Updated on: December 19, 2024
SafetyDetectives recently had the opportunity to interview Grégory Bernard, the visionary founder of DynFi, a leading name in open-source firewall management and cybersecurity innovation. Originally established as ToDoo in 2001, DynFi has since evolved into a key player in the cybersecurity space, offering cutting-edge solutions like DynFi Manager and DynFi Firewall. Drawing on decades of experience, Grégory shared the story behind DynFi’s evolution, from its early days supporting pfSense and OPNsense to creating its own groundbreaking firewall solutions. In this exclusive interview, Grégory discusses the vital role of open-source software in modern cybersecurity, the challenges of managing multiple firewalls, and how enterprises can better protect themselves against emerging threats.
Can you tell us about the origins of DynFi and its mission in the cybersecurity space?
DynFi®, originally named ToDoo, is a French company founded in 2001 by Grégory Bernard and based in Paris. Initially focused on providing consulting services for Internet strategy to prominent French institutions, ToDoo contributed to the development of primary DNS infrastructure for a large African country between 2007 and 2008.
During this project, we recognized the critical need to secure the DNS infrastructure we had implemented, which led us to discover pfSense, an Open Source firewall solution. From 2009 to 2014, we became the first official distributor of pfSense in France, actively supporting the project by offering a full range of appliances across France and French-speaking countries. ToDoo also organized the first French-language training sessions on Open Source firewalls and contributed to the project’s visibility by publishing and translating articles into French.
However, following pfSense’s acquisition by Netgate in 2014 and its move away from the Open Source philosophy, we decided to shift our focus. ToDoo became an early supporter of OPNsense, a fork of pfSense, in 2015. At this pivotal moment, we expanded beyond distribution and began developing our own software solutions.
In 2017, we launched DynFi® Manager, the first centralized management solution for Open Source firewalls, compatible with both pfSense and OPNsense. Our mission was to address a significant challenge: enabling efficient and seamless centralized firewall management, which neither of the major players had prioritized. DynFi Manager became a cornerstone of our commitment to providing open, robust cybersecurity solutions.
Building on this success, in 2019 we created DynFi Firewall, a fork of OPNsense, fully based on FreeBSD and compiled from source. This initiative further solidified our role as a key innovator in the Open Source cybersecurity ecosystem.
To mark this evolution, in 2020 ToDoo rebranded as DynFi and expanded its presence in France and across Europe. Today, the DynFi brand has global recognition, driven by our unwavering dedication to Open Source and cybersecurity excellence.
In parallel, DynFi has also established a strong partnership with the Proxmox virtualization technologies, becoming the first French Gold Partner. We actively promote Proxmox solutions, provide engineering expertise, and support their adoption across enterprise environments, further strengthening our leadership in virtualization and cybersecurity.
How do you see the role of open-source tools evolving in the broader cybersecurity landscape?
Open-source software plays an increasingly significant role in cybersecurity, but it is important to recognize that most open-source projects are supported by sustainable business strategies. Companies either monetize their open-source software directly, are backed by major corporations (e.g., Intel, Cisco) with targeted interests, or are part of large foundations like Apache or Eclipse—also predominantly funded by large organizations. This balance between open access and financial sustainability is the foundation of open-source development.
In the open-source firewall industry, many players have adopted a hybrid strategy: they maintain a regularly updated open-source version while pushing “Enterprise” editions with exclusive, closed-source features. However, we believe this approach is risky because it widens the gap between the free and paid versions, ultimately encouraging companies to prioritize their proprietary offerings or abandon the open-source version altogether.
By contrast, Proxmox has demonstrated a successful alternative model: its software remains 100% open-source, with monetization achieved through paid subscriptions for enterprise-grade repositories (offering faster, reliable updates) and professional support. This model ensures the software stays accessible while providing value for paying customers. At DynFi, we find this strategy exemplary, and we plan to introduce similar subscription options for our DynFi Firewall end-users, maintaining a fully open-source core.
Looking ahead, open-source cybersecurity tools are evolving to meet modern challenges, particularly through advancements in AI and log analysis. Projects like CrowdSec, now integrated into our DynFi Firewall, are leading the way by offering collaborative behavioral analysis to detect and filter malicious IPs, providing robust protection for edge firewall users.
