But given the number of breaches that now regularly occur, it’s apparent to everyone that firewalls are often circumvented. There’s a clear need to augment firewalls with network-level protection. Yet most organizations simply don’t have the budget, staff, or expertise to run traditional network detection and response products.
This conundrum is causing CIOs and their colleagues charged with proactively defending their organizations to ask, “How can we overcome firewall limitations? Is there a way to better use our firewalls and the data they capture to help us detect and remediate attacks?”
Powerful but limited
A firewall applies a set of rules to enforce security policies that prevent unauthorized access between disparate networks. As critical as that capability is, a firewall cannot stop, for example, a phishing attack that tricks an end user into downloading malware that, over days and weeks, moves laterally across multiple systems. Nor does it do anything to detect deliberate malicious activity that is being perpetrated by someone who has gained access to credentials enabling them to remotely log into a system. In fact, a firewall is only as effective as the rules they are configured to enforce. As it turns out, many of the rules typically applied over the years have exceptions that enable access through specific ports. A firewall can not stop an attack that never passed through them. It can only detect malicious behavior that is already known.
At a time when employees routinely work from home, the network perimeter no longer exists. Endpoints such as laptops can be attached to any number of insecure consumer-grade networks to access a wide range of Web sites and applications before they reconnect to a corporate network. Each time they reconnect, new families of malware for which there is no rule in a firewall may start moving laterally into any number of production environments.
The NDaaS Turbo-Booster
While organizations have made massive investments in firewalls, 95% of IT pros regard their deployed firewalls as critical infrastructure, even with their limitations. That is because firewalls provide multiple types of security ranging from packet inspection to intrusion detection that are critical to help protect an organization. Ripping and replacing firewalls simply isn’t practical.
To protect networks, firewalls must be turbocharged to do more, and that is where NDaaS and firewalls come together to provide an exponentially more powerful solution.
The Cyglass NDaas platform is designed to augment firewalls using a software-as-a-service (SaaS) platform that is readily accessible to any size organization. NDaaS turbocharges a firewall into a full enterprise class NDR solution, while remaining affordable and easy to deploy. NDaaS reduces massive volumes of network traffic—collected not just from firewalls but from cloud applications and other sources as well—into a set of prioritized smart alerts that make it simple to investigate the root cause of risks and threats and take immediate action to remediate them. No appliance or on-premises installation is required. The platform simply collects data from firewalls and employs machine learning algorithms to identify anomalous behavior. The myriad cybersecurity benefits made possible by a network- and cloud-focused SaaS infused with machine learning algorithms are too compelling to ignore.
Tapping the Firewall
CyGlass NDaaS connects to most firewalls in under 20 minutes and starts at just $4.99 per user per month. Together with firewall-captured Netflow data, it can provide three major capabilities:
- Rich visibility to network devices, including unknown and rogue devices.
- Firewall policy and network risk reports, including traffic to risky/improper sites or locations, risky activity on unsecured ports, risky/improper endpoint NetBIOS traffic, and many more.
- 24X7 continuous cyber threat monitoring across networks, cloud, and VPNs, including coverage for reconnaissance, command and control, Man-in-the-Middle, Unauthorized web & DNS activities, masqueraders (tunneling), insider threats, lateral movement, and data staging and exfiltration.
For a small investment, NDaaS turbocharges the perimeter and network traffic control, IP address and port blocking capabilities of firewalls. This powerful integration can drive operational, threat, and compliance objectives and controls and deliver smart alerts and reporting. The combination also enables immediate remediation via integration with firewall policies and black lists. For these reasons, firewalls, turbocharged by NDaaS offering significantly increased network edge and internal network protection.