How a Firewall Works
Firewalls come in a few different forms. All firewalls have packet filtering capabilities, where they inspect the headers of network packets and apply rules based on those headers. For example, a packet-filtering firewall could block traffic from a particular IP address or only allow devices within the protected network to access certain services.
Next-generation firewalls (NGFWs) integrate additional security capabilities on top of packet filtering. For example, NGFWs commonly integrate intrusion prevention system (IPS) functionality, which provides protection against brute-force password guessing, denial-of-service (DoS) attacks, or exploitation of vulnerabilities in the applications behind the firewall.
Firewall Features and Benefits
A modern NGFW is designed to protect against many of the threats that companies face today. In addition to packet-filtering capabilities, an NGFW’s capabilities commonly include the following:
- Network segmentation
- Access control
- Remote access VPN
- Email security
- Web security
- Data Loss Prevention (DLP)
- Intrusion Prevention Systems (IPS)
- Sandboxing
This wide range of built-in functionality enables NGFWs to provide strong protection against cyber threats. It also provides additional benefits:
- Network Segmentation: The purpose of a firewall is to define a network boundary over which traffic can’t flow without undergoing inspection. This enables an organization to both divide its private network from the public Internet and to define internal boundaries within its network to protect against unauthorized access to corporate resources.
- Threat Prevention: Firewalls identify and block malicious content at the network boundary. By blocking malicious traffic before it reaches its destination, firewalls eliminate the risk to the organization.
- Network Routing: In addition to protecting the organization against cyber threats, firewalls also integrate networking functionality. For example, a firewall performs network routing, implements network address translation (NAT), and can act as a virtual private network (VPN) endpoint.
How an Antivirus Works
Antivirus programs commonly use signature detection to identify malware on a host or server. When a new malware variant is identified, security researchers extract unique identifiers or a signature for the malware. This signature is then distributed to antivirus programs via signature updates. When an antivirus is inspecting a file, it compares it against its database of malware signatures. If it finds a match, then the antivirus may quarantine or delete the malware based on the endpoint security policy.
Antivirus Features and Benefits
Antivirus programs are designed to protect endpoints against malware. Some of the key benefits that they provide include:
- Malware Detection: Antivirus programs are designed to scan an endpoint and identify malware on the system. This functionality enables an organization to respond to infections that slipped past other, preventative security controls.
- Quarantine: Antivirus can place identified malware in quarantine, eliminating the risk that they pose to the endpoint. This can be useful since it allows the identified malicious files to be inspected before being entirely deleted.
- Automated Remediation: Antivirus solutions commonly have the ability to automatically remediate an identified malware infection. This automated eradication by a trusted antivirus is the best way to clean malware from a system without restoring from backups or wiping it entirely.
Firewall vs. Antivirus
Firewalls and antiviruses are both designed to protect an organization’s systems against cyber threats. However, they have a few key differences, including:
- Deployment: Firewalls are mainly deployed at the network level while antivirus is primarily an endpoint security solution. It’s important to note that there is some overlap. Firewalls can include network-based inspection of files and web traffic for viruses. Likewise endpoints can include a host firewall.
- Data Inspected: Firewalls inspect network traffic, identifying and blocking malicious traffic before it enters the protected network or endpoint. Antivirus solutions scan the files on a particular endpoint for signs of malicious content or signature matches.
Firewall and AV security with Check Point
Firewalls and antivirus solutions protect the organization against cyber threats in different ways. An effective defense-in-depth strategy integrates both, using firewalls with integrated anti-virus to prevent most threats at the network boundary. For more granular device-level controls, an endpoint security solution that automatically remediates malware that makes it onto an endpoint can also provide a deeper forensic analysis of how the malware infection occurs and operates. Learn more about securing the endpoint in this buyer’s guide to endpoint security.
Check Point’s NGFWs provide multilayered protection against cyber threats which includes integrated anti-virus. In addition to NGFW functionality, Check Point firewalls also integrate sandboxing functionality to identify unknown and zero-day malware and Content Disarm & Reconstruction (CDR) technology which removes active content from files. This provides users with safe files in seconds while the file is run and analyzed in a virtual sandbox in the background for malicious behavior.
Learn more about selecting an NGFW to meet your organization’s needs in this buyer’s guide to NGFWs. Then, feel free to sign up for a free demo to see the capabilities of Check Point NGFWs for yourself.
Feedback