Traditional firewalls have been rendered virtually ineffective in the war against cybercrime for a couple of major reasons. First their protection was extremely limited. They were only designed to protect by controlling specific ports or protocols or to block traffic from specific IP addresses. Second, more and more legitimate businesses are beginning to use the web protocols standard firewalls disallow. So much so, that people give little thought to overriding the objections of existing firewalls even when they shouldn’t.
This combination makes protecting computers against cybercrime with firewalls quite challenging. At least, that has been the case with traditional firewalls.
The next generation firewalls provide a different type of protection. Now only do they look at software applications coming into the network, according to CNN Money, but they grant workers permission to use certain application on a case-by-case basis. For instance, a company may allow employees to access Facebook while prohibiting them from downloading games or accessing other apps, which are notorious for including malware.
Application Awareness and Control
The next generation firewalls have one massive benefit over traditional firewalls when it comes to applications. They are aware of them and keep a running database of accepted or approved applications that are allowed on the network. But this new generation in cybercrime prevention goes a step further by learning what normal app behaviors are and notifying the appropriate, or predefined, person of deviations in behavior.
Application controls, as mentioned above with Facebook apps, can also be used for things like allowing calls from Skype while disallowing file transfers from taking place on Skype. The overall goal is to allow typically safe transfers of information while eliminating those that pose a risk to the network and without the “all or nothing” approach for allowing the use of certain apps that leaves many networks vulnerable.
Access to Additional Information
Another great feature of the new generation of firewall protection is that you now have the option of seeking assistance when making decisions about whether or not to allow access to your network. You can utilize reputation services to assess whether or not the risk of allowing your computer to talk to a “stranger” computer around the world is a good idea based on reputation. In other words, you have the option to make a reasonably informed decision about whether or not to trust the information being sent to your computer.
The next generation isn’t completely flawless. Work continues for making them even better safeguards for your information and defenses against cybercrime. In the meantime, they are a much better option than has been available with previous firewall incarnations. As improved technology becomes available, however, it’s better to err on the side of a better defense than to leave your networks vulnerable by sticking with outdated firewall protection. Cyber liability insurance offers additional protection for today’s cyber crime incidents.