Complementing tools like CrowdSec with signature-based solutions, such as Suricata, allows for comprehensive threat mitigation. At DynFi, we have completely rewritten Suricata’s module in our firewall to enhance performance, usability, and results for our users.
The future of open-source cybersecurity lies in the combination of community-driven innovation and robust business strategies, ensuring long-term sustainability without sacrificing accessibility or transparency.
What are some of the biggest challenges organizations face when managing multiple firewalls?
One of the biggest challenges is ensuring that firewalls are regularly maintained and upgraded. Leaving firewalls unpatched poses a significant risk. Within just three months, the software running on your firewalls might accumulate dozens of identified vulnerabilities (CVEs). While some vulnerabilities may be harmless, requiring specific conditions or access to exploit, others can be critical and exploited remotely. For any device directly facing the internet, regular updates are essential. This is where DynFi Manager provides a key solution: the ability to upgrade a large number of firewalls with a single click.
Another major challenge is keeping firewall rulesets synchronized across multiple devices. Managing consistent rulesets on a large number of firewalls can be complex and error-prone. DynFi Manager addresses this through its aliases management feature, which allows users to define collections of aliases that are automatically synchronized across all selected devices.
Many open-source firewalls lack centralized management solutions. When such solutions exist, they are often offered as SaaS. However, many organizations prefer an on-premise solution to ensure complete control over their devices and data. With DynFi Manager, companies can manage their devices locally, avoiding reliance on external cloud infrastructure.
Identifying connectivity issues on remote sites is another tricky challenge. DynFi Manager simplifies this by providing tools to perform standard uploads to evaluate link quality, offering precise metrics and clear insights into network performance.
Finally, managing remote access to individual devices can be time-consuming and inefficient. DynFi Manager resolves this by allowing users to access all devices centrally from the management interface. For organizations managing a large number of firewalls, particularly service providers, DynFi Manager also supports multi-tenant access. This feature enables individual customers to securely access their specific devices and view key statistics and information.
In summary, DynFi Manager addresses the critical challenges of firewall management—timely upgrades, ruleset synchronization, connectivity monitoring, efficient access, and multi-tenant management—offering a comprehensive and user-friendly solution to organizations of all sizes.
How can enterprises better protect themselves from emerging cybersecurity threats?
To effectively protect against emerging cybersecurity threats, enterprises must start with a comprehensive understanding and management of their network infrastructure. This process is inherently complex and requires collaboration among network architects, CISOs, and data analysts. A thorough grasp of your network’s typical data flow is essential, enabling the creation of properly configured firewall rulesets. Surprisingly, many organizations still configure their firewalls but end up with a dangerously permissive “allow all” rule. Controlling and filtering data flows is the first and most critical step in a Chief Security Officer’s (CSO) work.
Once a strong foundation is in place, enterprises should focus on collecting and analyzing network data to identify and mitigate threats. Tools like CrowdSec provide significant value by offering collaborative behavioral analysis to detect malicious activity. Additionally, creating custom log parsers to process logs from mail servers, HTTP servers, or other key systems can provide actionable insights. These logs can be exported into files and easily integrated into your firewall rules. DynFi Firewall, for example, simplifies this process by allowing IP lists to be parsed and incorporated seamlessly into existing rulesets.
To enhance network security further, enterprises can leverage advanced third-party tools like Suricata, which is embedded within DynFi Firewall. Suricata is an open-source, high-performance Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) solution. It uses rule-based packet filtering and supports multi-threading and deep packet inspection to analyze network traffic and detect malicious activity. Suricata can work with pre-built signatures (e.g., Emerging Threats or Snort) or custom-crafted rulesets, providing a flexible and rapid threat mitigation strategy. Combining pre-purchased rulesets with customized rules enables organizations to react swiftly to emerging threats.
Another critical component of a strong cybersecurity defense is network flow analysis. Tools like Ntop and Nprobe are excellent candidates for this purpose and can be configured to collect and analyze logs from remote firewalls, switches, and probes. With such flow collectors, enterprises can achieve a real-time, live understanding of their network activities, quickly identifying anomalies and potential threats.
In summary, enterprises can better protect themselves by:
- Properly managing their network infrastructure and firewall configurations.
