Using a Hybrid Mesh Firewall to Increase Network Security

istock 1408211250

Cybercriminals aren’t slowing down, and their campaigns are becoming more complex and harder to detect. Between advanced persistent attacks, attempts to infiltrate nontraditional devices, and the increase in multifaceted attack strategies, networks are under constant siege. At the same time, the rise of the Internet of Things (IoT), hybrid-cloud computing, and remote work demands, as well as the continued shortage of skilled security professionals, all make it more challenging than ever to secure and manage enterprise environments. 

IT teams require new and sophisticated cybersecurity solutions to ensure they properly protect their entire networks across all devices and connections. Network security tools, especially firewalls, can’t work in isolation.

A hybrid mesh firewall (HMF) is a unified security platform providing protection to multiple areas of enterprise IT, including corporate sites, such as branches, campuses, data centers, public and private clouds, and remote workers. We predict this emerging architecture will quickly go from concept to reality just like secure access service edge (SASE) and zero trust have as organizations contend with the dual realities of increasingly sophisticated attacks and the rise of hybrid networks.

Hybrid Mesh Firewall Provides Coordinated Protection

An HMF is an integrated collection of next-generation firewalls (NGFWs) deployed across the network, including chassis, appliances for large and small sites, virtual machines, cloud-native firewalls, and Firewall-as-a-Service (FWaaS), that work together as a unified solution. Historically, organizations only needed on-premises firewalls or used siloed NGFWs to protect different parts of their environments, which left room for mismatched security policies, management confusion, and openings for attacks.

One of the most essential components of an HMF is its ability to traverse today’s multi-cloud and hybrid data center environments. Hybrid mesh firewalls rely on a unified management console to coordinate protection across every IT domain (corporate sites, public and private clouds, and remote workers). Specifically, a unified console allows enterprise IT to automate NGFW capabilities across the network, such as collecting and correlating data, performing AI-assisted deep analysis, and coordinating a unified response across the network without duplicating efforts, re-creating policies, or investing needless manual hours when a cybersecurity skills gap already constrains resources.

They also create a unified security posture that’s easy to manage and prevents gaps in coverage for attackers to exploit.

Key Considerations for a Hybrid Mesh Firewall

Whether you’re building an HMF architecture or learning about the concept for the first time, there’s a lot to consider. This is a new term, so there are a lot of misleading claims and incomplete information floating around. It's clear organizations need NGFWs with a single management console, but beyond this, what should they prioritize?

Here are a few considerations to keep in mind when exploring your options:

Assess current NGFW solutions

Understanding the current firewall solutions and services in your environment is the first step to determining how to build an HMF architecture now or in the future. Next-generation firewalls typically include inline deep packet inspection, application inspection and control, website filtering, QoS and bandwidth management, and malware and botnet detection. In addition, your NGFWs should also include zero-trust enforcement and secure SD-WAN to support modern hybrid workforces. Finally, but perhaps most importantly, your firewall solutions should be able to easily communicate with each other and offer a single, intuitive management console.

Look for AI/ML

To contend with an expanding threat landscape, it’s crucial for NGFWs to utilize artificial intelligence and machine learning (AI/ML) capabilities to effectively detect and protect against known and unknown threats. Artificial intelligence and machine learning-powered security enables HMFs to identify and classify applications, web URLs, users, devices, malware, and more, all while automating policy enforcement across domains. Artificial intelligence and machine learning are at the heart of HMF automation and can significantly reduce the amount of manual work involved in protecting enterprise IT and OT.                                 

Ensure integration with enterprisewide security approach

An HMF, however robust, is only part of your broader security infrastructure. Modern enterprises require a comprehensive and integrated cybersecurity approach that provides advanced protection and visibility across the entire network infrastructure. Generally, this includes a full range of security solutions, including firewalls, endpoint protection, secure access, and cloud security. Your HMF deployment should integrate seamlessly with your overall security infrastructure to promote unified management and visibility across the entire enterprise.

Take note of flexible pricing options

Business needs are constantly changing, and IT teams need the flexibility to deploy a broad range of firewalls without being locked into a single form factor. Flexible, usage-based pricing models, like Fortinet’s FortiFlex program, enable organizations to only pay for what they use. This means they turn security services off and on according to their dynamic needs and manage their budgets effectively. These pricing models offer greater flexibility and cost control, which is crucial given network security’s dynamic and evolving landscape.

Prioritize third-party validation

With the number of cybersecurity solutions on the market, it can be hard to determine the best solutions for your specific needs. Third-party validation is an ideal way to understand the efficacy of a product because independent testing organizations have little incentive to exaggerate results. When assessing NGFW and HMF vendors, look for those who have sought third-party testing and can provide objective information about their solutions.

Get Started Today

Building an HMF may seem daunting, but organizations don’t need to make massive changes overnight. Take the time needed to understand your environment, determine the best solutions for your needs and to get the necessary buy-in from key stakeholders. Hybrid mesh firewall is an emerging function that’s sure to evolve alongside the threat landscape and cybersecurity industry. At Fortinet, we’re committed to staying on top of industry trends and will be watching this one closely.

Fortinet’s FortiGate NGFWs leverage a single operating system, FortiOS, and management console, FortiManager, making them uniquely designed to support an HMF infrastructure. Learn more here.



Copyright © 2023 IDG Communications, Inc.