By: Patrick Sweeney
Protection and performance should go hand in hand in terms of data and network security. However, until the introduction of Next-Generation Firewalls (NGFWs) organizations often had to compromise data throughput and productivity for security. But while NGFWs are good news for business, many organizations are unaware that they have “old” firewalls, ones that are barriers to productivity but not, unfortunately, barriers to the latest security threats.
First-generation firewalls of the 1980s provided packet filtering based upon criteria such as port, protocol and MAC/IP address, and operated at layers 2 and 3 of the OSI model. Second-generation firewalls of the ’90s incorporated stateful packet inspection (SPI), which verified the state of inbound and outbound traffic based upon state tables, and operated at layers 2, 3 and 4. Then, third-generation firewalls of the past decade delivered processing power and broader capabilities, including deep packet inspection (DPI) of the entire packet payload, intrusion prevention, malware detection, traffic analytics, application control, and IPSec and SSL VPNs. Another development during the evolution of third-generation firewalls was Unified Threat Management (UTM), which extended the role of the traditional firewall into a product that not only guards against intrusion but performs content filtering, data leakage protection, intrusion detection, and anti-malware duties typically handled by multiple systems.
ConceptWave is a leading provider of customer, product, and order lifecycle management solutions that enable communications service providers to rapidly introduce new market offers and to empower superior customer experience. ConceptWave's unique offer is to provide an end-to-end catalog-driven suite of order fulfillment automation software with ConceptWave Order Care and Rapid CRM. ConceptWave products and solutions enable service providers to address competitive requirements and simplify the management of customers, products, and orders, for any product, on any network, in any market, using any channel. ConceptWave is headquartered in Toronto with presence in Americas, Europe and Asia.
This worked well until the advent and mass adoption of Web 2.0 applications, mobile devices and mobile apps, all of which combined to create entirely new challenges for network security and productivity. Suddenly, bandwidth was being gobbled up by greedy Web applications and multimedia files. Simultaneously, the Web 2.0 and multimedia files became new and difficult to detect for existing and new malware and viruses. Enter the need for Next-Generation Firewalls.
An NGFW includes all standard capabilities found in a first-generation firewall, i.e., packet filtering, stateful packet inspection (SPI), network address translation (NAT), and high availability (HA). But it takes network security and performance to the next level through the combination and integration of innovations such as deep packet inspection (DPI), intrusion prevention systems (IPS) and application intelligence and control.
Gartner defines an NGFW as “an inline security control that implements network security policy between networks or different trust levels” as well as “a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks.”