Blog Post

An Engineer’s Perspective on Managed Firewalls

Published

Mar 4, 2021

Written by

John Headley

Filed under

Cybersecurity, Firewall, Fortinet

Most of the articles you’ll read today on the pros and cons of MSP-managed firewalls focus on these two buzzwords: CapEx and OpEx.

Choosing upfront or recurring expenses is certainly an important decision for the business, but as an engineer who installs both managed and non-managed firewalls for our customers, I wanted to share some technical aspects of the decision that should be considered as well.

Are Your Employees Trained?

Organizations that want to migrate to or install a new non-managed firewall should consider if their employee(s) that will be managing this firewall will know how to use it, and this extends beyond simply making a new policy or blocking a website. To make the most of the new firewall, and to ensure the business is protected, the firewall admins should know how to:

If this list looks like a tall order for your employees now, then how long will it take them to get up to speed? The Fortinet NSE4 certification, for example, is 5 days of training material, not including engineer practice time. Do your employees have this time to dedicate to learning how to use the FortiGate?

Vulnerability Mitigation and Patching

After investing the time to learn how to use the firewall, will your admins have the time to be able to stay on top of firewall patches and vulnerabilities?

Firewall vendors regularly release updated firmware versions. These updates can include bug fixes, new features, vulnerability mitigations, and can sometimes even introduce new bugs of their own. Your admins will need to adopt a process to keep an eye out for these updates and vulnerability announcements and assess the security risk for your business.

Not if, but when the time comes that a firmware upgrade is necessary, your staff should perform their due diligence to ensure the new firmware is fully tested in a lab environment before being rolled out to production to avoid any surprises.

24x7 Monitoring and Incident Response

A “set it and forget it” approach to a firewall does not work in today’s cybersecurity landscape. If your organization is going to manage the firewall yourselves, then your employees should be performing many of the same functions as a security operations center (SOC), including continuous monitoring and incident response. Can these admins monitor the firewall logs for indicators of comprise (IOC) and indicators of attack (IOA) and perform incident response 24×7?

If 24×7 is out of the question and you settle for 8×5 monitoring and incident response, your employees still only have so much time in a day. Will adding these responsibilities stretch them too thin and/or compromise the quality of work?

MSP-Managed Firewalls - An Easy Button

Organizations who do not have staff with enough time to dedicate to security, or those lacking staff with necessary security expertise, will find handling all the responsibilities that come with a firewall to be challenging. In this situation, outsourcing these responsibilities to an MSP/MSSP really is an easy button, allowing your business to focus on what it does best instead of trying to quickly master cybersecurity.

If you would like to discuss how VPLS can take ownership and manage the complexities of your firewall, which is such an important cybersecurity investment for your business, then please reach out to us; we’d love to help.

An Engineer’s Perspective on Managed Firewalls

Are Your Employees Trained?

Vulnerability Mitigation and Patching

24x7 Monitoring and Incident Response

MSP-Managed Firewalls - An Easy Button

5 Reasons SOC-as-a-Service Features Help You

What Is SOC-as-a-Service?

VDI vs. VPN: What’s Best for Remote Employees?