☠️The Firewall Illusion: Why Businesses Still Get Burned by Cyber Attacks 🔥

☠️The Firewall Illusion: Why Businesses Still Get Burned by Cyber Attacks 🔥

Understand the Limitations of Firewalls in Preventing Cyber Attacks on Your Business

·

4 min read

In the world of cybersecurity, firewalls especially those from Silicon Valley are often marketed as the ultimate shield against cyber threats, ransomware, and extortion. However, the reality paints a different picture. Many enterprises that fall victim to cyber attacks rely heavily on these very products. This disconnect between expectation and reality warrants a closer examination of why businesses place undue faith in firewalls and why they end up getting burnt.

The Silver Bullet Myth

Firewall vendors often present their products as silver bullets, capable of stopping cyber threats in their tracks. Businesses are led to believe that by deploying these mysterious black boxes, they can safeguard their entire digital infrastructure. The allure of a one-size-fits-all solution is strong, especially when the marketing narrative is reinforced by technical jargon and assurances of comprehensive protection.

The Black Box Problem

Firewalls are often opaque in their operations. Unlike open-source solutions where code is transparent and can be scrutinized, commercial firewalls are proprietary. This lack of transparency means that potential flaws or even deliberate fabrications in their capabilities cannot be easily detected or called out. Businesses are left to trust the vendor's claims without any independent verification, making it difficult to assess the true effectiveness of the firewall.

Email and URL Blocking: A Flawed Promise

If firewalls were as effective as advertised, the first line of advice in cybersecurity would not be to avoid clicking on suspicious links in emails. In theory, a robust firewall should prevent malicious emails from reaching users and block access to harmful URLs. However, the persistence of phishing attacks and URL-based threats highlights the inadequacies of these products.

The South African Example: A Lack of Proactive Measures

A striking example of the over-reliance on firewalls can be seen in South Africa, where only about 0.5% of organizations use proactive measures like DMARC to combat spam. Similarly, the lack of DNSSEC implementation leaves even major banks vulnerable to man-in-the-middle attacks. These lapses indicate that as firewalls fail at addressing fundamental security needs, organizations themselves are failing to implement basic, yet crucial, alternative security protocols.

Real-Time Block Lists and Threat Intelligence

The efficacy of many firewalls depends on real-time block lists and threat intelligence feeds from sources like Talos and Alien Vault. Practically these block lists and feeds scrub the majority of threats. However, firewall administrators often neglect to implement this functionality. Often they rely on some dated bloatware such as Intrusion Detection or Prevention Systems. Ironically, threat mitigations can be applied to any gateway device, not just firewalls. Older routers or SD-WAN devices can perform the same functions, sometimes more effectively, questioning the unique value proposition of firewalls.

The appropriate use of this technology can prevent cybersecurity events to a greater extent that poorly deployed firewalls.

The Role of Endpoint Protection

In practice, endpoint protection systems bear the brunt of defending against cyber threats within organizations. These systems, however, have their own set of challenges. Management and deployment issues often lead to incomplete coverage, leaving some endpoints vulnerable. Moreover, endpoint protection frequently ignores Operational Technology (OT) and Internet of Things (IoT) devices, which are increasingly targeted by attackers.

Categorization and Data Quality

Firewall vendors often claim their products can categorize and block threats based on sophisticated data mining. In reality, they rely on purchased data lists and struggle with insufficient internal resources to maintain and update these categories effectively. This reliance on external data undermines their ability to offer reliable and up-to-date protection.

The DNS fail

Every firewall deployment I encounter has the false belief and almost religious fervour that the appliance is capable of heroics beyond its abilities. Nothing displays this ignorance more than administrators default to using google's 8.8.8.8 DNS servers as the default. This provides zero security and no failsafe. I put it to you that this stupidity alone, is responsible for biggest causation of compromise. Moving to alternative and secure DNS servers provide by Quad9 and Cloudflare will reduce the number of breaches by more than 80%.

Questionable Code Quality

The code quality of firewalls and their associated VPN solutions is another area of concern. Firewalls are among the most exploited pieces of infrastructure, as can be seen by the lists maintained by the Cybersecurity and Infrastructure Security Agency (CISA), surpassing all other types of security systems. The very tools meant to protect networks often become the weakest link, exploited by cybercriminals to gain access and cause damage.

Wrap

The heavy marketing of firewalls as foolproof defenses creates a false sense of security among businesses. These products are not the silver bullets they are made out to be. The reliance on opaque, proprietary systems without proper scrutiny, the failure to implement basic security measures, and the neglect of critical updates all contribute to the persistent vulnerability of organizations.

Instead of blindly trusting firewalls, businesses need to adopt a more comprehensive and transparent approach to cybersecurity. This involves integrating multiple layers of defense, maintaining proactive measures, and ensuring that all aspects of their digital infrastructure, including endpoints and IoT devices, are protected. Only then can they hope to stay ahead of the evolving threat landscape.

Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa.

Originally published on LinkedIn by Ronald Bartels: