SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES

Next Generation Firewalls: Protection and Performance

By: Patrick Sweeney

Protection and performance should go hand in hand in terms of data and network security. However, until the introduction of Next-Generation Firewalls (NGFWs) organizations often had to compromise data throughput and productivity for security. But while NGFWs are good news for business, many organizations are unaware that they have “old” firewalls, ones that are barriers to productivity but not, unfortunately, barriers to the latest security threats.

A Quick History of Firewalls

First-generation firewalls of the 1980s provided packet filtering based upon criteria such as port, protocol and MAC/IP address, and operated at layers 2 and 3 of the OSI model. Second-generation firewalls of the ’90s incorporated stateful packet inspection (SPI), which verified the state of inbound and outbound traffic based upon state tables, and operated at layers 2, 3 and 4. Then, third-generation firewalls of the past decade delivered processing power and broader capabilities, including deep packet inspection (DPI) of the entire packet payload, intrusion prevention, malware detection, traffic analytics, application control, and IPSec and SSL VPNs. Another development during the evolution of third-generation firewalls was Unified Threat Management (UTM), which extended the role of the traditional firewall into a product that not only guards against intrusion but performs content filtering, data leakage protection, intrusion detection, and anti-malware duties typically handled by multiple systems.


This worked well until the advent and mass adoption of Web 2.0 applications, mobile devices and mobile apps, all of which combined to create entirely new challenges for network security and productivity. Suddenly, bandwidth was being gobbled up by greedy Web applications and multimedia files. Simultaneously, the Web 2.0 and multimedia files became new and difficult to detect for existing and new malware and viruses. Enter the need for Next-Generation Firewalls.

Defining Next-Generation Firewall

An NGFW includes all standard capabilities found in a first-generation firewall, i.e., packet filtering, stateful packet inspection (SPI), network address translation (NAT), and high availability (HA). But it takes network security and performance to the next level through the combination and integration of innovations such as deep packet inspection (DPI), intrusion prevention systems (IPS) and application intelligence and control.

Gartner defines an NGFW as “an inline security control that implements network security policy between networks or different trust levels” as well as “a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks.”



FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel