Choosing a firewall is no trivial matter, especially for a small business with a limited budget. Chances are, the firewall you decide to buy will be your first line of defense. So, not only would you want to get the best value for your money, but you also want that firewall to be effective.
In this article, you’re going to learn how to choose a firewall the right way. I understand you can’t have just any firewall that’s out there. As a key decision-maker or IT manager of a small business, you’re likely facing budgetary, staffing, and talent constraints that large enterprises aren’t bothered with. That’s why I’m going to tailor this “choosing a firewall” article just for you.
Before you do anything else, do you know why you’re choosing a firewall in the first place? What does a firewall do? Let’s get that out of the way first.
Brief Overview of Firewalls
Generally speaking, a firewall inspects packets and determines, based on a set of rules, whether to allow those packets to pass or to block them. You can define these rules yourself. On the other hand, in the case of a modern firewall, you can ask security experts from the company that built the firewall to define these rules. But why is the capability of allowing and blocking packets important?
It’s important because some of those packets might be malicious in nature. They might be scanning your network for open ports to exploit. Furthermore, they might be carrying malware. A threat actor can easily use the network to gain access to your systems. Hence, you need to identify and prevent these malicious packets from entering.
Some malicious packets can also originate from within your network. This can happen when, say, one of your hosts is already infected with malware. That malware may attempt to connect to its Command and Control (C&C) server. In case you didn’t know, this is a server that malware transmits stolen data to or receives commands from.
To sum up, the ability to block both inbound and outbound threats is the main reason why you’d buy a firewall. So now, I’ve established what a firewall does and why you’d need one. It’s time to proceed with the next steps that can help you in choosing a firewall for your business. You have many factors to consider. Some of them rely on specific firewall features, so let’s talk about those features first.
Understanding the Main Features of a Firewall
Different types of firewalls have different sets of features, but let’s start with the most basic ones. When you buy a firewall, there’s a good chance it’ll already have these features included:
Packet filtering is the most basic feature you’ll ever find in a firewall. It inspects packet header data and compares it with the firewall’s set of rules to determine if the inspected packet can pass through or not. A firewall that can only perform packet filtering is affordable, fast, and efficient. However, it’s not enough to counter sophisticated cyberthreats. You may use it to isolate mission-critical hosts from the rest of your network. In short, you shouldn’t rely on it to secure your entire network.
Usually working in tandem with packet filtering, stateful inspection records packet header data to determine the state of a connection. This enables it to, for instance, determine whether or not a packet is part of an open connection. If it isn’t, the suspicious packet gets blocked. Firewalls that have this feature can dynamically open and close ports based on the connection’s state. You can use this to your advantage to help reduce your exposure to threats that target open ports.
Some firewalls have built-in router functionality (and vice versa, some routers have firewall functionality as well). This means that, aside from being able to filter traffic, they can also direct traffic to where they’re supposed to go. However, if you have several hosts behind that firewall, I’d recommend you use a dedicated router for routing traffic.
Now that you’re familiar with the common firewall features, let’s talk about features that are nice to have and worth your consideration when choosing a firewall.
Understanding Other Firewall Features
In the previous section, I only focused on the most basic firewall features. You can’t do a lot of protection if you only rely on those capabilities. If you’re looking for the best small business firewall for your organization, you should look beyond the basics. Here are the top 8 features you should be looking for when choosing a firewall.
1. Deep Packet Inspection
Deep packet inspection (DPI) inspects not only packet headers but also their payloads. Proxy firewalls and Next-generation firewalls (NGFWs) are the types of firewalls that support this capability. In NGFWs, the DPI module usually works in tandem with the intrusion detection system/intrusion prevention system (IDS/IPS) module to identify viruses, worms, and other malware. Because those threats can be really disruptive, and even destructive, you’ll want to choose a firewall that supports this capability.
