Computer Protection Firewall improvements and rationale
F-Secure Computer Protection continues to grow in popularity and has now replaced the Workstation Security clients in F-Secure Elements Endpoint Protection product family.
On top of the various architectural and performance improvements, Computer Protection includes an exciting set of features, such as Device Control and the capability to deliver upgrades without a need to restart the computer. Computer Protection also includes F-Secure DataGuard, Application Control 2.0, and improved firewall protection capabilities.
Computer Protection now uses the default Windows rule engine to execute F-Secure Firewall rules rather than executing firewall rules with a separate component. This approach offers the following enhancements:
- It increases compatibility with appliances such as email, web, firewall, or VPN gateways, including UTMs.
- It increases compatibility with business applications such as Salesforce and ServiceNow.
- It increases compatibility with any SIEM, RMM, or any other 3rd party auditing, logging, or monitoring tool.
- It allows us to provide a broader set of configurable options, such as using the service name or application path. Additionally, we can provide better IPV6 support.
- It allows us to focus on building additional intelligence and value-added firewall security capabilities.
- It simplifies the network topology and reduces the amount of required configurations.
The F-Secure Expert ruleset, executed by the Windows rules engine, contains an extensive list of advanced rules created by our penetration testers. These provide increased protection against various threats; for example, self-propagating ransomware, such as WannaCry, and lateral movement from one client to another. The administrator can create or extend the rulesets to tackle company and context-specific threats.