Cyber security is a vast and ever-evolving field, encompassing multiple procedures, techniques, and technologies. At a networking level, cyber security fundamentally addresses how we protect a corporate network and its users from external threats. Given that threats are constantly becoming more sophisticated and new vulnerabilities seem to appear daily, businesses must be proactive.

Most enterprises today adopt the essential practice of placing a firewall between their corporate network and the outside world. There are numerous vendors and types of firewalls, all with different implementation methods. But this leads to a crucial question:

Is a firewall enough?

The limits of a traditional firewall

In the complex digital environment many businesses now operate in, the answer is often no.

A basic, or classic, firewall primarily filters traffic based on a limited set of criteria—typically the source and destination IP address, source and destination port, and protocol (known as 5-tuple filtering).

However, modern threats are now highly active at the application layer (Layer 7 of the OSI model). These threats can easily bypass a classic firewall that isn’t inspecting the content of the data traffic itself. If most of your business’s activity happens at this application layer, a traditional firewall may not be able to protect your network as effectively as you need.

Building comprehensive network security

If your budget is tight, a classic firewall is a necessary starting point, but it should be integrated with services designed to protect the upper layers. Services like Cisco Umbrella or similar offerings provide an extra layer of defence. You can also implement standalone security measures such as web appliances and email appliances for dedicated protection against specific threat vectors.

If the budget allows, a good upgrade is a Next-Generation Firewall (NGFW).

An NGFW integrates multiple security functions into a single appliance, offering a far more granular level of protection:

• Application-level filtering and control
• Deep packet inspection
• Web content filtering
• Email protection

Some NGFWs even extend their security features right down to the end-user device by requiring a supplicant (a small piece of software) to be installed on the host.

Securing the perimeter of your network is only half the battle. You must not overlook the end-users and their devices, and consider the following:

Endpoint Security:

This is vital for protecting against threats that bypass your edge defences (like a user clicking a malicious download link). Should a device become infected, mechanisms for isolation are needed to prevent the threat from spreading across the rest of the corporate network.

Patching and Updates:

Regular software updates and patching (especially for operating systems like Microsoft Windows) are critical, as they close known vulnerabilities that cyber criminals constantly exploit.

Mobile Device Management (MDM):

For businesses with many end-user devices, an MDM solution allows you to manage and restrict what software can be used, enforce security policies, and push granular access controls.

Security must also extend to where your data and applications live. For cloud-hosted applications, traffic can be securely managed using an overlay network to ensure safe access. The same principles apply to Data Loss Prevention (DLP), Disaster Recovery (DR), and data replication.

Asking the right questions:

Given the complexity and the increasing threats, the key to making the right security choice is to ask focused questions about your business needs:

1. What are we running within our business?

This question helps determine the sensitivity and security of your data.

• How sensitive is our data?
• If our data is compromised, how do we recover (e.g., do we need a secure data replication solution)?
• Will a firewall be enough for basic traffic filtering, or do we need additional services for end-user protection?

2. Where do we stand, and is there any room for growth?

Consider your growth projections such as more locations, more employees, more sensitive data.

• If growth is anticipated, any hardware refresh or new service should be future-proofed to avoid being oversubscribed in a couple of years.
• For multiple geographical locations, plan for overlay tunnels (like IPsec VPNs) to secure replication and backup traffic, and use SSL VPN for secure access for remote workers.

3. Is our environment safe?

Consider traffic flow from all directions:

• Inside to Outside: Is the only traffic our employees clicking on, or are our servers initiating unexpected outbound connections (e.g., replication traffic)?
• Outside to Inside: If we host a web server, is it protected against threats like Distributed Denial of Service (DDoS) attacks?

As the bad actors get more skilled and the threats and vulnerabilities more difficult to tackle, fortunately the security products also evolve, especially with the help of machine learning. It’s important to make sure you choose the right set of tools to keep your business secure.