BLOG

Firewalls are dead. Really?

December 11, 2024
Cyber news

In presentations and conferences on modern security solutions, one idea is coming up more and more often: "Firewalls are dead (or about to die)." " This observation, popularized by cloud security providers whose goal is to replace firewalls, is certainly provocative, but its origin lies in profound changes in IT architectures: the massive migration of internally hosted business applications to SaaS, remote working becoming the norm, andBring Your Own Device, which requires allowing traffic to and from uncontrolled devices.

However, it is always useful to add a little nuance to these arguments and look beyond what may be seen as a publicity stunt. In this article, we will analyze why physical firewalls are losing ground, while exploring their place in the rapidly changing security ecosystem.

Why traditional firewalls are no longer sufficient

 

1. Architecture powered by SaaS and the cloud

 

Modern IT infrastructures have become widely distributed. Once centered around a well-defined network perimeter, they must now adapt to a world where:

  • Applications are no longer located in corporate data centers but in the cloud (Office 365, Salesforce, Slack, etc., and even business applications).
  • Users access resources from various locations (home, coworking spaces, on the go).
  • The traditional model of routing all traffic to an internal server for inspection significantly slows down performance and increases latency.

Physical firewalls, initially designed to monitor traffic entering and leaving the corporate network, no longer serve the same purpose when 80% of traffic is directed straight to cloud services. This model, widely known as the "castle model," which surrounds the internal network to be protected with impenetrable ramparts, no longer works as effectively when resources are scattered throughout the surrounding villages.

2. Performance promises and reality

 

Another reason that crystallizes current criticism of firewalls is their performance.

Physical firewall appliances often promise exceptional performance on paper, but these figures need to be qualified as soon as additional features are activated, particularly security features such as:

  • TLS decryption: Essential for inspecting HTTPS traffic (now the majority), it often halves the advertised performance.
  • Advanced content filtering: Adds extra load to the processor, slowing down scans.
  • Advanced threat management: Behavioral analysis, malware detection, sandboxing... all features that further strain bandwidth.

This excessive demand also causes premature wear and tear on firewalls, both physically and by causing them to reach their thresholds more quickly, forcing companies to upgrade to higher-end models, which has a significant impact on their business model.

These limitations make physical firewalls ill-suited to meet the needs of a cloud-first architecture where performance and scalability are crucial.

3. Costs and management

 

In addition to technical challenges, physical firewalls involve:

  • High acquisition costs.
  • Regular maintenance (updates, hardware replacement).
  • Complex management, especially in distributed environments.

4. Questions about security

 

Firewalls, although essential for network security, are frequently affected by critical vulnerabilities, identified by CVEs (Common Vulnerabilities and Exposures).

This trend can be explained by the increasing complexity of modern firewalls, which incorporate advanced features such as deep packet inspection, application management, and behavioral analysis. This sophistication broadens their attack surface, increasing the risk of bugs or errors being introduced into their code. Furthermore, their strategic position within network infrastructures makes them prime targets for attackers, as compromising them can provide extensive access to the entire system. Criminals can also easily get their hands on the equipment to dissect how it works.

Factors such as inadequate update processes, aging operating systems, technical debt, inadequate configurations, or the use of vulnerable third-party modules amplify these risks. These challenges underscore the importance of proactive patch management and continuous monitoring to mitigate exposure to zero-day exploits.

Some organizations now view firewalls—and VPNs too, but that's another story—as a security risk.

Should firewalls disappear as a result?

 

Despite these arguments, it would of course be premature to declare the total disappearance of firewalls. Firewalls will continue to have a place in the modern security ecosystem, provided that their role and deployment are reviewed.

1. Specialization of firewalls

 

Rather than managing all network traffic, firewalls could focus on specific uses, such as:

  • Internal network segmentation: Protect communications between critical segments of a network.
  • Protecting on-premises assets: Some companies keep sensitive applications or databases in their data centers that need protection.
  • Securing industrial environments: In OT/IoT industrial systems, a specialized firewall can play a key role.

2. Integration into a hybrid model: Towards a future where firewalls coexist with the cloud

 

Firewalls can delegate certain costly tasks (such as TLS decryption or advanced detection) to cloud services. This preserves performance while taking advantage of the analytical capabilities of the cloud.

The rise of ESS: the answer to new challenges and the new competitor to firewalls

 

Secure Service Edge (SSE) architectures are redefining how network flows are secured. Rather than relying on a physical firewall to inspect and filter traffic, the SSE model transfers these responsibilities to the cloud:

  1. A cloud as a central security point: Web traffic no longer passes through the data center; it is directed straight to a cloud service that manages security (filtering, TLS inspection, threat protection). This eliminates backhauling latency and provides fast, direct connectivity.
  2. Scalable inspection: Unlike physical appliances, SSE solutions rely on scalable cloud infrastructures. TLS inspection, for example, no longer depends on the capabilities of a single box but on the power of cloud servers, offering virtually unlimited scalability.
  3. Universal connectivity: SSE connects users, applications, and networks, regardless of their location. This model fits perfectly into modern environments where users are mobile and applications are hosted in the cloud.

In conclusion, the transition to cloud-first architectures challenges the historical role of physical firewalls. Challenges related to performance, management complexity, and evolving network flows are driving companies to turn to SSE models that are better suited to today's reality.

However, firewalls have not had their final say. By specializing and integrating into hybrid architectures, they can continue to play an essential role in securing IT infrastructures. Rather than declaring them dead, it is time to rethink their usefulness so that they remain relevant in the cloud era.

THE BLOG
Discover our latest articles