Never without my Proxy: the love story of Firewalls and Proxies in business
Can a firewall really be effective in terms of web security without a standalone proxy? At Olfeo, 100% of our customers have a firewall. They recognize that their protection against new cyber threats is much better since the proxy and firewall effectively share detection tasks while remaining fully integrated and complementary to each other. We could even call it a true symbiosis or a love story, but why is that?
Olfeo invites you to browse this guide dedicated to the link between proxies and firewalls to better understand the differences, but also the advantages of these two security devices:
If, after reading this guide, you still have questions about proxies and firewalls, as well as the best solution for businesses to block online threats, contact one of our cybersecurity experts.
Proxy & Firewall: what are the fundamental differences?
While firewalls and proxies are undoubtedly the two cornerstones of any cybersecurity strategy, they serve two very different purposes, and it is important to let each one do the job it was designed to do.
The purpose of a firewall is to manage incoming and outgoing traffic between the internal computer network and external networks, whether they are open (the web) or protected (VPN for Virtual Private Network). Without a firewall, all servers and workstations on the local computer network would be directly "exposed" to web traffic coming from outside. It is easy to understand why it is the first fundamental step in the cybersecurity tool pyramid, as it acts as an intermediary between the internet and the internal network to control all access and authorize or deny passage. No company would take the risk of not deploying a firewall, as this would amount to directly exposing its IT resources to cyberattacks.
The proxy has an additional role of controlling, optimizing, and filtering web traffic. Originally designed to control and filter outgoing traffic by managing advanced caching to optimize bandwidth, the proxy quickly became indispensable for filtering users' internet browsing by category and URL in order to ensure protection against advanced web threats and legal and cultural compliance of internet use within the company.
Why should the filtering proxy be separated from the firewall?
Ensuring the security of an information system is like building a chain made up of different pieces of equipment, whose strength depends on its weakest link.
While for cost reasons, CIOs may previously have been tempted to consolidate all traffic control and filtering functions within the firewall, which sometimes included a proxy filtering option added to the UTM (Unified Threat Management), this is no longer possible today.
Indeed, the evolution of the nature of web traffic (HTTPS) and the ever-increasing sophistication of cyberattacks (polymorphic malware codes) reinforce the importance of filtering and therefore of the proxy. This now justifies the separate implementation of a standalone proxy, but one that communicates with the firewall if we really want to create a trusted web environment for the company's users:
Indeed, the standalone proxy provides a much higher quality content filtering solution: it integrates many more features, as shown in the examples in the diagram, as well as a greater wealth of categories and URLs in its database.
The analysis of HTTPS traffic is the responsibility of the Proxy in order to maintain the reliability of the Firewall.
We now know that SSL decryption on a firewall can result in performance losses of up to 74% (NSS Labs, John W. Pirc, Significant SSL performance loss leaves much room for improvement).
With HTTPS encrypted traffic constantly on the rise, it is important to filter it with a standalone proxy to avoid compromising the firewall and your web security chain.
The consequence is that when the firewall is saturated, it is no longer able to analyze all traffic and therefore allows some potentially dangerous traffic to pass through.
The proxy provides more granular filtering capabilities and advanced features.
Another advantage of using the Proxy is that it allows you to use more detailed categories from its database to display information messages to users about their internet usage, thereby making them more aware of new cyber threats. This equipment allows for whitelisting, considered the "highest" level of web security. This means only allowing access to content already recognized in your web filtering publisher's URL database. A comprehensive database is required to do this, and a minimum of 96% recognition of the websites visited by your users is recommended.
Managing authentication through the proxy rather than the firewall
Keeping logs of users' Internet usage is a legal requirement. The standalone proxy allows you to manage filtering policies by user or user group, so it is preferable for user identification by the proxy to take priority over the firewall.
This is especially true given that the traditional scope of the corporate network now extends to mobility, and users of smartphones or corporate mobile devices must have the same permissions and/or protections outside the company as they do inside. Only a standalone web-facing proxy can handle this function and provide the expected analysis and reporting tools for internet usage.
