The rise of cloud, mobile and remote computing models has dramatically increased the traffic that must move between internal and external networks. That, in turn, has led organizations to add more firewalls in order to manage access. Businesses today may have dozens or even hundreds of individual firewalls — often from multiple vendors — with thousands of different firewall rules. This creates a complex environment with significant management challenges.
IT staff must implement and maintain a variety of security policies, rules and configurations for each device. According to one survey, IT teams often process up to 100 policy-change requests each week. With no unified interface for accessing and managing these firewalls, most companies must update them manually.
Unsurprisingly, this frequently results in misconfigurations, rule complexity and policy conflicts that open security gaps. Gartner analysts say 99 percent of firewall breaches are caused by configuration flaws.
The Cisco Approach
Cisco is addressing this issue with the latest updates to its Firepower Threat Defense (FTD) software and its Secure Firewall Management Center (FMC). Enhanced orchestration capabilities and unified management features reduce complexity and enhance visibility into the firewall environment to help IT staff rapidly detect malicious traffic and quickly create custom rules to mitigate attacks.
FTD is the firewall image running on firewall appliances themselves. It delivers next-generation firewall (NGFW) features such as intrusion prevention, advanced malware protection, application visibility and control (AVC) and URL filtering. FMC provides unified management of all FTD firewall appliances and multiple other security functions.
FMC collects extensive intelligence about users, applications, devices and threats, and uses this information to identify vulnerabilities. It then prioritizes security events to investigate and offers tailored recommendations regarding security policies. FMC also provides unified management of port and protocol control, application control, intrusion prevention, URL filtering and malware protection functions.
Consistent Policy Management
Centralized management represents one of the most compelling features in the latest versions of FMC. It allows you to manage hundreds of firewalls from a single interface, providing exceptional visibility into what is happening with each appliance.
What’s more, it enables the consistent application of rules and policies across the network. You can write a policy once and apply it consistently across any number of firewalls, as well as other integrated security functions such as application firewalls, next-generation intrusion prevention, and file and malware protection.
Increased automation in FMC also reduces management complexity and speeds response to threats. For example:
- Built-in forensics provide a detailed analysis of malware, along with a graphical representation of all the devices the attack has infected.
- New attacks are correlated and prioritized against known network vulnerabilities to alert you to attacks that carry the highest risk.
- FMC automatically recommends appropriate security policies when network vulnerabilities are identified, allowing you to adapt to changing conditions and implement security measures tailored specifically to your network.
- Automated alerts are generated when any endpoint devices or network resources show signs of compromise from unknown attacks.
- Suspicious files are automatically analyzed to identify known malware or sent to an integrated sandbox to investigate unknown malware.
In our next post, we’ll take a closer look at some of the other new FMC and FTD security features, including enhanced authentication and VPN management.
Misconfigurations, rule complexity and policy conflicts make firewall management a complex process. Call us to learn how to streamline management with the latest versions of Cisco’s Firepower Threat Defense software and Secure Firewall Management Center.