Of course, the initial cost is just one part of the story. Maintenance is time-consuming but necessary. To maintain policy files, for example, you must keep a list of applications and their DLL checksums, and a separate list of people who may access that information. Furthermore, you must track users' needs, as well as their whereabouts within the company. Products that tie into existing directory services (such as Active Directory or LDAP) for user/group configuration can help reduce this cost. However, you must also keep updating executables' signatures when you upgrade. The desktop firewall won't let IE 6.0 launch if it contains only IE 5.0 signatures, for instance.
Helpdesk calls are bound to bog you down once you roll out a desktop firewall. Some users will be locked out of critical applications for a few days. Others may want to use forbidden programs, and you'll have to convince them that the security policy is more important than their individual wants. And heaven forbid you accidentally block DNS or DHCP.
Letting users see the attack report in real time may also be problematic, especially since many of them don't know what they're seeing. For example, ISS RealSecure showed overnight some 8,000 attempted attacks from one of our SNMP servers. These attacks, however, were harmless, generic scans that require no action, though they'll light up a desktop firewall on the Internet like matches dipped in gasoline. Denying users the ability to see scans and minor attacks will save your helpdesk a few phone calls.
Shouldn't antivirus software and an e-mail server scanner be enough to protect desktops inside the LAN? If your organization keeps all its remote users away from the private LAN, all current and former employees are trustworthy, and you keep strict physical security, perimeter firewalls should prevent people from hacking in, while the antivirus software and e-mail server scanner catch any virus or Trojan. Right? Wrong. Antivirus software is reactive, not proactive. And desktop firewalls do only part of the job.
Antivirus software operates by matching a file against a database of existing virus signatures. New viruses and Trojans don't get caught. Antivirus and IDS vendors respond quickly, creating signatures for new viruses; still, a few hosts are always hit first. Attackers that target your organization directly have one advantage: They don't have to mass deploy their Trojan or virus. Your machines may be vulnerable to new Trojans that remain under the antivirus vendors' radar. Correctly configured, desktop firewalls should catch these Trojans and prevent them from sending data.
Firewalls do not replace antivirus software--they won't protect you from a virus aimed at unlinking every file from the system. And they won't eradicate the Trojan or guarantee that your system will be usable after infection, but they will help keep your data out of the wrong hands. At least that's the theory. If your desktop firewall contains bugs, it can crash or be compromised. If a new exploit is found, you're vulnerable until a patch is released. Meanwhile, the more layers you add, the more likely you'll survive an attack.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
