An excerpt of a piece Raymond Russell, Corvil CTO and Co-founder, recently published in Forbes, discussing the future of network security and the possibility of a future without firewalls.
Plato tells of the ancient city of Atlantis, full of advanced technology and feats of engineering such as the world will never see again. The Atlanteans built great walls of exotic metals, striving to conquer the very ocean itself. But they were unable to stem the tide and the angry gods sank Atlantis and all its wonders to the bottom of the ocean.
I’m paraphrasing here, but the point is: for all their prowess in building walls, those guys are underwater.
The corporate world is locked in a similar struggle to protect against dark and terrible dangers lurking just outside the walls, the endlessly rising tide of network security threats – and not without a dose of the same hubris. As businesses became increasingly connected, we’ve built increasingly complex firewalls to safeguard our data and protect against malicious invaders.
Now, the time to simply build walls is coming to an end. We are past the point of just plugging leaks. Firewalls are failing – it’s time to learn how to live underwater.
The firewall is the icon of today’s security industry. The general idea is that firewalls and Intrusion Protection Systems (IPSs) are placed at the perimeter of the network to create a boundary between an untrusted exterior and a trusted interior. Systems on the inside can go about their legitimate business unimpeded, while potential intruders are blocked and kept on the outside.
It’s an approach that is not so different from building and defending a castle. Create a clear perimeter with a safe area inside, the enemy outside, and complete clarity on what has to be defended: the walls. It’s a strategy that can work – assuming technology and tactics never change.
Yet that has never been the case. Medieval castles evolved from simple wooden forts to stone fortresses, and used moats to prevent tunneling under the walls, just as firewalls have evolved to able to perform deep-packet inspection and other capabilities. But all these innovations didn’t change the fact that, when castles were captured, it was often an inside job. Similarly, most cybersecurity breaches are not frontal assaults trying to disable the firewall in its entirety. Breaches generally start with a very small step: some piece of malware slips through a small crack somewhere and infects one machine.