. The first few steps to realize this are.

  1. Deploy a security integration fabric: Having a connected fabric allows all of your security and network components to work together as a team, so that devices and behaviors can be monitored, tracked, and correlated. This will not only expand visibility and centralize control, but also enable strategic segmentation in order to drive security deep into the network infrastructure to quickly identify, isolate, and remediate compromised devices and thwart attacks, even across different network ecosystems, from endpoint devices and local network resources to the cloud.
  2. Employ correlating analytics: Data collected by the integrated fabric enables greater leveraging of behavior-based analytics, which are essential to detecting zero day attacks. It also enables the orchestration of other analytics so that they can be seamlessly brought into your network and security fabric.
  3. Highly leverage correlation data, machine learning, and risk scoring: The adoption of these techniques will free up critical human resources by allowing machines to do what they do well, and enable machines to better serve them. It will also not only take over more mundane-but-essential security tasks such as monitoring, coordination, and applying policies, but will find stealthy and quiet (“low and slow” attacks), malicious activity, as well as high-speed, sophisticated intrusions (“smash and grab”) that do their dirty work at a pace faster than human response can detect and thwart them. As machine learning begins to include sophisticated pattern and behavior recognition to anticipate behaviors and requirements, firewalls will be also able to automatically identify and combat complex threats through event correlation and coordinated, cross-device threat response at digital speeds.

All of these functions are now in development. They will not only allow us to shorten response times, but actually anticipate risks and get ahead of threats by seeing precursors that enable us to be more efficient, more intuitive, and more automated. Soon, AI will be able to combine policy with experience to make fully autonomous security decisions.

There are a number of paths down which security will continue to evolve. While hoping to survive a cataclysmic event is highly-risky, it’s far more prudent to future-proof your environment now as much as possible, and build-in opportunities for inspiration and agility. The smartest thing you can do now is to integrate defenses, over a fabric-based security framework, and to be postured to adopt inspired and game-changing new evolutionary techniques. It’s said that those who do not learn from history are doomed to repeat it.; the same is true for cybersecurity: it’s been proven that point solutions that aspire to stand alone are inadequate for tomorrow’s threats and borderless networks.


The firewall has remained the enduring foundational technology and strategy to secure today’s digital economy, critical infrastructures, and even government classified systems. However, as networks, and our use of them, change, so will firewalls.

The next major revolution will be to enlist firewall protection and services, including advanced analytics, throughout the network infrastructure, and integrate them all together through an open and scalable security fabric. This will allow security strategy, and solutions, to grow, scale, and adapt dynamically and economically to meet today’s problems of speed and scale, while becoming the foundation for intent-based security.

The hallmarks of organisms, ideas, and technologies that have managed to survive are: endurance, agility, inspiration, and a willingness to evolve. Future-proofing network security that can be delivered at speed and scale requires adaptive, integrated, and automated security delivered as a security fabric. The third generation is arriving. Don’t be a forgotten species left behind in the dust of evolution. 

This originally appeared on