- Collecting and analyzing datato gain insights and filter network traffic dynamically.
- Leveraging tools like Suricata for advanced rule-based threat detection and mitigation.
- Utilizing flow collectors like Ntop/Nprobe for real-time network visibility.
Combining these strategies ensures a proactive, multi-layered defense capable of addressing modern cybersecurity challenges.
What advice would you give to companies considering open-source solutions for their network security?
Open-source solutions are deeply integrated into the fabric of the Internet, playing critical roles both in its core infrastructure and at the edge. Tools like FRR (widely used for BGP),Apache, Nginx, BIND, Unbound, Postfix, Exim, PostgreSQL, MariaDB, OpenSSL, WordPress, and Drupal are just a few examples of how open-source software powers the digital world. Open source is not just an option; it is the backbone of modern networking and cybersecurity.
When it comes to cybersecurity, it’s essential to “open the hood” and examine the inner workings of the tools you’re considering. Many proprietary solutions heavily rely on open-source software (OSS) for their core functionality. For example, Stormshield is built on FreeBSD, FortiOS on Linux, and Sophos also utilizes Linux. This demonstrates that even major cybersecurity brands trust and depend on open-source technologies.
If companies choose to embrace 100% open-source solutions, they can be confident in the quality and reliability of the software available. Open-source tools like Suricata or Snort—widely used for intrusion detection—are examples of the high standards open-source solutions maintain. However, successful adoption requires careful consideration of several factors.
Here are the key questions to ask when evaluating open-source solutions for network security:
- What are my expectations for this solution? Clearly define your goals—whether it’s intrusion detection, threat analysis, or firewall management.
- Will it be easy to deploy and integrate into my existing infrastructure? Ensure compatibility with your current systems and workflows.
- Is the software well-maintained and regularly updated? Open-source solutions thrive on active development and updates to address vulnerabilities.
- Can I rely on automation to streamline tasks? Look for tools with strong automation capabilities to reduce operational overhead.
- Does my team have the necessary skills to manage and maintain this software?Evaluate your in-house expertise and plan for training if needed.
- What support options are available from the organizations or communities behind the software? Many open-source projects offer professional support, subscriptions, or documentation to assist with implementation.
- Does this solution align with my overall strategy? Ensure that the open-source software you select matches your business needs and long-term goals.
By carefully addressing these questions, companies can make informed decisions, harnessing the power of open-source to build cost-effective, flexible, and secure network infrastructures. Open-source solutions are not just an alternative—they are often the foundation of innovation and reliability in modern cybersecurity.
What cybersecurity trends or technological shifts are you most excited about in the coming year?
From my perspective, two transformative shifts will significantly shape the future of cybersecurity: the rise of AI-powered tools and the looming impact of quantum computing.
On one hand, AI is revolutionizing both cybersecurity defense and offensive tactics. Advanced AI tools are being weaponized to enhance network protection, from identifying anomalies in real-time to automating incident responses. However, the same capabilities are being leveraged by attackers, enabling increasingly sophisticated and efficient intrusion strategies. The ability to quickly sift through massive logs, extract actionable insights, and present data in meaningful ways is now becoming a cornerstone of next-generation cybersecurity products.
On the other hand, the promises—and threats—of quantum computing loom large. Quantum technology has the potential to break many of the cryptographic algorithms that underpin today’s digital security. This disruption could lead to a fundamental shift in cybersecurity, as most organizations would need to overhaul their cryptographic systems. Initially, access to quantum computing will be limited to a few well-funded organizations, creating a centralized and exclusive dynamic in quantum-based cybersecurity.
Organizations with stringent security requirements may soon find themselves reliant on the few players capable of developing and managing quantum cryptographic solutions. This highlights the urgency of focusing on post-quantum cryptography now. Algorithms like CRYSTALS-Kyber, CRYSTALS-Dilithium, and Classic McEliece are leading the charge in creating quantum-resistant cryptographic standards, and their adoption is critical to ensuring long-term security.
In summary, the intersection of AI advancements and the quantum computing revolution will define the cybersecurity landscape in the coming years. Organizations must prepare by integrating AI-driven tools and transitioning to post-quantum cryptographic solutions to stay ahead of these transformative shifts.