The impact of new cyber threats on proxies and firewalls
The latest example of why the filtering function of the standalone proxy must be at the heart of a corporate security strategy is DDoS (Denial of Service) attacks, also known as massive attacks by thousands of "zombie" machines designed to bring down the firewall in order to breach the security of the computer network.
The attacks by the Anonymous group on the websites of companies such as PayPal, Visa, and MasterCard are still fresh in the minds of all CISOs (Chief Information Security Officers). Aproxy in addition to the firewall thereforeprovides greater redundancy in protecting the company's information system.
It is therefore important today to relieve the firewall of all tasks that are not within its remit and to integrate a standalone proxy if you want to create a trusted web environment in your company.
Integrating a standalone proxy with the firewall is a priority in terms of cybersecurity.
Firewalling on one side and web traffic filtering by a standalone proxy are now both a priority and a best practice in terms of cybersecurity.
Given the ingenuity of malware and the rapidly increasing sophistication of certain phishing emails, the specialization of a standalone proxy is a real asset thanks to the quality of its URL database and the granularity possible for filtering operations. Not to mention the anti-virus analysis capabilities in redundant flows of those performed on workstations by traditional anti-virus software.
Having a standalone proxy in addition to the firewall could cost less than having a single piece of equipment.
With bandwidth usage increasing by 10 to 20% each year, it is often necessary to purchase new firewall equipment over time. With this in mind, it seems more reasonable to invest in a dedicated proxy from the outset, rather than investing large sums of money on a regular basis.
You can't choose a Swiss Army knife and expect it to be as effective as if you had taken each of the tools it contains separately... This brings us back to the eternal debate of generalist vs. expert: is it better to be a jack of all trades or an expert in one field?
To better illustrate the dilemma, would you choose a Swiss Army knife to equip your brand new kitchen? Or would you rather opt for a set of complementary knives?
The same applies to UTMs. While they are easy to use because everything is in one place, they cannot be expected to offer the same level of quality as dedicated equipment, particularly that of a standalone proxy.
Integrating a dedicated proxy such as Olfeo's into your firewall is very easy.
Indeed,the integration of the Olfeo standalone proxy with your firewall is now completely reliable and secure thanks to the use of standardized connectors with the leading firewall solutions on the market.
Why choose Olfeo's dedicated proxy rather than an all-in-one UTM?
Are you still hesitating betweenpurchasing an all-in-one UTM or a dedicated proxy? For your company, it is essential that you choose a solution whose security performance will not disappoint you. That's why it's better to opt for a proxy rather than an all-in-one UTM.
An additional security layer for more effective filtering
Our customers chose Proxy because they felt more confident with an additional security layer that focuses on filtering requests and, more generally, web traffic and content.
Although the Firewall is an essential component, security will be much more optimal by adding a second one, namely the Proxy.
Effective filtering ensures optimal Internet browsing, but also efficient use of applications for employees, even when they are not on site. In fact, in a context of increasing decentralization of working methods, the use of proxies is even more appropriate for blocking malicious requests and content: while VPNs can be complex to install for employees and can cause slowdowns or malfunctions, this is not the case with a dedicated proxy such as the one developed by Olfeo.
A local database for more effective filtering
Another potential issue with using an all-in-one UTM is the quality of theURL database. This is often generic, which is not the case with the Olfeo database, for example, which is local and French. The level of filtering is therefore not as fine with a UTM as with a local proxy server.
If you want to invest in truly effective protection for your company, it is therefore preferable to choose a proxy-type solution.
What are the features of the Proxy developed by Olfeo?
Are you considering investing in the filtering proxy developed by Olfeo? We invite you to learn more about its advantages over other solutions on the market so that you can better understand how its performance is suited to your company's requirements.
A qualitative database
Olfeo provides advanced web traffic filtering. Impossible to bypass, our filtering proxy is renowned for blocking anything that should not be on your employees' devices: in addition to increased security and the assurance of effective legal protection, Olfeo also promotes employee productivity.
To achieve this result, the filtering proxy server developed by Olfeo uses a high-quality database. This database is based on 9 themes and 100 categories for truly sophisticated filtering. This filtering can also be customized according to employee profiles: our solution's settings allow certain categories of users to be given privileges, always in compliance with current regulations.
