total annual losses from firewall intrusion plummeted more than 56 percent from 2002 to 2003. The reduction in financial damage comes even as the number of unauthorized intrusions remained roughly the same. The report attributes the reduction of financial losses to the widespread use of firewalls. Even if the barbarians are banging through the cyber wall, their ability to do damage is diminished.

Firewall Advances

Firewall technology has come a long way in a few short years. “If you go back 10 years, firewalls were routers with filter capabilities. They monitored traffic in and out of a network,” says Al Decker, executive vice president of security and privacy services at Electronic Data Systems Corp. (EDS), in Plano, Texas. “We have moved from the configurable router to appliances—hard-coded devices that are often in concert with wireless and network access points.”

As the range of potential damage from intrusions has increased, firewall technology has become more and more complex. “Firewalls are actually one of the more mature technologies in information security,” says IBM’s Calvert. “Firewalls are becoming more intelligent and broader. It’s more than a single device. There is less redundancy and more depth in firewalls now.”

Firewalls are smarter in how they process information and how they differentiate messages coming from various sources. “The new firewall layers have intelligence and go down to make decisions. They look at the IP address and decide whether you can talk to the system,” explains Frank Prendergast, manager of network certification services at the French manufacturer, Schneider Electric. “You can also go down and decide which application you don’t want browser messages to go through.”

Manufacturers are not significantly different from other companies in their firewall needs. “From a security perspective, the firewall requirements for a manufacturer are no different than the requirements of a financial corporation,” says Schneider’s Prendergast. “You have to make sure that nothing enters the system and causes disruption, so we train our security team on the needs of industrial control.”

Manufacturers have some common hurdles that make security difficult. They tend to have older IT systems that have been cobbled together over a couple of decades of acquisitions. “The biggest challenge for manufacturers is consolidation and working with legacy systems,” says Camille Milfort, director of quality assurance, IP Services, at Lucent Technologies Inc., in Murray Hill, N.J. “Companies are coping with legacy systems and consolidating equipment on their networks.”

Once manufacturers begin applying firewalls to their systems, they need to pay attention to the rule sets embedded in the firewalls “It’s not the firewall that matters—it’s the rule set deployed by the firewall,” explains Cisco’s Platon. “In the mainframe days, you had a rich language for access.” According to Platon, things have become a lot more complicated. “Now you’re going to limit a set of traffic to a particular segment, and once it gets there, you’re going to control what it can do.”

What’s next?

The need for complex firewall rules is the next generation of security. “Earlier it was a matter of securing the castle—who can I keep out?” explains Colleen Niven, vice president, technology research, at Boston’s AMR Research. “Now, manufacturers want to control where the good guys can come in.”

Firewall technology will likely see new generations of technology as new threats appear. “We hope to stay one step ahead of the evil-doers. They find exposure and create a tear,” says EDS’s Decker. “It’s a continual leapfrog of technology.” Decker notes that the threat of network breaches has elevated security to an issue for the highest executives. “It’s become more of a boardroom issue,” says Decker. “In the past 18 months, I’ve made more presentations in boardrooms than I have in the past 25 years. Companies have put a lot of capital outlay into IT, and they understand the increased importance of protecting that IT.”

See sidebar to this article: The new security "A Team"