2. How Do Stateful Packet-Filtering Firewalls Protect Data Centers?
An on-premises data center needs protection from daily hack attempts. But security features such as intrusion prevention or anti-malware have a performance and budget cost out of proportion to the benefits. Financial institutions should focus on high-performance hardware that won’t need babysitting or upgrades as traffic volume grows. Buy for that 10 gigabit-per-second connection you know is coming down the pipe. The firewall you select may have UTM features (few are sold now that don’t), but you should buy and configure for raw throughput. If you have major workloads still running on-premises, look for firewalls with high-end integrated load-balancer capabilities.
3. How Can Fine-Grained Microsegmentation Protect Users?
One of the hardest parts of zero-trust security is microsegmentation: dividing data centers (on-premises or in the cloud) into tiny segments, with firewalls protecting what goes in and out. The best firewall here is a simple packet filter. From a configuration management point of view, microsegmentation requires application and system owners to have a sophisticated knowledge of their network traffic flows, which can be a challenge in Microsoft Windows environments. At the same time, these traffic flows must be translated into manageable security policies and firewall rules. This means the simpler the firewall, the better. Now is the time to balance manageability and performance with the bells and whistles that firewall vendors have been adding, and look for something that works for your system.
READ: CDW's latest cybersecurity report reveals how IT leaders are managing the threat landscape.
4. What’s the Best Approach to Cloud Protection?
Cloud vendors are playing catch-up with firewall technology. That means you need to be flexible and ready to shift your strategy as cloud vendors shift theirs. Some IT managers will place their own firewalls in cloud data centers to simplify management and make cloud security a known quantity, and that’s a perfectly valid approach. But others will want to use the cloud-native firewall tools built into the Infrastructure as a Service offering, which guarantees performance, scalability and integration with other cloud management tools. There’s no best practice defined here yet, so keep an open mind and be agile in your cloud security architecture.
5. Why Is It Critical to Invest In Centralized Management?
If you can manage all of your firewalls from a single pane of glass, you’re less likely to make career-limiting errors or have inconsistent views of what is and isn’t allowed. There’s no more important piece of the firewall puzzle than good, comprehensive centralized management.
