While reading through our OSINT sources today we noted that a report from NSS Labs pretty much outlined what we already know about firewall technology. Of the tested firewalls in the report, none of them stopped all variations of threats during testing. This should be a stark warning to those companies that rely solely on firewalls to protect the enterprise.
Lack of resilience - Quote from the article
NSS Labs added a new test in 2018 for resiliency against modified exploits and, according to the report, none of the devices exhibited resilience against all attack variants.
"The most surprising thing that we saw in this test was that ... our research and our testing showed that a fair number of firewalls did not demonstrate resilience against changes in attacks that are already known," Brvenik said.
Enterprises deploy next-gen firewalls to protect their networks from the internet, he added, and as part of that they expect that employees who browse the internet should not have to worry about new threats. Technology innovation related to cloud integration and real-time updates is promising, but key enterprise problems remain unsolved such as the ability to defend against attacks delivered in JavaScript.
These types of reports highlight that Jigsaw Security is on the right patch with our service marked Jigsaw Threat Mitigation Model (sm). The model provides protection that includes non cyber based attack vectors. If we realize that not all attacks are cyber focused, we can do more to stop threats using other technologies such as port resets (disruption), RPZ (disruption) and through RFC compliance checks on packet data.
The Jigsaw Threat Mitigation Model utilizes many security devices to include firewalls, network sensors (FirstWatch) that can perform traffic flow resets and DNS manipulation. Heuristic detection of unknown threats is the key in detecting threats that vendors have not previously seen before. While firewalls are great they require rules and must be configured properly to stop threats, whereas our sensors look for patterns in network traffic that indicate threats that are unknown to security vendors, have changed since the threat actor started a campaign or when IOC's have been modified to defeat blocks implemented by network administrators.
In this day and age we all know we need more than firewalls to protect our data so it's no surprise that NSS Labs would have the same finding that caused us to create our FirstWatch platform in the first place.
Kathleen Richards 19 July 2018