Using a traditional firewall against modern security threats is a bit like playing professional football in the 21st century with an old leather helmet from the 1930s. You may gain some very basic protection, but you’re still at risk of serious damage.
Traditional firewalls control traffic according to specific ports, protocols and IP addresses. They are unable to distinguish between various types of web traffic – whether it’s a threat or a legitimate business application – and then apply security policies to block or allow that traffic. They’re also incapable of inspecting the data payload of network packets.
However, today’s threats are typically web-based and launched through applications. These threats are capable of sneaking through https (80) and https (443) ports unnoticed by older firewalls. To ensure security, organizations may be forced to block all applications, including valuable business applications.
More than viruses and spyware, modern security threats include zero-day, advanced malware and stealth bots that are smart enough to not only disable security protections and steal data, but hide in your network while awaiting further instructions. These are the kinds of threats that can be thwarted by a next-generation firewall.
A next-generation firewall (NGFW) is application-aware, meaning it can distinguish one application from another and enforce granular security policies at the application layer. As approved applications are permitted into the network, deep packet inspection and intrusion prevention techniques are employed to inspect traffic contents for threats, enabling smarter blocking decisions to be made based on very specific criteria.
For example, instead of having a policy that either allows all users or no users to use Twitter, a NGFW will enforce policies that permit the use of Twitter in a way that adheres to business requirements and doesn’t leave the company susceptible to a security breach.
The advanced capabilities of a NGFW not only reduce the risk of a breach, but they prevent or limit the use of non-business applications that can cause bandwidth bottlenecks and hamper employee productivity. Different policies may be developed for specific devices in a BYOD environment, giving priority to mission-critical applications.
A NGFW is sometimes confused with a unified threat management (UTM) system, which combines various security functions – firewalls, antimalware, intrusion protection, content filtering, reporting and more – in a single security appliance. Truly comprehensive network security can be achieved when employing these two complementary systems.
When choosing a NGFW for your organization, it’s important to evaluate the architecture, performance impact and manageability.
- Understand the hardware and software architecture, how it will be engineered and integrated, and how it delivers the results your organization requires.
- Find out how a NGFW will impact network performance, if at all. Make sure throughput is tested when all security features are enacted with the appropriate number of connections.
- A NGFW involves very specific policies and rules that enable for more granular, powerful security controls, but it should be intuitive and easy to configure, implement and maintain. Simple, centralized management is critical.
Is your firewall more like protective headgear with a polycarbonate shell, vinyl nitrile foam padding and a titanium facemask – or an old leather helmet? Let Technologent help you evaluate your organization’s security needs and select and deploy the right NGFW solution.
Comments