Why use proxy servers in companies?
Can a Firewall really be effective in web security without one ? At Olfeo, 100% of our customers have a Firewall. They recognize that their protection against new cyber threats has been much better since Proxy and Firewall effectively spread detection actions while remaining fully integrated and complementary to each other. We can thus speak of real symbiosis or even of Love Story, but why concretely ?
Proxy and Firewall: what fundamental differences ?
If Firewall and Proxy are undoubtedly the first 2 pillars of a cybersecurity strategy, they have 2 really different missions and it is important to leave it to everyone to do the work for which it was designed …
The vocation of the Firewall or “firewall” is to manage the inflows and outflows between the internal computer network and those external, whether open (the web) or protected (VPN for). Without Firewall, all servers and workstations on the local computer network would be “exposed” directly to web streams from outside. It is easy to understand why it constitutes the 1 fundamental step in the pyramid of cybersecurity tools since it will be interposed between the internet and the internal network to control all access and authorize or not their passage… No company would thus take the risk of not deploying a Firewall because that would amount to directly exposing its IT resources to cyber attacks …
The Proxy has a complementary mission of control, optimization and web stream filtering. Originally designed to control and filter out outflows by managing one that allowed, the Proxy quickly became essential to filter the users’ internet surf by categories and URL in order to guarantee and the legal and cultural compliance of internet use within the company.
Why should the filter Proxy be dissociated from the Firewall ?
Ensuring the cost of building a chain made up of different equipment, the solidity of which will depend on its weakest link.
If for cost reasons, the ISDs could previously be tempted to group all the flow control and filtering functions within the Firewall which sometimes included a filtering proxy option added in the, it is not no longer possible today. Indeed, the evolution of the nature of web flows (HTTPS …) and the ever-increasing sophistication of cyberattacks (polymorphic codes of malware …) reinforce the importance of filtering, and therefore of Proxy. This justifies today that an autonomous Proxy is set up separately but dialoguing with the Firewall if we really want to create an environment of confidence on the web for the users of the company:
Indeed, the autonomous Proxy makes it possible to benefit from a much better quality content filtering solution: it integrates many more functionalities as the examples below show as well as greater wealth in the categories and URL of its database.
The analysis of HTTPS encrypted flows is the responsibility of Proxy to preserve the reliability of the Firewall
We now know that SSL decryption on a Firewall can represent a loss of performance of up to 74%). As HTTPS encrypted flows are constantly increasing, it is important to filter them with an autonomous Proxy so as not to weaken the Firewall and your web security chain. The consequences being that the Firewall, in a saturation situation, is no longer able to analyze all of the flows and therefore lets some, potentially dangerous, pass.
The proxy provides finer filtering capacity and advanced functionalities
The advantage of using the Proxy will also be to be able to exploit the finer categories of its database to display information messages to users on their internet use in order to better … This equipment will allow white list operation, considered the “supreme” level of web security. This means leaving only access to content already recognized in your web filtering editor’s URL database. An extensive database is necessary to do this, and a minimum of 96% recognition of the websites visited by your users is recommended.
Proxy authentication management rather than Firewall
Having nominative logs on the use of the Internet by users is a legal obligation. The stand-alone Proxy allows you to manage filtering policies by user or user groups, so it is best that user identification by the Proxy takes precedence over the Firewall. Especially since the traditional perimeter of the company’s network today extends to mobility and that users of smartphones or mobile business terminals must benefit from the same authorizations and / or protections outside as those that they would have had within the company. Only an autonomous Proxy exposed on the web can take on this function and provide the tools for analysis and reports expected on the use of the Internet …
The impact of new cyber threats on the Proxy and Firewall
Last example where the filtering function of the autonomous Proxy must be at the heart of a business security strategy: ) also known as the massive attacks by thousands of “zombie” machines to bring down the Firewall to breach computer network security. are still in the memories of all RSSI (). A proxy complementary to the Firewall therefore brings more redundancy in the protection of the company’s information system.
It is therefore important today to relieve the Firewall of all tasks that are not within its remit and to integrate an autonomous Proxy if you want to create an environment of trust on the web in your business.
Integrating an autonomous Proxy with Firewall is a priority in terms of cybersecurity
Firewalling on the one hand and filtering web flows through an autonomous Proxy is today both a priority and a good practice in terms of cybersecurity. Faced with the ingenuity of the malware and the “jumpy” sophistication of certain Phishing emails, the specialization of an autonomous Proxy is a real asset thanks to the quality of its URL database and the possible granularity for operations filtering. Without forgetting in redundancy of those made on workstations by conventional anti-viruses.
Having an autonomous Proxy in addition to the Firewall could cost less than having only one piece of equipment
This remains one of the lessons learned from the feedback shared by the DSI and RSSI during the Connect Day Olfeo round table 2017, are out of all proportion to the costs of additional security equipment:
With the bandwidth load increasing by 10 to 20% each year, it is often necessary to buy new firewall equipment over time. In this logic, it seems more reasonable to invest from the start in a dedicated proxy, instead of investing large sums on a regular basis.
You cannot choose a Swiss knife and expect the same level of efficiency as if you had taken each of the tools it contains separately … We come back to the eternal debate of the general practitioner VS the expert: is it better to be a jack-of-all-tog or an expert in a field ?
To better understand the dilemma, choose to take a Swiss knife to equip your brand new kitchen ? Or will you turn to a battery of complementary knives instead ?
The same goes for UTMs: if they provide an operating facility since everything is in the same place, we cannot ask it to have the same level of quality as dedicated equipment and in particular that of a Proxy autonomous …
Integrating a dedicated Proxy like Olfeo’s into your Firewall is very easy
Indeed, the integration of the autonomous Proxy Olfeo with your Firewall is today completely reliable and secure thanks to the use of standardized connectors with the leading solutions of the Firewall market.
So don’t wait to perfect your web security channel and download our expert guide to help you with your company’s information systems security strategy: