Business grade firewall

Cybersecurity Basics: 3 Ways a Business-grade Firewall Can Save Your Architecture Firm

With cybersecurity continually being in the news with reports of data breaches and ransomware infections surfacing almost every day, we thought it would be a good time to remind everyone about a few basics for protecting your business and your data from these ever-evolving threats.  

We thought it would be a good idea to help architecture firm owners sort through all the technical jargon and terminology. We want you to get a better understanding of the possible risks so that you can take action to protect your growing firm, and ensure it thrives for years to come.

Traditionally the security model for protecting your business works from the perimeter of your network inward, and this is where we will start. This device has been in existence for over 30 years and is an absolute necessity in protecting your firm from the bad guys.

What is a firewall?

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. (Cisco)

Basically, it’s a box that protects your computers and your files from all the bad things out on the internet. 

Is a Business-grade Firewall better than your home internet router?

We get this question a lot. In fact, we get it every time we recommend upgrading the retail-store bought internet router device at a client site to business (enterprise) grade firewall from a reputable manufacturer (Cisco). It is understandable. We are asking our clients to invest five to seven times more money over what they have previously had, and we need to justify that investment.   In the next few minutes you will learn the following:  

  1. What makes a business-grade firewall different from your home internet router?
  2. How installing a business-grade firewall at your architecture firm can help protect your business and your data in more ways than you think.
  3. Additional benefits of business-grade firewalls for your architecture firm.

After reading this post, you will fully understand why any reputable managed services partner makes installing a business-grade firewall a priority recommendation for every client.  

3 Ways a business-grade firewall is different from your internet router

Better firewall equals better security

Think of it as buying car insurance. Usually, you can pay less, but not have the right coverage limits and options. When something terrible happens, you find out that you have a high deductible, or worse your medical bills are only covered halfway. You realize that you have to spend a little more money to make lover your deductible and to increase your coverage limits to meet the real-world standards.   The same principle applies here. Business-grade firewalls, although cost you more, provide better protection from outside intruders into your systems, by providing additional security features and using better technology.   When we talk about securing the perimeter of our network, even in this new age of cloud services, we have to have as much visibility and as little security holes as possible.   So, what are the features of the business-grade firewall that provide us better security and visibility?  

The firewall functionality is turned on by default

You may find this funny, but we have seen this on many occasions. Even the little protection that internet routers provide is usually turned off by the manufacturer. It takes some skill and knowledge to figure out where to turn on these features. Most of the time they are left turned off at deployment.   Such is not the case for your real firewall. Here the device is shipped in its most secure configuration with all the traffic being blocked by default. At deployment, the engineer chooses policies to allow certain types of traffic through the firewall for your business to function properly. Everything else continues to be blocked.  

Stateful packet inspection

Early firewalls and current consumer-grade internet routers look at packets on an individual basis, as opposed to the whole stream of communications (state) between the two computers. This makes them vulnerable to all sorts of attacks where an attacker can fake the information inside of a packet and make the computer communicate with him instead.   The business-grade firewall records all connections passing through it to ensure it has enough information to assess whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. This additional information allows it to grant or reject access based on the packet’s history, and to speed up packet processing; that way, traffic which is part of an existing connection can be allowed through without further analysis. If the traffic does not match a current connection, it is evaluated according to the rule set for new connections.  

Regular software updates from the manufacturer

Although, business-grade firewalls go through rigorous testing before getting shipped to you, the customer. Sometimes vulnerabilities can get discovered and even exploited by the bad guys. The key here is to react quickly. Most firewall manufacturers like Cisco, SonicWall, Fortinet, and Palo Alto Networks, have the patches ready within hours. This prevents the issue from spreading and affecting their customers.   The same can not be said for your internet router manufacturers. One manufacturer took over a year to fix vulnerabilities in its internet router. Leaving their customers vulnerable, and many devices at risk. It is understandable, they are not in the security business and don’t claim their devices provide any layer of security.  

Get Free Practical Business and Technology Advice in Your Email!

Advanced visibility and control

Another advantage of a business-grade firewall is access to sophisticated visibility tools. Besides the standard logging, you and your managed services provider get insights into the which devices and types of traffic on your network are using up the most bandwidth on a monthly, daily or hourly basis. This allows identification of possible internet performance issues ahead of time, as well as, raises awareness of any unexpected and potentially harmful activity. None of this reporting and in-depth visibility is available with a regular internet router.  