2. DDoS Protection
Massive distributed denial-of-Service (DDoS) attacks can disrupt your business operations and prevent your users from getting through (see FAQ below for more details). DDoS protection is a feature designed specifically to mitigate these types of attacks. If you have a public-facing service and can’t afford it to be unreachable to customers/users, this is one feature you need to seriously consider.
3. Virtual Private Network
Virtual Private Network (VPN) functionality uses encryption to protect network connections from eavesdroppers or man-in-the-middle attacks (see FAQ for more information). If you have several users (e.g., remote workers or satellite office workers) connecting to your network through the Internet, a firewall with VPN functionality can be very useful.
4. Email Spam Filtering
Spam emails aren’t only a nuisance; they can also be harmful if they link to malicious sites. Some firewalls readily support email spam filtering, which can detect spam emails and prevent them from reaching your users’ inboxes. If left unchecked, spam emails can fill up these inboxes with spam in no time and can even increase the risk of malware infections. That’s why I’d recommend you look for this feature when choosing a firewall for your company.
5. Web Filtering
Web filtering prevents users from visiting malicious websites. You need this capability because users usually can’t tell if a site is malicious or not. If they land on a malicious site, they could end up downloading malware or, unwittingly, share personal data. If you ask me, I’d rank email spam filtering and web filtering on the same level of importance.
6. Intrusion Detection System/Intrusion Prevention System
A key feature in most NGFWs, an intrusion detection system/intrusion prevention system (IDS/IPS) helps out with threat detection. It uses pattern matching, anomaly-based, heuristics-based, and other methods to discover indicators of threats in packet information and behavior. You can use this advanced feature to detect potential threats that might be able to evade traditional firewall features such as packet filtering and stateful inspection.
7. SSL/TLS Encryption/Decryption
SSL/TLS encryption/decryption is a feature that allows a firewall to decrypt SSL/TLS-encrypted connections, inspect their contents, and then re-encrypt them as they pass through. You can use this feature, which is available in most NGFWs, to automatically inspect and detect malicious content that might be hiding in encrypted connections.
8. Malware Scanning
Here’s another feature you’ll often find in NGFWs. Malware scanning helps you detect malware in your network connections. By detecting malware at the network level, you can prevent them from infecting your hosts and other endpoint devices inside your network.
When it comes to choosing a firewall, or the best one specifically, for your organization, it’s not enough to choose based on features. As I indicated earlier, you have several other factors to consider. Let’s talk about those other factors now.
Other Factors to Consider When Choosing a Firewall
As a key decision-maker of a small business, you should be looking at several criteria before choosing a firewall. How much does it cost? What’s the size of your organization? Do you require remote access? These are just some of the questions you’ll have to ask yourself before choosing a firewall. Let’s discuss these factors in more detail.
How Much Does It Cost?
The price of a firewall can range from less than a hundred dollars to more than a hundred thousand dollars. Yes, that range is pretty broad. But once you have a budget ready, it should be easier to narrow down your list. Here are a few examples of firewalls and their respective prices as of this writing:
|TP-Link ER605||This is an example of a router with built-in firewall features.||$60|
|Ubiquiti Networks EdgeRouter X||This is another example of a router with built-in firewall features.||$246|
|Fortinet FortiGate 40F||This is an entry-level next-generation firewall.||$590|
|SonicWall TZ370 TotalSecure||This is a more advanced NGFW than the one above.||$1,031|
|Cisco Firepower 4115||This NGFW is mostly used in data centers.||$150,297|
Just remember that you should also factor in the potential costs of getting hit by a cyber incident. How much could you end up spending if you suffer from a data breach, a ransomware attack, or a lengthy downtime due to a DDoS attack? Take those into consideration before limiting yourself to a particular price range.
What Is the Size of Your Organization?
Another reason to consider the size of your organization is that, if you have a small population, you have the option to choose a software-based firewall. You can install software firewalls on many endpoint devices (e.g. laptops, PCs, tablets, phones, etc.).
