Lack of User Behavior and Static Policies Limit Next Gen Firewall Threat Prevention
I recently was speaking with one of our customers and he said to me: “changing a rule on a Next Generation firewall takes ‘an act of God.'” I wasn’t really surprised at this comment as the procedures that have been instituted inside enterprises, prevent easy changes to
firewall policies. Today, organizations are deploying Next Gen firewalls on the internal network to control access and prevent breaches. The solution, is at best, limited. These firewalls cannot detect breaches or stop insider threats.
In a recent article I wrote for InfoSec Island, I talk about the challenges of today’s firewall solutions. At a high level, there are three main reasons:
- Policies are static and cannot adapt to dynamic threats
- Inability to learn and characterize User Behavior
- Lack of granularity in the ability to respond to a threat or compromise
When it comes to protecting the inside of the enterprise, organizations need to revisit their strategies to find ways to overcome these limitations. Look for ways to better leverage user and entity behavior analysis (UBA or UEBA), provide more adaptive policies and implement automated response mechanisms to improve workflow and preent threats.
Posted by Roman Blachman on June 21, 2016 9:00 AM