Security

Stateful Firewalls vs Stateless: What’s the Difference?

Here’s what you should think about when choosing your organization’s first line of defense.

Doug Bonderud is an award-winning writer capable of bridging the gap between complex and conversational across technology, innovation and the human condition.

Firewalls have historically formed the first line of cybersecurity, protecting both networks and users from potential attack vectors. This role has remained even as InfoSec tools and technology have evolved, as research firm Gartner says, “Network firewalls remain key network security controls, and they continue to evolve to cover expanded use cases.” Another recent study found that 94 percent of organizations still use firewalls and have no plans to change.

The challenge for businesses looking to boost cybersecurity with firewall frameworks, however, is that not all barriers are built the same. There are two main types that dominate the market: stateful firewalls and stateless firewalls. Both have their pros, cons and potential use cases in a security strategy.

State of the Cybersecurity Union

Attackers aren’t known to be complacent. They’re constantly looking for new gaps in cybersecurity that allow them to gain footholds in corporate network environments. Consider some of the most popular threat vectors: As noted by Security Boulevard, malicious actors continue to leverage malware infections, phishing attacks and denial of service efforts to compromise cybersecurity. According to Trend Micro, meanwhile, the unprecedented global state of pandemic pressures in 2020 has led to a significant uptick in business email compromise, malware and ransomware attacks related to COVID-19.

Firewalls offer a way to detect and deflect these threats before they reach corporate networks, providing IT professionals with both improved peace of mind and potentially actionable data to help reduce the risk of ongoing attacks.

What Is a Stateful Firewall?

Stateful firewalls are designed to monitor specific aspects — or states — of network traffic streams and communications channels. These tools use what’s known as stateful packet inspection (SPI) to make intelligent decisions about the potential risk of incoming traffic or resource requests, and can use past state evaluation experience to inform future decision-making and improve accuracy. They may also integrate additional services, such as data encryption or traffic tunnels, to help boost overall security.

Owing to their comprehensive traffic evaluation frameworks, stateful firewalls excel at detecting unauthorized access attempts and malicious messaging efforts. In addition, they offer substantive record-keeping and data analysis benefits to help reduce ongoing risk.

However, if stateful firewalls are not properly updated and maintained, they could be compromised by malicious actors and leveraged to create advanced persistent threats or used as the foundation for man-in-the-middle attacks.

Once SPI firewalls are up and running, it’s best to not turn them off. Without stateful packet inspection, traffic that arrives on corporate networks won’t be analyzed for potential threats. While it’s possible to turn them off briefly for a performance boost if traffic volumes rapidly increase, there’s no way to know what type of traffic made it onto corporate networks when SPI firewalls were offline.

WATCH: The remote work security priorities that matter most to IT teams.

What Is a Stateless Firewall?

Stateless firewalls, meanwhile, do not inspect traffic or traffic states directly. Instead, these solutions use predefined rule sets around destination addresses, origin sources and other key values to determine if data is sent through or stopped. Stateless firewalls predate their stateful counterparts and offer a more lightweight approach to network protection.

The biggest benefit of stateless firewalls is performance. Because they’re not required to dig into data details in the same way as their stateful counterparts, even heavy network traffic won’t slow stateless firewall evaluation speeds.

Because stateless firewalls don’t inspect entire packets but instead use preset rules to classify traffic as “trusted” or “untrusted,” sophisticated attack vectors capable of masquerading as legitimate traffic can often fool stateless frameworks into granting approval.

The complexity of stateless firewalls depends on the combination of any predefined rule sets and the existing skill of IT staff to create new, network-specific rules. For small-scale, straightforward security applications, prebuilt rules are typically sufficient, but complexity quickly ramps up if customization is a condition of success.

Stateful Firewall vs. Stateless Firewall: What’s Right for You?

So which firewall option is the best fit for your business? The answer depends on several factors, including:

Business size: Smaller businesses with relatively low traffic volumes and straightforward approve/deny expectations are often well served by stateless firewalls, while larger enterprises may want the increased security of stateful solutions.
Operational use case: If performance is the top priority, stateless systems can help companies keep operations on track. If deep analysis of packets and potential threats is more important, consider stateful options.
Available budget: While cloud-based offerings and open-source solutions are bringing the cost of these two firewall types closer to parity, stateful solutions are generally more expensive that their stateless counterparts.

What Are Next-Generation Firewalls?

Just as attackers never rest on their laurels, cybersecurity solutions are continually evolving. Firewalls are no exception: To combat the changing landscape of security threats, next generation firewalls have emerged to help expand the capabilities of traditional stateful and stateless solutions.

While NGFWs still offer familiar functions such as stateful inspection, these new systems also provide new capabilities such as intrusion protection, application control and threat intelligence integration to help deliver a more holistic approach to cybersecurity. In much the same way that stateful solutions improved on the functions of their stateless predecessors by including more in-depth traffic monitoring and management, NGFWs enhance frontline defense by delivering automated application control and intelligent threat assessment.

No matter the type — stateful, stateless or next generation — firewalls remain foundational, frontline components of effective and evolving cybersecurity at scale

MF3d/Getty