Are firewalls obsolete in a Zero Trust network?

Many in cybersecurity agree that perimeter security is slowly being phased out since it isn't well-equipped to deal with today's threat landscape. With identity being defined as the new perimeter that needs to be protected, we wonder what happens to the legacy solutions that have long defended the network, albeit in a traditional way. The philosophy of Zero Trust is quickly catching on. Although the concept was defined a decade ago, organizations have taken a while to consider serious adoption of the Zero Trust principles. The growth and advancements in the Zero Trust sphere allow vendors who help organizations adopt Zero Trust to confidently claim that firewalls for perimeter security are a thing of the past. Some Zero Trust vendors also state that firewalls don’t have a place in a redefined network, a network no longer defined by perimeters and where perimeter security is no longer sufficient.

Here are some claims from popular Zero Trust vendors:

"Unfortunately, firewalls and VPNs weren’t designed for Zero Trust and put your organization at risk. Let’s dive deeper into the risks that perimeter firewalls can pose to your business."

"The IT world would be a much safer place if companies dumped their firewalls and took aZero-Trust security approach to protect the data and applications their employees access regularly."

"When a Zero Trust system handles all of the security functions, you can eliminate stacks of redundant firewalls, web gateways, and other virtual and hardware security devices"

Oddly enough, Forrester detected a 26% year-over-year increase in firewall-associated revenue. So if firewalls really are being phased out, why is the firewall market seeing growing revenues? The reasoning behind this is explored in this Forrester blog post. But this is not the point of this blog. The fact that firewall vendors are far from becoming obsolete did however make us question if the claims made by Zero Trust vendors are true. Are firewalls not welcome within a Zero Trust network?

The answer....

We're no big fan of the cliffhanger, so we'll get to the answer. We believe that firewalls can still exist within a Zero Trust architecture. This is because firewall vendors, like other legacy solution vendors, are transitioning to adapt to modern security architectures to stay relevant and capitalize on market share.

This transition for firewalls is seen through the introduction of next-gen firewalls (NGFWs) that are cloud hosted. The NGFWs' capabilities are no longer bound by perimeter. They're instead placed as access checkpoints that segment the network allowing only verified access to the resources behind them. And voila! That's your company network "microsegmented"–a key tenet of the Zero Trust philosophy. These NGFWs are now segmentation gateways that go beyond traditional firewall capabilities.

• Admins can create firewall rules that restrict traffic between network segments based on users’ and the organizations' needs.
• NGFWs can be configured to look at all inbound and outbound traffic for signs of suspicious behavior, and to check that behavior against block lists and domain name system rules.
• SOC teams can use NGFWs to gain insight into data access. From there, they can increase their chances of spotting intrusive attempts before it snowballs into a major attack.

If you consider all this, you'll realize firewalls aren't misfits in the Zero Trust network, but can actually be influential in the way threats are detected and handled. Push the logs from these firewalls into a SIEM solution like ManageEngine Log360 that has integrated DLP and CASB capabilities, and you'll have deep visibility into your network segments. You can then correlate this with other events on the network to detect a potential attack pattern.

When it comes to both traditional firewalls and NGFWs, an effective SIEM provides you with these capabilities

• Logon auditing: The solution provides insights into successful and failed user logons in the form of analytical reports. These reports include information on the source of a logon event, time of occurrence, and more.
• Configuration change auditing: Analyzes firewall log data and provides insights into configuration changes and configuration errors. The tool provides details such as who made the configuration change, when it was made, and from where. This information helps with effective auditing, and complying with regulatory requirements such as PCI DSS, HIPAA, and FISMA, which mandate that organizations audit firewall configuration changes.
• User account change auditing: These reports provide insights into the addition and deletion of users along with user privilege level changes, which provides visibility into user account activities.
• Firewall traffic monitoring: Provides traffic information from allowed and denied connections. The detailed information provided by these reports is categorized, and the traffic data is visually represented based on sources, destinations, protocols, and ports along with timestamps, enabling security admins to track network traffic.

Firewalls in their evolved state can find a place in both Zero Trust and legacy perimeter security ecosystems and can be a vital component that secures organizations against an advanced threatscape.