Next-Generation Firewalls: How Do They Fit into a Modern Healthcare Cybersecurity Posture?

Why Traditional Firewalls Fall Short in Healthcare Environments

Traditional firewalls don’t typically provide enough protection in today’s modern cybersecurity environment because they’re too simple. It’s like having a single security guard who checks IDs at the front door but doesn’t monitor what else is happening inside the building.

A traditional firewall allows or denies online traffic based on defined factors such as IP addresses and port numbers. Let’s say a hacker obtains access to a hospital’s electronic health record through an allowed port. The firewall might not detect suspicious activity that happens after that, such as if the hacker downloads critical information.

By comparison, a next-generation firewall uses deep packet inspection to analyze the content of the online traffic and determine where it came from. In the EHR example, a next-generation firewall may only allow access through that port if the traffic comes from a trusted application, such as Epic or Oracle. It could also be configured to block users from uploading data to an unauthorized third-party application.

As an additional benefit, next-generation firewalls can help ensure HIPAA compliance. Tsugranes says they can provide a higher degree of precision in monitoring access controls around protected health information and implement encrypted traffic inspection to ensure patient data isn’t being exfiltrated.

RELATED: How can healthcare organizations create self-aware and secure IT networks?

The Role of Next-Generation Firewalls in Modern Cybersecurity

Next-generation firewalls are one piece of a comprehensive, platform-based approach to cybersecurity. Experts say they should be integrated throughout an organization’s internal systems, not just along the perimeter.

“A lot of what we’re talking about with next-gen firewalls is still predicated on them being a box at the front of traffic flows,” says Tsugranes. “Protocols need to make it down to the application level. That’s way more than just host-based firewalls and intrusion prevention systems. It’s traffic management between application components, containers and functions, which is about as granular as we can get.”

“I see next-gen firewalls transforming to becoming a distributed firewalling solution,” says Rick Miles, vice president of product management, cloud and network security at Cisco. He notes that IT professionals must consider “how to ensure security at each layer, from a box at the edge of a data center to applications deployed in the cloud.”

For example, imagine that a workstation in a radiology unit is infected by ransomware, and a hacker tries to use this vulnerability to access other parts of the hospital’s network. A distributed firewall with a microsegmentation policy could isolate the radiology workloads and prevent the hacker from reaching other critical systems, such as the EHR.

AI Enhanced Firewalls, Alert Fatigue and Staffing Challenges

Next-generation firewalls paired with AI can help organizations strengthen their security posture while reducing workloads for cybersecurity professionals. AI-powered tools from organizations such as Fortinet, Juniper Networks, Palo Alto Networks and Splunk can analyze traffic patterns, identify irregularities and deploy a response — such as stopping a suspicious data transfer — faster than a human analyst could.

That type of automated reaction can help prevent alert fatigue among IT teams. Agentic AI can investigate and respond to lower-risk issues, such as blocking a phishing email to a single user, while freeing human employees to focus on more complex threats against the whole organization.

As for whether AI will take over cybersecurity in the future, Tsugranes says, he believes humans will always determine an organization’s specific policies. He notes that although enhanced AI tools may be used to implement security protocols, “ultimately, the company’s still responsible for what happens.”

EXPLORE: Observability improves IT and security workflows in healthcare.

How Cybercriminals Are Using AI To Bypass Security

Enacting AI-enhanced next-generation firewalls to boost cybersecurity has become necessary to combat increasingly sophisticated hacking techniques. With the help of AI, cybercriminals can use publicly available information to build profiles that mimic legitimate accounts and can be less detectable to firewalls.

And hackers can develop and deploy their attacks quickly because of AI. McKinsey reports there has been a 1,200% surge in phishing attacks since late 2022, when generative AI tools such as ChatGPT became publicly available.

Miles warns that this new reality means organizations also need to act fast when a vulnerability is exposed. “It forces companies to think about new ways to reduce risks. Let’s adapt to that threat landscape and allow organizations to drive distributed exploits and patching within seconds instead of months,” he says.

“Imagine being able to deploy a distributed exploit protection directly on the application itself that eliminates that attack path entirely but still allows the application to function,” Miles continues. “Those are the types of use cases that we’re building out in the hybrid mesh firewall with technologies like Hypershield.”

To further guard against cyberthreats, Tsugranes adds, IT professionals must remember that next-generation firewalls are not “set it and forget it” tools. “Continuously monitor logs, establish a feedback loop for teams to report issues, and regularly audit your policies to ensure they are both effective and efficient,” Tsugranes says. “This ongoing process is crucial for adapting to new threats and minimizing noise.”