Why Traditional Firewalls Fall Short in Healthcare Environments
Traditional firewalls don’t typically provide enough protection in today’s modern cybersecurity environment because they’re too simple. It’s like having a single security guard who checks IDs at the front door but doesn’t monitor what else is happening inside the building.
A traditional firewall allows or denies online traffic based on defined factors such as IP addresses and port numbers. Let’s say a hacker obtains access to a hospital’s electronic health record through an allowed port. The firewall might not detect suspicious activity that happens after that, such as if the hacker downloads critical information.
By comparison, a next-generation firewall uses deep packet inspection to analyze the content of the online traffic and determine where it came from. In the EHR example, a next-generation firewall may only allow access through that port if the traffic comes from a trusted application, such as Epic or Oracle. It could also be configured to block users from uploading data to an unauthorized third-party application.
As an additional benefit, next-generation firewalls can help ensure HIPAA compliance. Tsugranes says they can provide a higher degree of precision in monitoring access controls around protected health information and implement encrypted traffic inspection to ensure patient data isn’t being exfiltrated.
RELATED: How can healthcare organizations create self-aware and secure IT networks?
The Role of Next-Generation Firewalls in Modern Cybersecurity
Next-generation firewalls are one piece of a comprehensive, platform-based approach to cybersecurity. Experts say they should be integrated throughout an organization’s internal systems, not just along the perimeter.
“A lot of what we’re talking about with next-gen firewalls is still predicated on them being a box at the front of traffic flows,” says Tsugranes. “Protocols need to make it down to the application level. That’s way more than just host-based firewalls and intrusion prevention systems. It’s traffic management between application components, containers and functions, which is about as granular as we can get.”
“I see next-gen firewalls transforming to becoming a distributed firewalling solution,” says Rick Miles, vice president of product management, cloud and network security at Cisco. He notes that IT professionals must consider “how to ensure security at each layer, from a box at the edge of a data center to applications deployed in the cloud.”
For example, imagine that a workstation in a radiology unit is infected by ransomware, and a hacker tries to use this vulnerability to access other parts of the hospital’s network. A distributed firewall with a microsegmentation policy could isolate the radiology workloads and prevent the hacker from reaching other critical systems, such as the EHR.