By Ronald Sens, EMEA Director for A10 Networks
As viruses become more sophisticated, malware must be detected all the way down to its DNA.
The winter season is peak time for infection and disease across the UK. But the old saying “prevention is better than cure“ is not only relevant to our personal health, but also to our networks and IT systems.
In corporate networks, the classic defence against malware and other external attacks is usually split-up between two solutions: a firewall and a traditional antivirus program. The firewall is similar to a gate that only allows authorised personnel into the network and the virus program is a guard capturing those who attempt to sneak in undetected.
Balancing act
The classic defence of using two solutions was put into place because neither solution alone could accurately protect the network. The two needed to work together in order to achieve maximum effect and coverage.
Traditional firewalls simply followed pre-determined web protocols and lacked the intelligence of next-generation firewalls. This means that the classic firewall lacked the ability to distinguish between different kinds of web traffic. The inability to distinguish between legitimate traffic and abnormal malicious traffic meant that firewalls either accepted or rejected all the traffic sent its way.
Enterprises needed a more robust form of security with newer, more complex, rules. This is why traditional antivirus programs were paired up with firewalls.
Antivirus software is reactive and while these programs can deal with a threat, they only do so once that threat has entered the network. Depending on the number of threats attacking simultaneously and the sophistication of the attack an antivirus program is not powerful enough to keep the network safe.
However, when paired with a firewall that prevents all traffic entering the network the antivirus has the chance to scan the traffic and identify it. The antivirus can distinguish between the good and the bad traffic and relay this information to the firewall so it can only let in the approved traffic. The system works but it is flawed. Time is wasted waiting for the antivirus to identify the traffic and inform the firewall, and if one of the two was to go down then the whole system crashes.
This kind of defence previously used to be enough, but as enterprise networks get more complex and as the types of external threats become more varied, having two separate solutions working together is just not sufficient.
Convergent Firewall – the impenetrable dome
The problem surrounding a two solution balancing act can be addressed by next-generation firewalls, and one in particular is the Convergent Firewall (CFW). The CFW intelligently recognises users who have permissions to prevent unauthorised attackers and malicious infiltrators from having access, and in some cases outright destroys the invader.
In order for CFW to be able to guarantee this comprehensive protection, an extensive amount of data and files are fed into the program in advance and broken down extensively. With the assistance of machine learning, the CFW is proof against all known malware and viruses, and can adapt to future threats. It can also distinguish between normal and abnormal behaviour from users within the network. This accurate analysis enables CFW to detect malware in real time using digital DNA and thereby prevent the majority of malicious attacks.
To understand why this strategy makes sense, it helps to think again about the approaching flu season. The CFW is less of a conventional doctor than a kind of super medicine that can scan people down to the molecular level. It does this in order to be able to judge exactly whether a disease is present, what symptoms are to be expected and how the disease can best be cured. It’s the perfect medicine for a network in the middle of the flu season.