Options equal choices

In addition to the features, I described above. Your new business-grade firewall includes many optional features that can be enabled for a low monthly fee, to provide additional protection and visibility into your network, and provide a peace of mind that your business and your data are safe and secure.  

Web URL Filtering

This security option prevents your employees from accidentally going to a known malicious site and downloading a file that infects their computer with ransomware. The bad guys create these sites on the internet to mascaraed as valid sites and then send out links in a phishing email. These sites usually last for a few hours and then get taken down. A reputable manufacturer would update their list of malicious blocked sites every minute to make sure the latest sites are reflected, and your users are protected from accessing these websites   Additionally, you get the ability to control other aspects of your user behavior on the internet. Such as preventing users from accessing sites with unappropriated content, options to limit or block social media and streaming during business hours. You will also get insights into your employee’s behavior on the internet to confirm that it aligns with business objectives.  

Intrusion Detection and Prevention

This option provides more in-depth visibility and automatic remediation into potential threats to your network. These could be internal threats like an infected machine or external threats like a hacker trying to get in. This system looks at many more things than the base firewall, and can automatically mitigate the risk once detected, providing an additional layer of security to your data.   Here is a story that may better illustrate how this feature can save your firm from ransomware.   We had one of our clients bring in a laptop from home, which stopped working because his kids were playing with it. He got it connected to the network in the office, and as you might have guessed it had a nasty virus on it. Since this was a home laptop, we did not have any of our Anti-Virus tools installed on it, and therefore did not get any alerts about an infection. Thank god we had the intrusion protection option (IPS) configured correctly in the environment. Within milliseconds, all traffic to and from that laptop got blocked, and the system alerted us to the potential threat. We were then able to take the system off the network and remediate the issue. Had we not had the IPS, a significant downtime event would have occurred, and productivity for the business would have suffered big time.  

Advanced malware detection

This one is awesome (for us computer geeks)! It provides an additional layer of protection for your users from viruses and ransomware. It prevents real-time threats.   Let’s assume someone came up with an unknown previously virus, and one of your users has tried to download the file. The standard malware detection programs, such as your Anti-virus, would allow it through, as they have no information that this is a virus. However, if you have the Advanced Malware Detection, the file is going to be held first and inspected using the latest technologies such as Artificial Intelligence, machine learning, and behavioral analytics to validate the data is not a virus and allow it through. All of this in a matter of microseconds. Furthermore, once the file is allowed through, it will be monitored for a period of time for any suspicious activity and quarantined if anything funny is detected. Isn’t that amazing stuff?  

Hardware and Performance

Now that we have covered many of the excellent features and options, let’s talk about the hardware itself, performance capabilities, as well as, its useful life expectancy.   Good quality hardware is of most importance when talking about the performance and service life of the device. In our experience, most business-grade firewalls exhibit exceptional build quality and have excellent, well-designed internals.   Here are just a few things you should know when comparing a real firewall to your home internet router:

Business-grade Firewall Internet Router
Metal or high-quality plastic chassis enclosure, with ventilation for heat escaping Low-grade plastic enclosure with no ventilation.
High-quality electronic internals, quality tested as part of this model and design Most electronic components are not tested at the same time, or not tested to required levels
High-performance processors and memory, designed to deliver performance under extreme loads. Components are not tested under extreme loads and usually choke, causing performance issues.
Service contracts allowing for replacement of parts within 2-4 hours, perfect for high demand business application Manufacturer’s warranty that may leave your business with no internet connectivity for a few days, while a new device is procured.

These characteristics explain why a useful life expectancy of a business-grade firewall is around ten years, compared to three years for a regular internet router. A significant benefit to your firm is that you will get a much lower TCO (total cost of ownership) and higher ROI (Return On Investment), in addition to all other benefits.  

Feel free to write us a note, if you have any questions or comments about this topic. We are always here to help!   To get more business and technology advice just like this for your architecture firm, click on the button below.   Hope you have a great rest of your day!  

Get Free Practical Business and Technology Advice in Your Email!