July 2, 2025

Why traditional firewalls fall short and how to fix it

Written by:

In cybersecurity, it is best to have layers of defenses. Antivirus software isn’t going to stop someone from walking off with a laptop, and physical locks on the door to the server room aren’t going to stop cybercriminals from connecting to the servers over RDP. Different solutions exist to prevent the myriad of cyberattacks present today. It is important for a company to implement many of these solutions to remain secure.

One tool needed to secure an environment is the endpoint firewall. All the way back in 2001, Microsoft realized that in order to secure machines running Windows this new tool was needed to block unwanted network connections. Initially released as “Internet Connection Firewall” and later rebranded and significantly improved to the “Windows Firewall”, and then finally to its current form the “Windows Defender Firewall”, this software helps protect machines and is now turned on by default on Windows installations.

Most users will rarely interact with the Windows Defender Firewall, often only ever seeing a pop up informing them of the type of connection they are using, but it is a powerful tool in preventing cyberattacks, both to individual users and businesses.

The Window Defender Firewall, as it appears in the control panel of Windows 11.

The Window Defender Firewall accomplishes its goal by blocking all incoming connections to workstations. This is a good example of Zero Trust. To allow a connection through the Windows Defender Firewall an exception must be explicitly made. It is not the only tool that performs this task, but it is widely used. Other tools have additional functionality that allow for more refinement to allow ease of access, while still maintaining strict Zero Trust security.

One example of another product that fills this particular security niche is ThreatLocker Network Control. Similar to the Windows Defender Firewall, ThreatLocker Network Control can block unwanted connections by default. Where it really shines though is its ability to dynamically control access. Imagine a workstation and a server that are attempting to connect. Most endpoint-based firewalls would block this connection, but if both endpoints have the ThreatLocker agent installed, they can communicate with ThreatLocker to identify one another as objects.

A ThreatLocker Network Control policy can then allow that connection through. This is especially useful if the workstation in this example is a laptop connecting to a new Wi-Fi connection; the details of this new connection, like the IP address, do not need to be hard coded into a firewall exception.