17 Nov Application firewall, working in practice
The amount of services offered through the internet over the years has grown a lot, and gradually, basic protocols such as HTTP have become the basis for building several applications such as internet portals, e-commerce, among others.
The HTTP protocol, used by an expressive number of applications, opened the precedents for new applications to be designed using their own protocols and communication ports. This scenario has caused security solutions, aimed to adaptation in order to meet a new reality.
For many years, firewallsoperated with the control of common protocols, guaranteeing communication through their ports. Shortly thereafter, it was observed the behavior of the protocol associated with its default port or any other type of port.
The internet has grown so much that it has become a great communication center and business platform. Therefore, services offered by the Internet, which are already quite representative, tend to increase. Due to these developments, controlling accesses by addresses, ports and protocols no longer meets the need for some security policies.
In this blog post, you will have access to the concept of application firewall, as well as benefits and main features associated with the use of these solutions.
Conceptualizing Application Firewall
In order to minimize limitations associated with the new format of applications using HTTP protocol, the concept of layer 7 analysis (application) was born, in which the solutions were able to identify standard behaviors, not only in the headers, but also in the data area of packages, and determine what type of application was associated to it.
This feature is very relevant because it allows not only the visibility but also the operation of access controls based on the type of application. For example, Dropbox uses HTTPsas the protocol basis. With application firewall, you can see the abstraction of Dropbox, Spotify, Netflix, YouTube, etc., regardless of protocol behavior.
Previously, it was necessary to map networks and ports used by that certain services, which in many cases was inefficient. Now, regardless of networks and ports, it is possible to analyze application behavior patterns and create filters for that. It is an extremely interesting feature, which ensures more security and ease for network management and adherence to established security policy.
Benefits associated to an Application Firewall
Security solutions with visibility and control of applications allow greater flexibility in the management of security policies, because they totally abstract technical concepts or parameters, making it easier to construct the rules and make them more readable.
For more permissive internet usage policies, this feature allows to reduce exposures by blocking applications certainly not associated with work activities, such as torrents, streaming video, internet television, games, and the like.
Those, in which it is easy to associate applications with certain bandwidth, guarantee that even allowing the use of applications like Netflix, for example, it does not consume excessive internet resource to the point of impossibility of issuing an electronic invoice, or any other activity highly relevant to the business.
From the perspective of visibility, it is possible to follow the usage profile of Internet, be it in a global, sectoral or per user way, validating if those activities are really linked to their work needs.
This knowledge is important in situations where the lack of productivity is diagnosed, since often the reasons are associated with improper use of the Internet, where distractions occur at all times.
A very interesting practical case of application control has helped several companies to avoid fines for copyright infringement: it is the control of applications for files exchange, such as torrents. Many end up using these applications in-company, to perform illegal copying of movies and games, generating potential disruption to the business.
A new rule perspective
With the application controlfeature, the administrator at the time of creating a rule will rely on the traditional address fields, ports and protocols, but can also associate it with a specific application.
It is important to note that it is not possible to build an application-only access policy, there is a lot that cannot be classified, or they are very specific, so they will continue to be regulated by traditional rules.
All application control operation is associated with the application’s “recognition” capability of the solution engine. If the engine is not efficient, the visibility and control over applications is compromised, resulting in a low use of the solution. It is common that, before some update, applications are not recognized by the application firewall, generating an adaptation window.
For the reason described in the previous paragraph, it is of the utmost importance the products focused on application control to be frequently updated, minimizing the response time against changes in applications.
The market has a multitude of products that aim to control access at the application layer, and it is a challenge to choose the most appropriate tool for the needs of each business. If you have any other questions regarding the application firewall, feel free to contact us!