Pub. 12 2021 Issue 3

Pub. 12 2021 I Issue 3 Fall 15 West Virginia Banker firewall technology. An NGFW combines traditional firewall capabilities with outer network device filtering functions to help detect and prevent cyber threats. A next generation firewall is a more unified threat management system for a bank’s network. The NGFW impacts three areas significantly: 1) consolidation of technology components; 2) deeper visibility and traffic controls; and 3) unified management. When considering an NGFW appliance, the following standard and advanced features are available: • Application and identity awareness within the NGFW appliance can identify, allow, block, and limit applications, regardless of port or protocol. • Centralized Management, visibility, and auditing – Most NGFW appliances provide log analysis, policy management, and a management dashboard that provide ways to track security health, traffic patterns, and export rules. • Stateful Inspection – Also known as dynamic packet filtering, traditional firewalls used stateful up to layer four, and NGFW appliances are built to track layers two through seven. This allows the NGFW to evaluate further between safe and unsafe packets. • Deep Packet Inspection (DPI) – The DPI process goes a step further than the stateful inspection. DPI can locate, categorize, block, or reroute packets with problematic code or data not detected in a stateful inspection. • Integrated Intrusion Prevention (IPS) – The IPS portion will inspect, alert, and even actively remove malware and intruders from the network. • Network Sandboxing – A method of advanced malware protection that allows the appliance to send a potentially malicious program to a secure and isolated environment so it can be tested before entering the network. • HTTPS, SSL/TLS, and encrypted traffic – This feature allows the appliance to encrypt/decrypt communication over the internet. Trista Cline is a Manager of Arnett Carbis Toothman LLP, Certified Public Accountants, in the Charleston, West Virginia office. Ms. Cline has over 12 years of experience in information technology audit and security services in the financial institutions’ industry. Additionally, Ms. Cline has extensive experience in database analysis and the use of database analysis tools. Ms. Cline can be contacted at 800-642-3601 or trista.cline@actcpas.com. • Threat Intelligence and Dynamic Listing – NGFW appliances make threat hunting more automated. • Integration Capacity – Integrating third-party products with the NGFW appliance allows for easy integration and less stress navigating between sof tware. In prior years, banks would have to have different solutions to achieve some of these objectives. A Next Generation Firewall includes the Following Benefits: 1. Breach prevention and advanced security 2. Comprehensive network visibility 3. Flexible management and deployment options 4. Time detection capabilities 5. Automation and product integration Assessing the Risk As the bank evaluates and considers the firewall appliance in place, whether a traditional or next generation appliance is used, consider setting the risks associated with the current firewall(s). Consider the cyber threats that could impact the bank along with the mitigating controls in place. Ensure that the assessment is documented within your risk assessment and cyber risk assessment, if applicable. As the bank reviews the firewall solution in place, keep in mind the vendor may have both traditional and next generation firewall solutions available for purchase, so the bank may have to evaluate the model type to determine if it is a traditional or next generation firewall. Also, the types of service appliances provided should be an indicator. The bank should also evaluate the end of hardware and software dates associated with the firewall in place. While reviewing the future of software dates, consider the fate of software vulnerability dates in addition to the end of support dates. In January 2021, the following firewalls were eSecurity Planet’s selections for the top next generation firewalls: 1. CrowdStrike 2. Palo Alto 3. Check Point 4. Fortinet 5. Forcepoint 6. Cisco 7. WatchGuard Conclusion With the increasing cyber events and sophistication of those events and attacks, it is critical for organizations, including banks, to understand the difference between the traditional and next generation firewall appliances. The initial step is to consider reviewing the firewall solution in place and understanding what it is doing and, more importantly, what it is not doing. Assess the risk associated with the appliance. In addition, evaluate other solutions/ services that the bank is utilizing (i.e., intrusion prevention solution, etc.) that a next generation firewall could achieve. 