Wednesday, June 13, 2018

Everything Old is New Again, or Why Firewalls Are Secondary

Those who entered the security field in the last 15 years have often thought of security as a network-first endeavor: firewalls, DMZs, permitter controls, and so on.

Those that have been in the field for 30 years or more, will likely remember that firewalls were created as backstop for host security at a time when host based security from the network was scarcely on the radar of most OS designers. This was complicated by the issue that host security was difficult to achieve at scale at the time: turning off unneeded services, properly configuring services, authenticating users of those services, and so on.

As the network-first approach continues to show the limits of its usefulness in environments where network boundaries are becoming less definable and where advanced persistent threats are common, it makes sense to support advocacy for a to shift back to the host-centric mindset.

I suspect that this will viewed as cost prohibitive, burdensome, unrealistic, and so on. I ask: how well is the current network control centric approach working out?