HarfangLab EPPProfessional Firewall
A closer look at how
our EPP’s firewall works.
A firewall to apply network policies directly on endpoints
The firewall included in HarfangLab’s EPP aims to secure traffic by applying network protection policies directly on the endpoints.
It is independent – for instance, of the Microsoft Defender firewall for Windows – and enables network connections to be filtered on the basis of IP addresses, ports, protocols, and so on.
These firewall policies enable a firewall profile to be associated with endpoints, i.e. a set of filtering rules applied to network connections, based on:
- Network protocol (IPv4 / IPv6 and/or TCP / UDP / ICMP),
- Direction (inbound, outbound, or both),
- Local host, i.e. protected endpoint (single IP address / range / CIDR), port, and/or application),
- Remote host, i.e. the remote endpoint concerned by the connection with the protected endpoint (unique IP address / range / CIDR, or FQDN and/or port).
Furthermore, for cases that require the dynamic application of different firewall profiles within a complex network context (e.g. on-the-move endpoints, server simultaneously connected to several networks), HarfangLab’s EPP firewall lets you define network zones based on various parameters such as network interface type, associated IP address, and choose which profile to apply in which network zone via the firewall policy.
These firewall policies are then associated with endpoint policies, unifying all configuration elements in the console.
Incoming and outgoing network connections are filtered using rules configured and administered directly from the HarfangLab console.
Let’s explore our firewall a little further: what are the configuration options?
HarfangLab firewall configuration options
Adaptability to your specific context is at the heart of our firewall.
EPP users can define different configurations for the same endpoint, and these apply dynamically depending on the context in which the endpoint connects (corporate network, VPN, private network…).
In addition, as mentioned above, HarfangLab’s firewall allows to define specific rules for a given application on a protected endpoint, as well as on a FQDN.
These options are designed, for example, to maintain connectivity to a service whose IP address may be unknown or changing.
Finally, let’s take a closer look at how HarfangLab’s firewall can be adapted to a practical use case.
HarfangLab firewall in practice
Let’s take the case of a factory with critical equipment that must never be shut down.
These machines are controlled by EPP-protected servers and require a very high level of network protection. The servers are therefore not connected to the Internet, and only SSH connections from workstations are authorized to manage them.
The database also connects to these servers to retrieve data for use on the business teams’ workstations, also without an Internet connection, but linked to workstations that are connected to the Internet.
The firewall can then be configured via an addressing plan that provides authorizations or restrictions for access to servers and workstations according to their network zone, and according to the type of connection (company network or Internet).
Two firewall profiles can then be considered: one for the factory and one for the offices.
Two network zones are then configured according to the previously defined addressing plan, enabling the right profile to be applied to the right network zone depending on the situation of each endpoint.
An EDR + EPP bundle that eases analysts’ workload
Supporting cyber experts in securing information systems and countering threats remains one of our top priorities.
Using an EPP, capable of automating the neutralization of known threats, reduces analysts’ workload and enables them to focus on in-depth exploration of the data gathered by an EDR.
They can then centralize all information and management of security tools in a single platform, making it easier to monitor the information system.
This represents significant time savings compared to using dispersed tools and managing data from heterogeneous sources. And more than analysts can benefit from this EDR + EPP bundle!
Make every user a key player in information system security
For teams in charge of configuring security solutions, combining EDR and EPP enables the simultaneous deployment of the tools needed to protect endpoints: EDR, antivirus, firewall, external device management (USB, Bluetooth, etc.), and more.
Everything is then managed from a single interface, avoiding errors or different configurations between tools for the same endpoint.
The EDR also provides the telemetry needed to analyze data in the event of a network security event, whether reported by the EDR or the EPP.
For IT Departments, opting for a centralized solution simplifies the process, with a single purchase, installation, and update cycle to manage, reducing the burden on teams.
Finally, for end-users of the information system, the combination of EDR and EPP contributes to greater visibility over their own workstation activity, incerasing their involvement in the security of their organization.
Even if they don’t access EDR directly, the alerts generated by EPP signal the detection of threats and make them concrete.
In this way, EPP enhances the capabilities of the EDR, which enables detection to be configured more finely (customized rules or rules supplied by HarfangLab, whitelists, etc.).