A few years ago, many MSPs were happy enough to place a firewall, set it up, and walk away.
In these AC (after Covid) times, while the dissolution of the perimeter and the reduced centrality of the office network is a reality, there is still a physical presence for most businesses and, therefore, still a perimeter to defend. And that means the ongoing management of your firewalls.
The firewall is still the Swiss army knife
The one indispensable item in the defense of any network is the modern UTM (unified threat management) device, the firewall. Modern firewalls manage and prioritize traffic, perform DPI (deep packet inspection) of all (even encrypted) traffic, content filtering, secure WiFi, and more. And for many small businesses, the firewall is the only real security (beyond AV or EDR) in place.
Start with the basics
In my discussions with IT providers across the US and Europe, I still hear that many MSPs still encounter stiff resistance to the purchase of a firewall in their SMB clients. And to this day (April 2021), nearly two-thirds of the prospects we meet with either do not have a firewall in place or have no services running if they do. That makes Job One just getting a firewall going.
But we also must ensure that we are not just dropping these in place, setting the interfaces up and walking away. The first step is to “interview” the client about their usage and then do your best to harden that firewall. This should include GEO IP and botnet filtering, setting up wireless (as it is often integrated into smaller firewalls), content filtering, SSL VPN connectivity, and much more.
Maintenance and updates (firmware)
The next step is to ensure that service subscriptions remain current and firmware updates get done. Some MSPs also provide ongoing rule creation and configuration review as part of their services. It also makes a lot of sense to include some time to discuss how the site’s business practices may have changed since the last review, especially in these AC days.
But how do you bill for this on unmanaged sites? Some MSPs work around this by offering FWAAS (firewall as a service) that builds these costs into a monthly fee, even if they do not provide other services to the site. This also helps address the sticker shock of initial purchase costs at sites with 500M and faster connections that would otherwise need to spend several thousand dollars for the firewall purchase.
Automating this process
Everything MSPs do have to scale to be profitable, and this is no exception. That is where aggregated management of your firewalls comes in. Most firewall vendors offer firewall management through either a dedicated software or a purely cloud-based service. Some MSPs make this management functionality a key determinant in their choice of vendors.
This management software or service can save you time and reduce the possibility of configuration errors as well. You can automate firmware backups and updates, provide mass distribution of rule sets, and grab configuration snapshots as well. Of course, there is always a downside, and as I write this, a major new vulnerability in one of these packages has just come to light. There is nothing we don’t have to patch!
Someone to watch over you (logs)
MSPs that do not have exposure to compliance requirements (FINRA, HIPAA, etc.) often believe that they do not need to invest in firewall log reading and response services. However, I would argue that is just not the case and point out that every business will benefit from these services. The good news is that they are both more capable and less expensive than ever.
I engage with an organization that runs our logs through AI-based analysis augmented by “crowdsourced” intelligence collection (provided by their partners and other sources) to identify higher-level threats and respond to them. Most firewall vendors allow for automated updating of botnets, and they leverage this capability by creating “blocklists” that are automatically imported into our firewalls this way.
To sum it up
Start with the basics; get your firewalls in place and configured to be as effective as possible, not just set up and forgotten. Be sure they stay current with their services and firmware updates. Be sure to review configurations periodically. Consider using centralized management software to automate and reduce the risk of error for all of this. And be sure someone is watching your back (reading your logs).