Firewall solutions for small businesses
With the shift to remote working, businesses have been left to reevaluate their security practices. Bolstering the cybersecurity of any business should be the first step in any good transitional plan, but how do you know where to start? Our recommendation: implementing a firewall is essential to protecting business assets and preserving customer trust through heightened security.
Do small businesses need a firewall?
Yes, absolutely. Businesses of every size should have a firewall of some kind, whether hardware or software. It’s commonly misconceived that small businesses don’t need the same protections as larger enterprises—and that can prove to be a fatal mistake.
A recent report from Inc. found that 60% of small businesses won’t survive a cyberattack; implementing a firewall can help prevent such attacks from happening in the first place. Firewalls are a critical line of defense in protecting corporate data. But, in order to pick the right one for your small business, it’s important to understand exactly what a firewall does.
What is a firewall?
Firewalls create a “barrier” between the internet and internal, secured networks to prevent intrusions or corruption by malware. According to Cisco, firewalls have been considered the first line of defense in networking security for over 25 years.
Firewalls can consist of hardware or software (or a combination of both) and exist in many variations, including:
Packet-filtering firewalls
Packet-filtering firewalls are one of the oldest types of firewalls. These operate at the network layer, choosing to accept or deny data packets based on the configured protocols. Packet-filtering firewalls used to be the go-to option for early networking architecture because of its performance and speed constrained by older hardware.
These days, other types of firewalls might be a better option as long as the hardware on a network is capable of handling firewalls that operate at higher levels.
Application-level gateways (proxy firewalls)
Application-level gateways can be incredibly useful because they're aware of the context of what is being transferred but need to be configured for a specific protocol. All website traffic and other applications that communicate over HTTP can all be served by an HTTP application firewall. The term "application" here refers to the OSI network model, rather than an app or software application, so it's important to make the distinction between the two.
Application-level gateways do have their shortcomings: they process data packets in software, support only a small selection of applications, and often will require special client software. These gateways are also becoming increasingly obsolete for non-server systems due to the proliferation of encryption.
Stateful inspection firewalls
Stateful inspection firewalls keep track of connection status, remembering if a connection has already been allowed by another rule and allowing existing connections to continue on that port.
Here’s another way to look at it: “Stateful inspection is today's choice for the core inspection technology in firewalls. … When you connect to a Web server and that Web server must respond to you, the stateful firewall has the proper access open and ready for the responding connection. When the connection ends, that opening is closed.” [Configuring Juniper Networks NetScreen & SSG Firewalls]
Stateful inspection firewalls can be great, but they do have their limitations. These types of firewalls are often complex to configure, and not all protocols contain state information. Stateful firewalls cannot protect against application-layer attacks, and do not support user authentication of connections.
Next-Gen firewalls
Where other firewalls fall short, the Next-Gen firewall (NGFW) steps up to the plate. Considered the “new standard” for firewall solutions, NGFWs do much more than port and protocol inspection and blocking. They also include additional features to traditional firewalls like application awareness, application control, integrated intrusion prevention, and cloud-based threat intelligence. According to the Gartner definition, NGFWs must include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control to see and block risky apps
- Threat intelligence sources
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
Now that you’re more familiar with the types of firewalls that are out there, it’s time to choose the perfect solution for your business’ needs. Here’s a breakdown of the best options available without compromising simplicity, price, or robustness.
The best hardware + software combo firewall for small businesses: Ubiquiti (EdgeRouter™ line)
The Ubiquiti EdgeRouter™ line, though not strictly a firewall itself, is a great choice as an affordable hardware option with built-in firewall software. The EdgeRouterTM line comes configured to block all incoming traffic by default, which makes for a secure setup right out of the box. From there, manual configuration (made easy by their guide) or auto-configuration with robust rules are both options that will soon have a network up and running securely—with minimal effort on the user’s part, so it's great for users who aren't part of a dedicated IT team.
The best free firewall for small businesses: OPNSense
OPNSense is a great pick for a budget firewall software system. Their setup guide walks the user step by step through configuring their firewall, as well as provides recommendations on compatible hardware (users will need to purchase their hardware separately).
OPNSense software is open-source, and all of their source code is hosted publicly on GitHub. They push out weekly security patches and platform updates twice a year, plus the community is large enough to have thorough documentation for DIY troubleshooting. OPNSense is easy to manage through a web portal (rather than through the command line) and is a great fit for both small and large networks alike.
The best Next-Generation Firewall (NGFW) for home offices: Minim
Recently named the Next-Generation Firewall Solution of the Year by Cybersecurity Breakthrough Awards 2020, Minim is hands-down the best NGFW on the market for SMBs with remote working teams.
In addition to delivering a Next-Generation Firewall (NGFW) with proprietary 26-point IoT fingerprinting, Minim's AI-powered solution includes auto-configured network device filtering for safeguarding business networks, Minim-powered WiFi systems with frequent security updates, and robust consumer IoT behavioral analyses.
IT teams and employees are alerted of security issues (such as unknown devices joining a network, malware, and known vulnerabilities) through a web portal and intuitive mobile app, respectively, and can elect to automatically block these threats before they can cause any problems.
Minim features a three-part solution catered to SMB security, all at one simple price:
- Minim® Edge Extend web portal grants IT personnel visibility into their Minim network with insights that include network health scores, employee network usage, and a vulnerability analysis by an AI-driven NGFW
- Minim® Remote Assistant mobile app allows employees to self-diagnose their own network issues, taking that burden off of the shoulders of SMB IT teams
- Minim-powered WiFi system with the Motorola® mesh MH7022 satellite + router combo that boasts Zero Touch Provisioning (ZTP)
To find out more about how Minim could be the right NGFW solution for your business, click below.