According to Gartner, a Next Generation Firewall is “a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”
Simply put, a Next-Generation Firewall (NGFW) is a hardware- or software-based network security system that is designed to detect and block sophisticated attacks through enforcement of security policies at the application level, as well as at the port and protocol level.
Next-generation firewalls (NGFWs) were developed out of necessity to address the security needs in today’s computing environments, where malware attacks have grown exponentially in sophistication and intensity and have devised ways of exploiting weaknesses in the widely accepted ordinary firewalls.
You can be assured that there is a new generation of hacker’s tool heading for your network, hence, having a Next-Generation Firewall in place makes sure you are ready for such attacks. With most network traffic using web protocols, ordinary firewalls cannot correctly distinguish between legitimate business applications and attacks, so they are designed to either allow all or reject all.
Companies across various industries are moving away from traditional firewall solutions. However there are some key features that InfoSec professionals and organizations should be looking for in the next generation firewalls they adopt. Below are some of such features:
1. Application Awareness and Application control
In simple language, this is when you could just block ports or services to control application access on your network. The major differentiating factor between an ordinary firewall and a NGFW is the fact that NGFW devices are application aware, when ordinary firewalls rely on common application ports to determine the applications that are running and the types of attacks to monitor. NGFW device are designed to not assume that a specific application is running on a specific port. The firewall itself must be able to monitor the traffic from layers to layers and make a determination as to what type of traffic is being sent and received.
The application level control feature allows you to set policies depending on the user and the application. For example: You can block social media sites such as Facebook Chat completely, without blocking Facebook, or you can allow someone to use Facebook (e.g your marketing department), and block users from your sales and technical departments, it also give you the ability to decide what the department with permission can do on such sites.
2. Identity Awareness
Another major difference between an ordinary firewall and a NGFW is a good NGFW is expected to have the ability to track the identity of a local traffic device and user, typically using existing enterprise authentication systems. An ordinary firewall gives you information like “It looks like 172.17.1.333 is the machine exhausting your bandwidth” leaving you with the herculean task of identifying the user, however NGFW will help you find out who’s machine it is. The next generation firewall ties every user on your network into its directory, this way the Information Security staff will be able to not only control the types of traffic that are allowed to enter and exit the network, but also what a specific user is allowed to send and receive, hence, no more looking for IP addresses and trying to track down a user, it helps you know exactly what devices a user has on the network by looking up their name.
3. Effective Threat Prevention
In order to prevent threats effectively, it is imperative that a network first reduce the avenues of attack by consciously controlling which applications run on it. Thereafter a firewall needs to scan “allowed” application traffic for threats more broadly, yet not limited to a strict definition of a particular type of threat (e.g., “spam” “virus” or “exploit”). A NGFW must be able to not only track the state of traffic based on layers 2 through 4, but also from layer 2 through 7. The Next Generation Firewall can limit traffic to only approved applications, thereby avoiding risks from unnecessary applications. Helping to also reduce bandwidth traffic and usage, it can also scan supposedly “good” applications for a wide variety of threats, even confidential data leaks. This difference allows a whole lot of control and provides an Information Security engineer/administrator a great advantage in ensuring staff adherence to policies without waste of resources in ensuring policy compliance by staff(s).
4. It simplifies security infrastructure with Intrusion Protection System (IPS)
Most times, adding more appliances to your system only adds complexity and cost, and doesn’t solve the root security problem: resulting in the inability to identify and control applications, users, and content. An Intrusion Protection System (IPS) is responsible for detecting attacks based on a number of different techniques including the use of known exploit attacks, threat signatures, traffic behavioural analysis etc. A NGFW, allows your IPS appliance to be fully integrated.
5. Next generation firewalls also allows you access Secure Sockets Layer (SSL) decryption to enable identification of undesirable encrypted applications.
The above among others are some features of NGFW, however, considering the frequent rate in which cyber threats are growing and the nature of computing and computer attacks, today’s NGFW might not be so Next Generation in the near future – this means even the present NGFWs will give way to the next great thing in IT security.
Do you want to learn more of NGFW? The effective and bespoke solution that will meet your IT requirements? Talk to an Infoprive Information Security Expert Today.