In this second installment, begun with ”The Evolution of the Firewall,” we will take a look at the direction security is headed. From its humble beginnings, the firewall has evolved through several stages of development. Its latest incarnation, built on the legacy of its first two generations, implements the strategic pillars of Segmentation, Access Control, and Real-time analytics/action to realize intent-based network security.
With the advantage of looking backwards in time, it’s now clear that we have seen two major generations of Firewalls, and that we’re about to embark on a major evolutionary leap toward a third.
The evolution of the firewall can be divided into three distinct generations.
To leverage the power and protection offered by this next evolution of the firewall, specialized security devices will need to be woven together into an integrated unit, often called a Security Fabric, that spans across today’s borderless network environment. This requires deploying security mitigations where needed, regardless of the ecosystem being used, and then binding individual mitigations together to enable centrally-defined security intentions.
Once integrated, these security solutions can compare and correlate threat intelligence to not only see new threats, but also begin to anticipate the intent of the network security manager, as well as that of threats, allowing these fabric-integrated solutions to shorten the time to detection and response. Intent-based security also enables organizations to automatically pre-empt threats by automatically translating business events into infrastructure policies. For example, the act of adding a mobile phone to an application results in actions such as assigning policies, assigning ports and connections, and extending privileges. When tied to the integrated security framework, the fabric can simultaneously apply appropriate protections across the distributed to initiate such things as monitoring and inspection, policy assignment and enforcement, and orchestration and threat response.
With the Firewall evolving from being a simple gatekeeper to delivering the most sophisticated and critical set of tools, it has become, from a security perspective, the fundamental component around which a CISO needs to build his/her security architecture. Its secure and efficient operation is the equivalent to being trusted with the keys to the kingdom.
Because this third generation of the firewall is brand new, we can’t see what it all looks like yet. But it is poised to dominate our digital security strategy, and we already know what its strengths and purpose are: To take on the cybersecurity problems of speed and scale you must employ solutions that leverage the power of automation and integration. The first few steps to realize this are.
All of these functions are now in development. They will not only allow us to shorten response times, but actually anticipate risks and get ahead of threats by seeing precursors that enable us to be more efficient, more intuitive, and more automated. Soon, AI will be able to combine policy with experience to make fully autonomous security decisions.
There are a number of paths down which security will continue to evolve. While hoping to survive a cataclysmic event is highly-risky, it’s far more prudent to future-proof your environment now as much as possible, and build-in opportunities for inspiration and agility. The smartest thing you can do now is to integrate defenses, over a fabric-based security framework, and to be postured to adopt inspired and game-changing new evolutionary techniques. It’s said that those who do not learn from history are doomed to repeat it.; the same is true for cybersecurity: it’s been proven that point solutions that aspire to stand alone are inadequate for tomorrow’s threats and borderless networks.
The firewall has remained the enduring foundational technology and strategy to secure today’s digital economy, critical infrastructures, and even government classified systems. However, as networks, and our use of them, change, so will firewalls.
The next major revolution will be to enlist firewall protection and services, including advanced analytics, throughout the network infrastructure, and integrate them all together through an open and scalable security fabric. This will allow security strategy, and solutions, to grow, scale, and adapt dynamically and economically to meet today’s problems of speed and scale, while becoming the foundation for intent-based security.
The hallmarks of organisms, ideas, and technologies that have managed to survive are: endurance, agility, inspiration, and a willingness to evolve. Future-proofing network security that can be delivered at speed and scale requires adaptive, integrated, and automated security delivered as a security fabric. The third generation is arriving. Don’t be a forgotten species left behind in the dust of evolution.
This originally appeared on CSO.com.