1 March 2024 By PXC
Figuring out Firewalls with Andrew Napier
Firewalls are a massive part of any business’ security stance, stopping hackers and any other kinds of unauthorised access to customer data.
And just like every other aspect of technology, the strategies hackers use are constantly evolving. As protections become stronger, the threats become smarter, and as a result, firewalls have to keep pace with the constant evolution of attacks.
That’s why we sat down with our Head of Cloud and Security Products, Andrew Napier, to see what’s changed over the years and how our new Virtual Service Edge Firewall solves so many cybersecurity challenges for you and your customers.
Why do some companies choose not to invest in firewalls?
Many businesses wrongfully assume they are too small or unimportant to be targeted by hackers. The truth is no one is safe.
While that may sound like fear-mongering, it’s true. There’s been a clear rise in ‘Supply Chain’ attacks recently, with smaller businesses being targeted to capture data that allows hackers to gain access to larger organisations further up the supply chain.
Why do some firewall solutions fail?
It’s important to understand that if an attacker gets around a firewall and reaches sensitive data, the hacker wants that breach to stay under the radar. In fact, many victims go months, if not years, until they realise they’ve been breached.
And just because a firewall is ‘on’ doesn’t mean it's doing the job. New threats are developed daily, so firewalls must be updated regularly to keep pace with attack strategies. These updates could be regular or urgent ‘Critical Vulnerability Patches’ that protect against a recently discovered exploit.
But it’s hard to find a good time to shut the network down and make the update, especially in 24/7-online operations. Leaving it for ‘another day’ is understandable, but it can easily be forgotten about, leaving networks super-vulnerable.
What is a virtual firewall and how are they different to physical firewalls?
Traditional firewalls are physical boxes installed between a business’ network and the public internet, creating a barrier against unauthorised access.
Virtual firewalls are hosted, deployed, and managed in the cloud for greater scalability and flexibility, allowing multiple locations to be secured without having to physically install anything anywhere.
Another key difference is that physical firewalls have upfront costs, while virtual firewalls can be delivered ‘as-a-service’ with a monthly subscription instead.
As there’s no hardware, there are no site visits to arrange, engineers to send or waiting for the box to arrive – all saving you money and reducing time-to-bill! Plus, SLAs for cloud-based virtual firewalls are much stronger than physical firewalls can offer.
What makes our Service Edge Firewall solution different from other solutions?
As one of the UK’s largest Internet Service Providers, our core network is the gateway for all our customers’ internet services, and our 1Cloud compute platform is also hosted in the same core.
That means we’re perfectly positioned to offer customer-specific virtual firewalls hosted in 1Cloud, so that customers don’t have to invest in their own physical hardware. Service Edge Firewalls are all individual Virtual Machines too, so no shared firewall and no configuration limitations.
But most importantly, our virtual firewall is a service bundle that includes internet access, licencing, compute infrastructure and management in one package. It’s simple to understand and price with no gotchas, and as customers grow or open new sites, it’s super simple to scale the service through 1Portal.
How do end customers benefit from a Service Edge Firewall?
The key benefit is the peace of mind of investing in a flexible, low-impact and constantly up-to-date, dedicated security solution!
The best firewalls are almost undetectable, too – not causing issues for end-users, staying under the radar and quietly protecting operations like an invisible shield – and that’s the user experience we’re delivering.
Plus, as a managed service, it’s our responsibility to update all managed firewalls with the latest version of vendor firmware as soon as it’s been fully tested and certified as bug-free and suitable for use.
Updates are done out of hours to minimise any disruption to customers and vendor-released Critical Vulnerability Patches are usually distributed within 24 hours of release.
These CVPs are essential to keep end customers’ security postures optimal but are often overlooked, as they are time-consuming and risky for end customers to do themselves. They’re even more risky for a reseller customer of ours to do across a large estate of active firewalls, so we do it for them to make sure everything happens as it should.
How do our customers benefit from offering Service Edge Firewalls?
Firstly, it’s hands-off for our resellers.
Once the solution is ordered, we manage everything and make sure it stays up to date. So, there’s no need to train staff or worry about the liability that comes with managing an estate of firewalls.
It’s also a simple upsell from the connectivity services they already offer, meaning higher margins and boosting a customer’s perception of the reseller, hopefully resulting in longer-term, happier customers and lower churn rates.
We also include access to device and network visibility through FortiPortal for customers and resellers. And, if resellers want to keep their own SLAs tight, they can always be given the ability to make changes via 1Portal, too.
If you’re interested in offering Service Edge Firewalls to your customers, contact your Account Manager and help us create a more secure future for UK businesses.