firewall

Firewall or Anti-Virus? Does my business need both?

Most people with any computer experience understand the reasoning for an antivirus, but they might not be familiar with the term firewall, don't worry, it's not uncommon. That is why many businesses are shocked to find that their current network security solution isn't keeping them as safe as it should.

 

Here is a quick tutorial. A firewall is your network’s first line of defense. As information travels in and out of your network in what are called data packets, these packets first have to cross through the firewall. Two things should happen when that information hits your firewall:

 

  1. The network address translation (NAT) device first decides whether or not that IP address is allowed to enter or exit your network and directs it to the right place.
  2. Then the firewall inspects the packets to determine if they’re free of viruses or malware, if cleared they are then allowed passed the firewall and into the network.

 

Unfortunately, many products advertised as "firewalls" only do the first part, leaving your network vulnerable.

 

If your firewall is inspecting the information, it's usually happening in one of two ways. The most common, the firewall is looking at the packet’s header information (which is essentially the packaging the data comes in) and says it's an orange, we like oranges, send it through! But the orange could be rotten, and you wouldn't know until it was too late. Which is why more secure firewalls analyze the data packet in its entirety, in what’s called "deep packet inspection" to make sure it's not rotten (or riddled with malware) before accepting it into the network.

 

One challenge security providers are presented with is how to perform a deep pack inspection when the data coming into the network is encrypted. In order for the firewall to inspect that packet, it first has to decrypt it, which is pretty difficult.

 

You might ask why encrypt traffic at all if it’s making it harder for your firewall to protect you? Websites encrypt data packets to keep your personal information safe as it’s transmitted across the internet (information like logins, passwords, banking info etc.). It’s essentially writing it in a secret, one-time use code that only your device can understand. Websites do this so hackers can’t intercept a data packet mid-transfer and steal personal information that may be included in that packet. This is also why medical professionals must have encrypted emails in order to send and received patient information.

 

Ultimately it’s good for your safety, but there are flaws. Encrypting a website is easy and malware can still be hidden in encrypted traffic, which is why being able to decrypt and inspect all data packets it is still important. SonicWALL is taking on this challenge by developing new ways to decrypt traffic as it hits the firewall.

SonicWALL threat detection

Pro-tip: Software firewalls might seem like an affordable alternative to a hardware firewall, but the protection doesn’t compare. By being located on your machine, software firewalls are automatically less secure than a hardware firewall that is stopping threats from the outside. You can either have guard who questions all your visitors before they get through the front door, or a one that lets them into your entryway and then starts the interrogation. Both could detect the threats, but if they’re already in the house, it’s already too late. Hardware firewalls can cost more but are the better choice for your security long term.

 

If your firewall is the security guard to your network, your employees are your teenage daughter sneaking people in through the window. Which is why you need still need antivirus.

 

Example: Your salesperson is building a huge presentation for a client from home. They load it onto a flash drive, bring it into work, plug it into their computer and load up their presentation. Little do they know that flash drive is riddled with malware from their home computer, and that salesperson just opened up the window into your network.

 

This is just one example. Other scenarios are downloading an attachment from a phishing email, or an application from online. User error is your firewall's biggest weakness, and once malware hits your computer even the best firewall is powerless, which is why you need an antivirus.

 

However, antivirus is really a misleading term, because technology has changed. Back when the term was coined, the fear was hackers infecting a computer with a virus that wipes all its data. Today the biggest concern is malware gaining access to a computer and stealing sensitive information including logins, passwords, and banking information. So the modern version of an antivirus should really be a combined antivirus/malware detection.

 

Antivirus/malware detection warns a user that they could be downloading malware before it has a chance to infect the workstation. If it does infect the workstation, the antivirus quarantines suspected threats to prevent spread and, depending on user settings, works to delete the threat. None of which could be executed by your firewall alone.

 

Each utility is going to offer you a level of protection at different points along the data flow. Implementing both offers you the highest level of security. Before scoffing at the price, ask yourself, if your data was compromised, would your business survive?