Security

Next-Gen Firewalls Supply Detailed K–12 Network Access Control and a Big-Picture View

District leaders and IT professionals can deploy NGFWs to determine what applications are doing — not just what they are.

Erin Brereton

Twitter

Erin Brereton has written about technology, business and other topics for more than 50 magazines, newspapers and online publications.

K–12 institutions face dual cybersecurity concerns: the need to protect student data, such as social security numbers, and ensure school-provided devices access only appropriate material.

To monitor network activity and safeguard information, some districts are utilizing next-generation firewalls, which offer an in-depth way to examine and manage elements, including the ability to inspect data within packets, instead of just scrutinizing items at the TCP/IP level, says Lou Norman, technical solutions architect at Cisco.

“The main purpose for a lot of old firewalls was to allow traffic to specific ports,” Norman says. “Next-gen firewalls can see more attacks and better identify what may be happening, rather than just ‘can this packet go forward or not?’”

Advantages to Next-Generation Firewalls: Enhancing Schools’ Defense Against Complex Threats

Advanced features such as device, user and content identification provide a level of granularity that can be key in today’s cybersecurity environment, where relying on administrator-determined policies and known threat signature identification alone won’t provide enough protection, according to Fadi Fadhil, cybersecurity strategist at Palo Alto Networks.

“You’ve got bad actors acting differently now,” Fadhil says. “They’re leveraging automation, machine learning and AI; the unknown threats are happening so fast, you cannot update those signatures fast enough. A modern firewall uses machine learning and AI the same way bad actors do, to examine the behavior of that threat to decide whether it’s malicious or safe traffic.”

Next-gen firewall solutions may also incorporate regular security information updates, according to Lisa Plaggemier, interim executive director of the National Cyber Security Alliance. Their integrated intrusion prevention system capabilities can potentially serve as an alternative to a stand-alone IPS.

The minute you bring something to market, it’s already out of date because things are changing so quickly in security.”

Lisa Plaggemier Interim Executive Director, National Cyber Security Alliance

“You’ve got a level of network monitoring now that’s built into the firewall, and external threat intelligence,” Plaggemier says. “The minute you bring something to market, it’s already out of date because things are changing so quickly in security. So, having that communication with a threat intelligence network can help people keep their information up to date to identify bad actors.”

Next-Gen Firewalls Boost Bandwidth and Block Restricted Content

In addition to malware protection, NGFW application-layer controls can also help schools maximize bandwidth capabilities. For example, they might limit video streaming to teachers who use it for lesson planning, while giving bandwidth precedence to online testing so streamers don’t compromise students’ test-taking experience.

“It might allow somebody to look at Facebook, but maybe not play games on it,” Norman says. “A lot of our schools do content restriction.”

Having intrusion detection and prevention and content provisioning in a single platform also enhances network visibility, Norman says, which can help facilitate system management and cyberthreat prevention efforts, even for K–12 schools that don’t have an extensive IT staff.

“In a lot of ways, it simplifies what admins have to do,” he says. Some NGFWs can show “what web browser versions are running on the network, or where schools seem really vulnerable.”

A robust level of protection may be necessary, Fadhil says, because today’s cyberattacks are increasingly nuanced and more applications were adopted to facilitate remote learning during the pandemic, increasing students’ online exposure.

Schools Benefit from Embracing a Single-Pane-of-Glass Cybersecurity Approach

When considering which specific next-gen firewall product to implement, Fadhil advises schools to look for a technology platform that can meet their evolving needs.

“Then you’re not limited by a solution that — when you need to go to the next level, and the next level after that — requires you to have multiple products when you have limited staff to learn, use and manage them,” Fadhil says. “It’s like wiring each room in a house differently, then needing an adapter for each room. The key here is a platform that’s integrated — you stay within the platform when you graduate to the next level.”

408

The number of publicly disclosed K–12 cybersecurity incidents in 2020, 18 percent more than in 2019

Source: K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, “The State of K-12 Cybersecurity: 2020 Year in Review,” March 2021

Older firewalls aren’t completely obsolete; some components, such as enforcing admin policies and signature detection, may still be part of a school’s comprehensive cybersecurity approach, even if it has a state-of-the-art next-gen firewall in place.

But opting for an NGFW solution over the traditional firewalls that were used in the past — which Fadhil likens to a physical gate that could keep some intruders, but not all, from entering school grounds — can offer heightened protection by determining precisely who’s coming in, where they’re planning to go and why.

“The main gate alone is not enough; you still have a back door and doors within the school,” Fadhil says. “A next-gen firewall stops bad traffic by going a layer deeper, inspecting the traffic from within, not just at face value. Having a next-gen firewall is not an option anymore, it’s a must.”

MORE ON EDTECH: How schools can take cybersecurity measures to protect data and IT resources.

shironosov/Getty Images