Next-gen Firewalls: The Future Of Enterprise Protection
Firewalls are a necessity to companies due to a fact that companies need a reliable way to protect their information. There are two types of firewalls for businesses; traditional firewalls and next generation firewalls. Traditional firewalls have been company’s solution to potential threats for nearly 20 years. They are popular because of their straightforward functionality and the fact that they are usually cost friendly. Traditional firewalls are able to control network traffic, but only from a “go” or “stop” perspective. They use source destination IP addresses and TCP/UDP port information in order to decide whether a packet is allowed to pass through networks or whether it is blocked from entering at all.
As technology evolves, enterprise applications have moved into areas such as social media, browser based sharing tools, and content management. Application-layer attacks are becoming more and more common. The increase in use of these applications can lead to a potential increase in risks to the entire network due to unknown and unaddressed threats that target normal application and user behavior. Threat developers are becoming smarter and they are able to create threats that exploit the weaknesses in applications and company firewalls. 80% of first time malware and intrusion attempts are taking advantage of application weaknesses (Miller 2011).
Advanced security threats are too crafty for traditional firewalls to handle effectively. The reason is that traditional firewalls look at traffic from an external view instead of internally. These firewalls assume the application-layer service that a given stream of traffic is associated with, based on the port number used in the packet’s header, and they only look at the first packet in a session to determine the type of traffic being processed, in order to avoid network performance issues (Miller 2011).
The solution to fixing the weaknesses of traditional firewalls is upgrading to next-generation firewalls, which have the capability to interpret traffic using the application’s identity, enabling visibility and control of all types of applications.
Next Generation Firewall Features
• Application/content awareness
• User identity awareness (user and group)
• Policy control
Application/ content awareness: Next-gen firewalls don’t assume that a specific application is running on a specific port. They use a multi-factor approach to classify traffic. The firewall monitors the traffic from different layers in order to determine what type of traffic is being sent and received.
User identity awareness: Next-generation firewalls have the ability to link IP addresses to specific user identities, which enables visibility and control of any network activity for any given user in a company’s network. This can help gain insight into user behavior and track potential threats more accurately without affecting the other users on network.
Policy Control: Once a potential threat is determined, organizations can apply policies with a range of responses that are more advanced than “Allow” or “Deny”, which are the only options you get with a traditional firewall.
The value in a next-generation firewall is that it has the ability to do everything that a traditional firewall does along with advanced identification technology and higher performance.