Firewall technology used to be simple and straightforward. You programmed it with predefined security policies set by your organization. A firewall would then filter incoming and outgoing traffic, letting safe traffic into your network, while keeping dangerous traffic out. But in the four decades since the firewall’s inception, both security technology and cybercriminal methods have evolved.
With the adoption of cloud computing, SaaS applications, mobile and IoT devices, enterprise IT will continue to become more connected and more vulnerable to cyberattacks in 2020. Connecting IoT devices to your network provides even more entry points for hackers to attack you. These security issues will impact almost every company as 67% of companies have already experienced an IoT security incident. Is your company next?
Compliance, privacy, and data security have expanded beyond the CISO and CIO, to become important to the CEO and company board. Given the growing cyberattack risk to all enterprises, it is important to protect your network with an intelligent and innovative Next Generation Firewall (NGFW) that includes the following seven critical capabilities.
Capability 1: Management
The search for a next generation firewall (NGFW) begins with a unified security management platform. A NGFW needs superior security management and efficient features to meet the needs of the modern, distributed enterprise including cloud, datacenter, mobile, PCs, and IoT.
Security management is more than just security policy and network and device configuration. You must also consider ease of use, increased operational efficiency, and a unified platform. Other key features include the ability to scale security to match the growth of the IT network, automate workflows, and maintain consistent policy implementation across your security infrastructure.
Capability 2: Threat Prevention
Core threat prevention techniques including anti-phishing, anti-virus, and anti-bot go beyond traditional firewall security functions that simply integrate with IPS to consolidate hardware. Cloud-based analytics and threat intelligence provide further threat prevention benefits, including automatic malware indicator updates.
Capability 3: Application Inspection and Control
As enterprises grow and scale, it’s essential to select a firewall that has application support broad enough to identify new, sophisticated applications. Firewalls have evolved over time to become broad, deep, intelligent, and dynamic.
Capability 4: Dynamic, Identity-Based Inspection and Control
Traditional firewall rules based on simple IP addresses are changing due to the shift to dynamic addressing, cloud architectures, and group-based policies. Enterprises need a firewall that can support policies based on third-party user stores, public and private cloud objects, external service feeds such as Office 365, AWS geolocation, and new device classes like IoT. It is also important to use threat intelligence and automation to enable dynamic policy creation and enforcement. Intelligent automation will reduce security risks and costs by decreasing manual configuration changes and the inherent human error that occurs.
Capability 5: Hybrid Cloud Support
In order to meet the needs of cloud-first enterprises, your next firewall should embrace the automation and orchestration of the cloud by providing scalable performance based on dynamic workloads, along with consumption models for cost-effective deployment.
Capability 6: Scalable Performance with Advanced Security Functions
Your next generation firewall will need capabilities that can ensure scalable performance as your requirements increase. It’s important that your firewall doesn’t have hardware limitations that could prevent your organization from deploying the latest threat prevention technologies and algorithms. Such limitations could impact performance capabilities in the cloud as compared to traditional hardware deployments. Hyperscale network security technologies enable cloud-level security on premise, and scaling performance as throughput and security requirements change.
Capability 7: Encrypted Traffic Inspection
A recent Google study showed that over 90% of the web traffic generated by end-user Chrome browser activity was encrypted. As encrypted traffic increases and cyber threats become more advanced and destructive, your firewall needs to be able to inspect this traffic in order to apply control policy and activate threat prevention.
A Holistic Approach
Many organizations have to support complex security architectures with multiple security solutions. This approach can lead to complex integrations, misconfigurations, and inefficient operations. When selecting your next generation or enterprise firewall, it’s important to think holistically about your security architecture and security operations. As you can see, Next Generation Firewalls are much more than enforcement points for network traffic policies. These firewalls are actually intelligent security gateways that include application intelligence and multi-dimensional threat prevention.
About The Author:
Russ Schafer, Head of Product Marketing, Security Platforms, Check Point
Russ Schafer is head of product marketing for security platforms and analyst relations at Check Point. Security products include next generation firewalls, cloud network security services, IoT, Zero Trust, security gateways, security management, and Infinity. Russ previously held senior leadership roles at IBM, Intel, Yahoo, AOL, Sybase, and THX.