In an interview at Infosec 2009 with Chris McKie, VP of Communications for Watchguard, SecurityVibes discussed the issue of whether the firewall was dead. In a statement to Security Vibes, Chris McKie agreed that the old firewall has died but risen again in the form of a unified threat management UTM appliance.

Certainly here at the show we've seen many people claim that the firewall is dead or it needs to be fixed. Our perspective is that the firewall of the old is evolving into a unified device capable of addressing multiple threats rather than just being a basic firewall. So I guess you can say that the Firewall has died but it certainly has risen again as a unified threat management appliance capable of handling web-filtering gateway anti-virus, IPS, and IDS as well as handling extra features such as VPN-SSL.

When confronted on the issues administrators have with maintaining black lists and white lists, Mr McKie talked about how some of the newer features can help with thee issues and how the new evolved firewall can handle multiple vector attacks.

The UTM appliance has a lot more intelligence and can detect visited web-sites that contain for example cross-site scripting attacks, drive-by-down-loads or Web 2.0 attack vectors and ensure appropriate action is taken.

In addition, UTM appliances have a greater amount of flexibility so for example, grey lists can be created. Greylists were defined as sites that organisations were happy for their employees to access but wanted to ban certain applications such as IM or peer to peer or even allow this communication but block attachments being sent within the conversations to prevent data leakage.

Essentially the firewall now has more management, more control and greater risk mitigation. Although the intelligence of the evolved firewall is certainly impressive in detecting attack vectors such as drive-by-downloads, we still could not come to any agreement regarding the issues of maintaining black or white lists. Frankly it seems that more work will now be involved in dealing with grey lists and administrators will have a greater burden in trying to understand just what all these rules in the firewall are trying to do especially when they inherit someone else's set of rules.

References
Security Vibes Interview with Chris McKie