A granular filtering policy
With Olfeo, your company's filtering policy can be tailored to the specific needs of your business or industry. Our numerous settings allow you to adapt the filtering policy according to time slots, volume quotas, and override capacity.
Trust-Centric Technology
With Olfeo, your company's filtering policy can be tailored to the specific needs of your business or industry. Our numerous settings allow you to adapt the filtering policy according to time slots, volume quotas, and override capacity.
Powerful employee authentication
Our proxy is based on employee authentication through Active Directory or ADFS. This means that only authenticated users can submit requests and receive the requested content: our filter will block those who are not recognized, providing an additional layer of security.
An analysis and reporting module to further enhance system security
For professionals responsible for securing your network, having access to an analysis and reporting module can make all the difference.
Among the many advantages of our Proxy server, this one is particularly interesting: it is essential for better understanding the web usage of your company's employees. Once the data has been collected, it is easier to analyze it in order to identify risks and attacks.
I want to learn more about the Olfeo proxy server.
Are you intrigued by the benefits of the Olfeo Proxy Server? Are you considering installing our solution as an additional security layer in your information system? If you would like to learn more about our solution, our cybersecurity experts are at your disposal.
Who is the Olfeo Proxy server intended for?
First and foremost, you may be wondering whether the Proxy developed by Olfeo is suitable for the requirements of your industry. Although our filtering tool can be installed in any company, it meets the high security requirements of:
- Local authorities: town halls, intermunicipal bodies, communities of municipalities, etc.
- Healthcare facilities: hospitals, clinics, university centers, etc.
- OIV and OSE: operators of vital importance and operators of essential services.
What do these different organizations have in common? They are highly vulnerable to cyberattacks and therefore have a high security need.
Data confidentiality is also a key concern for these organizations. In addition to blocking threats and ensuring optimal online protection, our filtering system complies with current regulations in France, particularly with regard to the GDPR. With Olfeo, user data confidentiality is therefore guaranteed.
What's more, our filtering proxy can be installed on any information system, including those running on Windows and Mac. So, if your employees use a device (computer, tablet, or smartphone) with iOS, our filtering proxy can secure its use with all the performance you would expect.
Request your free trial
The easiest way to find out if our filtering proxy is right for your business needs is to request a free trial. If you are looking for a solution to block online threats with optimal performance, you can contact our team to:
- Request a demonstration
- Request a free trial
In both cases, you will discover the many advantages of our web traffic filtering solution. Once you have a better understanding of how our tool can block content that does not comply with your company's filtering policy, you can trust it to ensure the cybersecurity of your information system.
Contact an Olfeo advisor to identify weaknesses in your system.
À l’heure actuelle, votre société est équipée d’un bon Firewall, mais cela n’a pas empêché les utilisateurs du réseau de faire face à des contenus inappropriés ou à des attaques en ligne ? Pour sécuriser la navigation, votre établissement a également besoin d’un serveur Proxy filtrant. Complémentaire au Firewall, il agit comme un intermédiaire entre l’utilisateur et les contenus trouvables en ligne ou disponibles sur les applications indispensables au travail des collaborateurs. If there is one thing you should remember from this guide on proxies and firewalls, it is that these two solutions are complementary. If your goal is to maximize the security of your company's information system and network, you need to invest in both of these security components. Becoming an Olfeo customer does not mean abandoning your firewall. On the contrary, a proxy primarily provides effective protection where your firewall is not performing optimally.
Dans ce contexte, vous envisagez d’investir dans le Proxy filtrant développé par Olfeo ? La première étape pour notre conseiller sera d’identifier les failles de votre système afin de vous conseiller la solution adaptée aux besoins spécifiques de votre société.What should you remember about the relationship between proxies and firewalls?
Contact your Olfeo advisor for more information about our proxy filtering server and its advantages for securing your network users' online browsing.
Of course, once you become an Olfeo customer, we will assist you in defining the device settings: configuring your proxy according to your company's specific needs is essential. This is a preventive measure of the utmost importance. We can also educate your employees on cybersecurity best practices through our e-learning platform.