Next Generation Firewalls, abbreviated NGFW, enforce network cyber security by bringing a modern solution to current threats. The upgraded hardware/software based protection system acts in detecting and/or blocking sophisticated attacks by reuniting more types of key assets. In fact, this type of firewalls is an integrated network platform that combines different tools in the effort of keeping network ports open, yet filter out any malicious elements.
Three-directional protection in Next Generation Firewalls
As TechTarget mentions, the essential key assets integrated in NGFW are:
- Enterprise firewall capabilities;
- Intrusion prevention system (IPS);
- Application control.
The first category of tools is what you would normally have with a traditional firewall. That means “packet filtering; network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support” form the base layer in NGFW, as in any other firewall.
The extra goal in NGFW consists in including extra layers, capable of network traffic filtering in a way that would not impede necessary data flow, while keeping out threats.
The IPS layer acts in monitoring the networks, as well as the IT system, focusing on any potentially malicious activities or policy violations. When such events are detected, they are reported via a security information and event management (SIEM) system to the person or automated tool in charge of network security.
The application control layer “controls input, output, and/or access from, to, or by an application or service” according to its preset configuration.
Looking at the big picture, a NGFW offers old-school static protection, combined with dynamic protection, provided by continuous monitoring and preventive alerts, as well as by dedicated application control (based on the essential application awareness capability).
Other important features in NGFW would be the stateful inspection “from layer 2 through 7 as well”, in a way that enables granular policies, as well as its ability to function in bridged and routed modes.
Why are Next Generation Firewalls still in the “next generation” stage?
Although the discussion on these upgraded protection tools is not new, and we may find online sources that date back to 2011 when researching for relevant articles, the reason for this type of firewalls remaining in its NG stage is due to the fact that it takes time to propagate in the cyber security industry, with providers gradually adapting their business products to modern requirements.
Once the concept stepped into reality and proved its validity, it was only a matter of perfecting and expanding it into various legacy tools for the specialized companies. There is no other NG concept in firewall protection because this one is fit for the ongoing threats, only it has yet to be adopted by many enterprises.
Small and medium businesses (SMBs) for example can also use NGFW in protecting themselves from malicious actions, but may often find themselves lagging behind larger scale companies in what the latest technologies are concerned, due to various factors.
Getting a NGFW instead of a traditional firewall can be a much more complex action that it may seem, in fact it offers the opportunity for an in-depth security architecture review. Security Week offers advice on the optimum network security architecture for those who are interested in knowing just what should happen during this complex migration. The primary goals should be besides getting a better, more agile protection:
- An intelligence-based traffic balancing act;
- A clever configuration that enables high availability during normal operations;
- Enhancing network blind spots’ visibility;
- Building a sustainable network architecture that would protect your environment when confronted with potential future events.
Providers that incorporate Next Generation Firewalls into their services
We have mentioned above the fact that more and more specialized companies gradually adopt and perfect NGFWs into their portfolio, and aim to surpass their competitor onto the business market segment with better, more flexible services. Here are some notable examples.
Palo Alto Networks offers “protection from known and unknown threats” to enterprises with their Panorama “centralized security management solution for control of its appliances deployed on an end-customer’s network; and is used for centralized policy management, device management, software licensing and updates, centralized logging and reporting, and log storage” – explaining the need for NGFWs in terms of performance maximization.
Fortinet supports the deployment of High Performance Data Center Firewall with their Fortigate UTM series.
CheckPoint provides comprehensive NGFW products for various-sized potential clients, from home offices to data centers.
Cisco fine-tunes the low-to mid-range next-generation firewalls management console, called Firepower Device Manager.
Sophos announced in September Intercept X “a next-generation endpoint security product that aims to stop zero-day malware, unknown exploit variants and stealth attacks, including advanced anti-ransomware”.
Of course, as with any other tool, deploying NGFWs needs to integrate with other protection measures in order to offer the maximum protection. For example, without efficiently protecting privileged accounts, companies may end up in letting intruders in under the undetectable and seemingly legitimate appearance of enterprise accounts, as CyberArk mentions in a blog post. Therefore, NGFW are indeed the best in what (modern) firewalls are concerned, yet they need a carefully orchestrated presence in enterprise security, where no weak points should go unprotected.