However, if you have a large organization with a large number of endpoint devices, you should go for a hardware-based firewall. Our article on the different types of firewalls can give you an idea of how these two types differ.
What Are Your Top Cybersecurity Threats?
The primary purpose of a firewall is to defend your network against cyber threats. However, not all cyber threats that are out there can impact your network as much as they would other networks. Therefore, you should pick a firewall that’s effective against your biggest threats. Here are a few examples of some of these threats to illustrate what I mean:
DDoS attacks (see FAQ below for more details) are a big threat to networks that host mission-critical services. For example, let’s say you have a public-facing file transfer server in there that supports all your electronic business transactions. If that server becomes inaccessible, your main business operations could grind to a halt. That’s completely unacceptable.
Thus, because a DDoS attack can render that server inoperable, you should consider choosing a firewall that has DDoS protection capabilities. However, the same argument won’t apply to a network that’s not directly connected to the internet or that doesn’t have any mission-critical service running in it.
Will you be storing or processing a large number of sensitive data behind your firewall? If that network holds intellectual property information or data covered by regulations such as HIPAA or PCI DSS, you’ll need some kind of Data Loss Prevention (DLP) mechanism. A DLP can detect sensitive data and prevent them from leaking out of your network.
Because firewalls are usually positioned at the entry and exit points of your network, they are ideal for providing DLP functionality. If you deal with a lot of sensitive data, a firewall with DLP features is definitely worthy of consideration.
MITM Attacks and Malware Hiding in SSL/TLS Connections
Man-in-the-middle (MITM) attacks (see FAQ for details) can put sensitive data such as usernames and passwords at risk. If you have any reason for concern about these attacks, you can use SSL/TLS to secure your network connections.
However, there’s a hitch. An ordinary firewall won’t be able to inspect SSL/TLS-encrypted packets. Other threat actors can then abuse this limitation by hiding malware and C&C communications in those encrypted packets. Don’t worry, as you’re able to address both threats (the MITM and the encrypted malware). You can do this by using a firewall that’s capable of encrypting/decrypting SSL/TLS connections, inspecting the content, and then re-encrypting them before sending them along.
Now here’s one threat that can inflict severe damage on any kind of network. Ransomware can cause serious downtime as well as data loss (by way of file corruption). What’s more, the incidence of ransomware attacks has been quite high lately. In a report published last year, enterprise security vendor Fortinet disclosed that ransomware incidents increased by 1100% over the past twelve months prior to the report. So, from a risk perspective, ransomware poses a very high risk to businesses.
A firewall equipped with DPI, email spam filtering, web filtering, IDS/IPS, and malware scanning, is your best bet. Wondering how to choose a firewall that can mitigate the risk of a ransomware attack? Pick one with those capabilities. Let’s now go back and continue discussing the other important factors.
What Does Your Internal Network Look Like?
The diversity of your internal network can also influence your choice of firewall. If your network consists of a broad array of devices and platforms, it might be unrealistic to choose a software or host-based firewall. Remember that most software firewalls are platform-dependent. A firewall built for Windows may not support Mac, Linux, iOS, or Android devices. In fact, a firewall built for a Windows desktop operating system (OS) might not run on a Windows server OS.
So, that means if you go the software route, you’ll have to deal with the installation and configuration intricacies of each OS. Do an inventory of your IT environment. If it has a high degree of diversity, you might want to consider choosing a hardware-based firewall. A hardware-based firewall runs as a separate device, so it won’t care what kind of devices or operating systems you have running behind it.
Do You Require Remote Access?
If you have to support remote workers and other users that require remote access, you must remember that these users could be vulnerable to MITM attacks. While forcing users to stick with SSL/TLS-protected network protocols, such as HTTPS, can mitigate this risk, there’s another option. You can choose a firewall with built-in VPN functionality. As mentioned earlier, a VPN helps with encrypting data.
Does Your Firewall Vendor Provide Good Customer Support?
