I have endpoint protection, why do I need a firewall?

Sometimes we in the IT business can be our own worst enemies. Allow me to explain with an example:

IT security provider: “You need a next-generation firewall!”

Client: “Can you explain why?”

IT security provider: “Because it will protect you against threats such as ransomware!”

Client: “Excellent, we’ll have one of those please.”

IT security provider: “Super! You also need next generation endpoint protection.”

Client: “Can you explain why?”

IT security provider: “Because it will protect you against threats such as ransomware!”

Client: “So two products to protect us against the same thing yeah? Why do I need that?”

IT security provider: “It’s just the way we do things in these parts. Sign here please.”

Client: “*door slams*”

IT security provider: “Hello? Hello?”

Us techies can be guilty of shouting from the rooftops about the more headline-grabbing features of any particular security solution, and with malware (and more specifically ransomware) still very much in the forefront in the minds of business owners, it’s easy to see why we do this. We want our clients to have the best protection for their businesses and business data to be safe and for them to be able to sleep well at night, knowing that the bad guys are being held at bay.

What we need to make sure we do is fully explain the breadth of functionality our products offer; firewalls and endpoint protection (what we used to call anti-virus) are a prime example of an area where security professionals can sometimes fall short. Yes, most businesses put these solutions in place for broadly the same reasons (keeping the bad guys at bay), but we’re often asked, “do we need both?”

The answer is a resounding yes and the reason for this is two-fold. While both share common functionality (e.g. malware detection, web protection etc.):

  • they offer that functionality at different levels
  • each has its own unique set of capabilities not found in the other solution.

Let’s take each of those in turn.

Belt and braces

Both endpoint protection and firewalls can offer malware protection, and while that may seem like you’re paying for the same thing twice, let’s consider the example of a piece of website-borne malware; wouldn’t you rather it was stopped at the firewall (which is the device that sits between your business network and the big, bad internet) before it gets to your machine?

Imagine a friend with a nasty cold shows up at your front door unannounced looking for a cup of tea and a chat; wouldn’t you rather send them on their way without opening the front door or would you rather let them in and hope that you’re lucky and they don’t sneeze in your direction and make you sick? Maybe that’s not the best example, as I’m sure all your friends are lovely and you’d be happy for a chat and a cuppa whatever the circumstances, but you get what I mean – it’s the virus you want to avoid.

The same principle goes for malware; far better you catch it before it actually gets inside your network. Yes, good quality endpoint protection on your servers, desktops and laptops should stop most threats, but given how costly these attacks can be, it’s better to employ multiple levels of protection to guard against a fault in a single level.

Not just a one-trick pony

The next reason you need good endpoint protection and good firewall protection is that each of these solutions can do much, much more than just malware detection.

Taking the Sophos XG Firewall as an example, this device can provide – in addition to scanning for malicious traffic – features such as wireless networking, VPN and remote access services, intrusion protection, web content control and monitoring, application control… the list goes on.

Similarly, with Sophos Intercept X Advanced, beyond malware protection (which it’s really very good at), it also provides services such as data loss prevention, anti-ransomware and peripheral control and more.

As Jimmy Cricket used to say, “there’s more…”

So, we’ve seen that using quality firewall and endpoint protection products at the network perimeter and server/desktop/laptop-level respectively provides many services beyond the all-important anti-malware aspect. But there’s one other feature, available when you combine Sophos XG Firewall with Sophos Intercept X Advanced endpoint protection, that seals the deal.

Sophos Synchronised Security, using the Sophos Heartbeat, allows the XG Firewall and Sophos Central to actively and continually communicate with each other in order to co-ordinate their response when a threat is detected. This is a level of integration we could only have dreamed of only a few short years ago, and hugely boosts protection levels.

Take an example where someone plugs in a USB drive they’ve brought from home into their work laptop, not knowing that the less-than-perfect anti-virus they use at home has allowed the Word file they’re about to open become infected with malware. As soon as that file is opened up on the work laptop, the Sophos Central endpoint protection will pick up that something’s not right and will set about closing down the threat down to prevent any damage.

At the same time, the Sophos Heartbeat will send a message to the Sophos XG Firewall to let it know there’s a potentially compromised device on the network. The firewall can then isolate that machine on the network to prevent the spread of any potential infection and the exfiltration of any data until the device has been checked over and confirmed to be clean. Quite a neat trick.

It takes two, baby

To sum up then, when it comes to protecting your systems there are many, many solutions you can put in place but putting down a good cyber-security base begins with a top-notch firewall product such as the Sophos XG series and tried and tested endpoint protection Such As Sophos Central Intercept X Advanced both working, in tandem, to keep you safe.

Sure, you can dance on your own but isn’t it much better with a partner?

Find out more about TSG’s IT security solutions

Check out some of my other blogs on IT security: