Firewalls are all basically the same... right?

The term “firewall”, is often misunderstood. It is used widely to describe any solution that sits between your network and the outside world. If you take it at face value, a firewall should act as a protective shield at the gateway to your network – one that will prevent potentially harmful material from getting onto your systems and causing problems.

But while that sounds good, solutions that are sold as firewalls are not always that effective at keeping cyberattacks out. Many have quite basic functionality. They will block certain types of traffic and deny access to packets of data that are identified as being suspect or containing malicious content. Other traffic will be allowed to pass through.

With these basic firewalls. the user is often left to set-up the rules for blocking, allowing, or denying traffic types themselves – and without having specialist security knowledge, it’s easy to get that wrong. You may end up blocking out lots of material that’s perfectly safe – messages that you really would want to get through. Or setting the bar too low and allowing potentially harmful material to get onto your network.

But the real problem with simple firewalls is that they don’t really do anything else except block, deny or allow traffic. Cybercriminals found ways around this kind of basic protection a long time ago. Mostly by simply disguising their malware as something else. These days, the simplistic “block, allow, and drop” approach is not much of a defence against cyberattacks.

For really good protection, you really need some kind of unified threat management (UTM). This will provide much more intelligent monitoring of traffic flowing across the entry point to your network. It will look at many different aspects of the incoming data. Not only what it appears to be, but also exactly where it has come from, whether it is of an unusual size or make-up, and other factors that make it stand out.

With UTM, the rules governing what’s allowed and denied will be set by the security services provider. They will have a team of experts who are constantly receiving information about new threats and updating the software to ensure the UTM system protects you against them. This is an important distinction between a firewall and UTM solution.

One of the problems here is that when IT people talk about security, they tend to use terms like “firewall” and “UTM” quite loosely – almost as if they are interchangeable. It’s important to understand that they are quite different and that, if you want to get the best protection, you need a proper unified threat management solution.