Sooner or later, your firewall is going to have technical issues. Some of those issues might be too difficult for your designated IT guy to resolve. Some issues can even occur in the dead of the night.
Thus, you need to make sure your firewall vendor has a capable customer support team who can help you out whenever you need technical assistance. If possible, look for 24/7 support if your business operates around the clock, as you’ll never know when your firewall is going to fail or how long it’s going to be down.
And there you have it. Those are the important questions you have to ask yourself before choosing a firewall for your business. But you might be asking, “After I considered these factors, how do I choose the best firewall for my business?” Find out in the next section.
Choosing the Best Firewall for Your Business
Different businesses have different requirements—even for buying something as seemingly mundane as a firewall. Your budgetary requirements, the threats you face, the composition of your internal network, and so on, can be completely different from those of other small businesses.
Thus, no hard and fast rules exist that dictate what the best firewall is for small businesses. There’s no such thing as a one-size-fits-all firewall. Rather, you should look at different factors to determine which firewall is the best for you. Hopefully, the previous sections in this article have helped you in that regard. Let’s wrap up!
The Bottom Line
Knowing how to choose a firewall is something every small business IT leader must learn before setting out to buy a firewall. In this article, I introduced you to all the basic and salient points you need to consider before making a purchase.
You learned about the main motivation for choosing a firewall, some basic and advanced firewall features, as well as several factors to consider. I hope you can use the knowledge you gained today to inform your buying decision. Feel free to refer back to this article in the future should you need to.
Do you have more questions about choosing a firewall? Check out the FAQ and Resources sections below!
What is SSL/TLS?
SSL/TLS stands for Secure Sockets Layer or Transport Layer Security (TLS). They are technologies that protect various application layer protocols such as HTTP and FTP using encryption. Encryption protects data by making them unreadable. SSL is the older technology and TLS is the current one, but most users keep using the acronym SSL as it’s still more widely known.
What is throughput in the context of firewalls?
Throughput, which is usually expressed in Mbps or Gbps, is a measurement denoting how much traffic can flow through a firewall per unit time (usually seconds). The higher a firewall’s throughput, the faster traffic can flow through it. Generally speaking, fast throughputs equate to higher price tags, so that’s something you need to consider. Also, the throughput indicated on a firewall’s datasheet is usually measured with all security features disabled. The actual throughput is going to be much lower than that.
What is a C&C server?
C&C, or C2, stands for command-and-control. These are servers that malware communicates with to send exfiltrated data or to receive commands. Some of these communications take advantage of HTTPS and other protocols encrypted with SSL/TLS to remain undetected.
What is a DDoS attack?
A distributed denial-of-service attack, or DDoS attack, is a network-based attack that’s designed to overwhelm the target’s computing resources. These attacks can slow your network down and prevent legitimate users from connecting to your services.
What is a man-in-the-middle attack?
A man-in-the-middle attack is a cyber-attack where a threat actor intercepts a connection and attempts to extract sensitive data such as usernames and passwords. Network protocols that send unencrypted data are vulnerable to this type of attack.
What is ransomware?
Ransomware is a kind of malware that locks up files or even entire systems by encrypting them and then displays a message demanding ransom. The ransom note usually warns that, should the victim fail to pay at a designated time, the files will be forever encrypted. It’s currently the biggest malware threat out there.
Subscribe to our newsletters for more quality content.
TechGenix: Guide on Enabling Firewalls in Azure
Learn how to enable a firewall and VMs in Azure storage accounts.
TechGenix: Article Featuring the Top Firewalls
Discover the top firewalls for enterprises and SMBs.
TechGenix: Article on Runbook Scripts and Azure Firewall
Learn how to start and stop your Azure Firewall using a Runbook script.
TechGenix: Article on Firewall as a Service
Educate yourself on Firewall as a Service.
TechGenix: More Articles on Firewalls
Explore various articles about firewalls.