Thursday December 12, 2019
Every day, travelers rely on airplanes to get them to their destination safely. Pilots, in turn, rely on air traffic control to guide them through takeoff and landing, especially in inclement weather. It may seem like there aren’t many similarities between planes and firewalls. Still, just as planes continue to operate in inclement weather, firewalls should continue to operate in all conditions, too.
So if planes rely on a combination of good instrumentation and air traffic control to guide them, how should next-generation firewalls recreate that winning combination to ensure proper visibility? There are several methods to keep an eye on system health and ensure firewalls are continuing to operate at full functionality.
One option is a combination of monitoring and tracking; another is a combination of management and troubleshooting. While both methods can be helpful, monitoring and tracking provide a wider array of benefits than management and troubleshooting. In a recent Fuel webinar, Jim MacLeod, technical product marketing manager at Indeni, analyzed the benefits of monitoring and tracking over management and troubleshooting when it comes to next-generation firewall health.
Staying Informed Through Monitoring and Tracking
Monitoring refers to measuring and pulling metrics out from the configuration. This is especially important in diagnosing problems with the configuration. Next-generation firewalls are very complex systems that are built up in layers of functionality, but often the issues stem from fundamental-level misconfigurations. Periodic monitoring will keep a cybersecurity professional abreast of the metrics at a fundamental level, giving specific information about system health and helping anticipate future problems before they can occur. Monitoring’s great strength is that it provides greater visibility, so cybersecurity professionals are able to steer the firewall through all conditions and quickly make necessary changes.
Tracking is essentially the other side of the same coin. It is a proactive look at real-time stats, providing an idea of what a configuration looks like in full health. One of the tracking’s great strengths is that it shows what the configuration’s quirks might be. In some cases, the quirks may be unusual or even appear to be errors, but they are just typical of the system. Tracking comes in handy when diagnosing an error to the configuration; if a person has engaged in tracking, they can distinguish between what is truly acting up and what is unusual, but typical of the configuration.
Together, monitoring and tracking broaden visibility and provide a clear view of a configuration. Over time, as a body of knowledge is built, these methods can help anticipate issues and send alerts when preemptive action should be taken, to ensure consistent firewall health without any blips. While monitoring and tracking are indispensable in diagnosing problems and returning to full functionality, there is a consideration to keep in mind — namely, monitoring and tracking must be initiated on a regular basis. Someone must be tasked with sitting down and actually completing the monitoring and tracking to get an idea of the running system. It is not enough to monitor and track once.
The Pitfalls of Management and Troubleshooting
Monitoring and tracking still provide greater benefits and visibility than management and troubleshooting. Management is simply sending instructions out. If a person goes to a command line and asks to be shown something, they are not getting a broad picture of system health, nor are they able to make any substantive changes to the configuration. For example, if the configuration has a chronic issue, they may not get the full picture of what has gone wrong if they rely on management.
On a similar note, troubleshooting is insufficient because it is necessarily reactive rather than proactive. Troubleshooting is only done when a problem has already occurred. If a person relies on troubleshooting, they may not have a clear idea of what the configuration looks like in full health, and consequently may be tripped up by the aforementioned quirks in the system. Moreover, troubleshooting relies on the device to provide a notification when something has gone wrong, and there may be an unwanted delay between the beginning of the breakdown and the notification.
Management and troubleshooting, while useful, provide limited visibility. Monitoring and tracking provide greater visibility into the configuration and therefore support a quicker return to full functionality in the event of a breakdown. Monitoring and tracking, then, are the equivalent to air traffic control when it comes to keeping next-generation firewalls running.
To learn more about monitoring and tracking next-generation firewalls, watch the Fuel webinar related to this blog post.
Webinars are available to Fuel members. Not a member yet? Learn how to join today.
More to Explore
Check out these Fuel blog posts for further reading: