Netskope upgraded the firewall-as-a-service (FWaaS) component of its secure access service edge (SASE) platform, providing more oversight and depth for SASE environments.

The security provider introduced its Cloud Firewall FWaaS last year, but is now “extending it, giving it the capability to govern and inspect and do deep dives on things like [domain name system] and other protocols,” Netskope CEO Sanjay Beri said during a keynote at the company’s SASE Week event. 

The new capabilities include firewall app control, which Naveen Palavalli, VP of product GTM strategy at Netskope, told SDxCentral will move security teams away from “archaic rules based on ports and protocols.”

“Applications are now traversing ports and protocols, and it's becoming very difficult to figure out what traffic is focused on what application,” Palavalli explained. He added the app control enables a converged way of using a web proxy, cloud access security broker (CASB), and a cloud firewall – “the trifecta” –  to protect all traffic going in and out of a network.

Additionally, the firewall service will host new domain name system (DNS) security functions. Palavalli pointed to IDC’s 2022 Global DNS Threat Report, which showed 88% of IT and security professionals have experienced one or more DNS attack, and all types of attacks have increased. 

“If you then look at what is really happening in the threat landscape, attackers are realizing that DNS is a soft underbelly,” he added. "It's a very actively used IT tool.”

Palavalli said different types of attacks, such as using DNS traffic to exfiltrate data or contact command and control servers, are becoming increasingly sophisticated due to the use of domain generation algorithms that come up with new domains no one has seen before. 

Legacy security tools, which rely on signature-based or whitelist-based technologies, can't keep up with these new domains coming up by the minute. According to Palavalli, Netskope is “doubling down” on artificial intelligence (AI) and machine learning (ML) techniques that can help in predicting how domain generation algorithms are used. 

Palavalli said when the company initially launched its cloud firewall service, it was with a recognition that the “role of a firewall is changing.” 

A global switch to hybrid work meant more traffic from remote locations, and not only web traffic, Palavalli explained. “The role of the firewall suddenly changed overnight,” he added. 

Security teams segregating traffic to software-as-a-service (SaaS) applications in one direction, and backhauling other traffic into on-premises locations is a “very inefficient IT architecture,” Palavalli noted. 

“Now that we are coming into the hybrid work world, which is now the new norm, the role of the firewall is again coming to play,” he said. “Organizations are now no longer thinking why do I have to separate IT stacks, one for my on-prem users, my campus users, or one for my remote users.”

Palavalli said this is how the cloud firewall has become more important, adding that the role of firewalls is different in different places. 

“There's a role for it on the ingress side where traffic is coming into headquarters or into the data center, where they continue to deliver value,” he noted. “But if you think about it on the egress side, where you have users who are accessing internet SaaS applications, accessing private applications – the role of the firewall is completely changed.”