Picture the scene – someone has bought a new service and they want you to “make it work”. And because they’re kind, they virtually toss you a 2,000 page PDF manual.
Somewhere within that manual there is a list of tcp port numbers that the service listens to and access to which is required for functionality. Which is just great if this was the 2000s – it would have made my life back then far easier.
But this isn’t the distant past (in technology terms). We don’t run simple stateful packet filters that can’t distinguish between some application making an API call over tcp/443 and some klutch watching cat videos over tcp/443.
We should be getting application specific rules – that can distinguish between legitimate application traffic and attack traffic. Surely it is not beyond the wit of application vendors to work with the firewall vendors to come up with such rules?
And application vendors who work with the firewall vendors to come up with proper firewall rules will gain a bit of a competitive edge. And in the wake of the SolarWinds breach, customers may be asking about security.
