[Beijing, China, October 16, 2019] Recently, Huawei and Forrester jointly released a thought leadership white paper titled "Artificial Intelligence Firewalls — The Intelligent Solution For Enterprise Cybersecurity" and defined the new wave of next-generation AI firewalls (AIFWs). As well as resolving the drawbacks of the next-generation firewall (NGFW) static rule engine, these moves also aim to enhance threat detection and address the challenges of security O&M through automation.
As an increasing amount of important information is transmitted on the network, the underground hacking industry has emerged and is growing stronger. Increasingly diversified attacks are launched against various targets, further complicating security protection. NGFWs, which originated in the PC Internet era, are built on application identification and visualized control. Today, with the explosive growth of mobile Internet and cloud computing, web services are becoming increasingly exposed. Such a severe cybersecurity situation is straining traditional application identification-based security protection methods. To be specific, these methods are becoming inefficient for detecting, discovering, or fending off advanced threats in an in-depth manner and cannot prevent internal security violations. Additionally, frequent security policy changes and massive numbers of threat logs further pose great challenges to security O&M.
Forrester conducted research into the trends of global cybersecurity. Forrester carried out a survey of 200 practitioners in charge of cybersecurity and firewall deployment in world-renowned large- and medium-sized enterprises. The survey results have provided insights into the most prominent NGFW challenges amid increasingly complex cybersecurity threats, and further proposed strategic suggestions for advancing firewall technologies. Based on the research findings, Huawei and Forrester jointly developed the thought leadership white paper "Artificial Intelligence Firewalls — The Intelligent Solution For Enterprise Cybersecurity" (hereinafter referred to as the white paper).
The white paper points out three major challenges facing NGFWs:
The first challenge is coping with rapidly changing threats. NGFWs generate signatures specific to threats. This leads to the problem that if the signature database cannot keep pace with new changes, O&M personnel are forced to manually and continuously configure firewall rules to update security policies. Only then can the security protection capabilities of enterprises remain uncompromised. However, manual firewall configuration is inefficient. What's more, tech-savvy underground hackers will keep on initiating threat variants, which, in turn, gets firewalls stuck passively responding to threats.
The second challenge is defending against multi-faceted threat attacks. Network attacks are becoming multi-faceted. That is, the attack targets are expanding from just PCs to all exploitable ICT infrastructure. As well as this, attacks may originate from extranets, intranets, or third-party suppliers. In particular, intranet attacks initiated by internal personnel who have permission to access legal information are more covert than extranet attacks. Such intranet attacks often go undetected, causing severe damage to the network. To make matters worse, NGFWs can only defend against attacks launched using the protocols or applications that have been defined in the signature database, failing to detect or prevent the lateral movement of attacks that are beyond the reach of the signature database.
The third and final challenge is handling the increasingly heavy workload for security O&M. In order to defend against attacks, security administrators of enterprises need to formulate a large number of security policies. Over time, such an approach can become problematic in terms of policy management as a massive number of security policies accumulate and personnel frequently change. In addition, most NGFWs lack effective data analysis capabilities. As a result, security O&M personnel have to manually analyze vast numbers of security logs, posing great risks to enterprise cybersecurity.
To resolve such issues, the white paper outlines a highly feasible solution: NGFWs must fully embrace AI and evolve into AIFWs that deliver enhanced threat defense, integrated security protection, and higher efficiency for security O&M. The current prosperity of the hardware ecosystem and the rise of AI chips have laid a solid foundation for integrating AI technologies into the firewall field. AI can empower inter-device and cloud-device collaboration, promote the development of a secure and interactive ecosystem, and build a much more stable security platform through multi-party collaboration, ultimately safeguarding enterprise networks. In addition, the white paper highlights three key features of AIFWs:
The first key feature is localized APT defense through the built-in AI engine and AI chip. Specifically, the AIFW provides ultimate AI computing power through its built-in AI detection engine and AI chip. This allows the AIFW to locally detect and perform emergency handling for nearly all threats and provide a shorter threat response time than the cloud-based big data solution, delivering optimal threat defense performance.
The second key feature is ever-optimizing defense effect through federated learning (FL). FL improves the performance of the detection model by exchanging parameters in the encryption mechanism without moving data. In addition, FL continuously and rapidly updates the detection model based on network-wide threat intelligence, implementing distributed AI-powered joint defense and improving defense effect. Intranet defense and enhanced collaborative detection help achieve an ultimate defense effect. The AIFW uses the built-in attack deception system to construct a network that prevents intranet threats from being spread and uses AI-powered malicious traffic analysis to identify malicious or illegitimately spread traffic, implementing collaborative detection of intranet threats.
The third key feature is reducing the number of logs and policies to be analyzed through AI technologies. The ability of AI to efficiently analyze massive numbers of logs can improve the efficiency of intelligent security policy tuning and help automatically generate security policies, relieving O&M personnel's workload in maintaining the database with vast numbers of rules.
"AI technologies will definitely become a core capability of firewalls that evolve from NGFWs," said Denzel Song, President of Huawei Security Domain. "AI will be used to rapidly defend against ever-evolving threats, and efficiently identify and automatically respond to key threats in massive numbers of threat logs. Huawei AIFWs use AI-powered federated machine learning to ensure privacy of user data and continuously improve the defense model quality. Huawei makes unremitting efforts in advancing AI chips, better implementing AI-powered defense into firewalls and redefining the pivotal role of firewalls as border gateways."