DynTek delivers exceptional professional IT consulting services, end-to-end IT solutions and managed services to support our customers' digital transformation in areas such as IT Security, Digital Infrastructure, Modern Workplace, Data Center, and Cloud solutions.


3 min read

Why Internal Segmentation Firewalls Are Transforming Network Protection Strategies

Featured Image

Turning Cybersecurity Inside Out

What happens once a threat has breached the exterior protection of your organization?  If you only have a conventional firewall sitting at the external perimeter of your network, threats that slip past or originate inside can run FIREWALL.jpgrampant through your system. But if you also have an Internal Segmentation Firewall, your most important applications and assets are still protected.

Mobile devices, the Internet of Things (IoT) negligent users, ghostware; these have all contributed to the existence of malicious threats in what used to be “safe” territory—your internal network. Internal Segmentation Firewalls have emerged to neutralize these threats.

Building Protection from the Inside Out

In changing cyber threat environments where internal networks can no longer be assumed safe, organizations are increasingly turning towards strategies that allow them to approach information security from the inside out.

For the purposes of IT optimization, it is neither cost-effective nor productive to deliver the same intensity of security across the board. Not all data is made equal, and the level of security allocated needs to align with its value to your organization. Using an ISFW to build protection from within enables you to balance security and performance by fine-tuning access privileges and monitoring functions to focus resources on your most sensitive assets.

Deploying the Internal Segmentation Firewall

When it comes to confidential or sensitive business data, an Internal Segmentation Firewall (ISFW) operates like a vault in a bank, providing an additional layer of security where it is most needed.  The ISFW sits in front of critical assets like databases and web based applications and devices. By integrating it with a traditional next-generation firewall, you get comprehensive monitoring both at the perimeter and inside of your network.  While the perimeter-based firewall tracks incoming and outgoing traffic for suspicious activity, the ISFW works from within to identify threats that have either breached the network perimeter or were executed from the inside in the first place.  

An equally important element of this technology is protection.  Is the application, content or actions malicious? Should this type of traffic be communicating from one set of assets to another set of assets?  While this is very difficult to track across different content and application types, it is an essential part of the ISFW. The ability to detect a malicious file, application or exploit gives an enterprise time to react and contain the threat. All of these protection elements must be integrated on a single device to be effective.  If you buy into a solution that is built specifically as an ISFW, it should be transparent to users and must operate at multi-gigabit speeds so that it does not hinder application performance (which is critical on high performance local area networks).

One of the "Coolest" Cybersecurity Technologies

As an example of an ISFW, CRN named Fortinet's Internal Network Firewall solution one of the coolest cybersecurity products of 2015.  The Fortinet ISFW provides intrusion prevention (IPS) and advanced threat protection (ATP) in addition to firewall capabilities, with new software capabilities designed specifically to allow for simply ISFW deployment.  Specifically, the solution provides automatic user, device, and application identification.  It does this through integration with Directory Services, and the ability to dynamically map a specific user to a specific security policy. 

There is definitely a “cool factor” to this latest and greatest firewall from Fortinet.  They are taking a configuration task, that has been traditionally very difficult to do, and are making it much easier.  By combining new solutions like ISFW into context as part of a security controls driven approach to protecting your organization, it becomes much simpler to create and maintain advanced infrastructures that integrate next-generation security technology.  Getting the best defenses in place isn't always easy, because new technology takes time to get integrated.  Tools like a purpose built ISFW help to make the difficult things simpler, and help us all to rest easier at night.