Firewall in simple terms acts as a barrier to prevent unauthorized access or malicious traffic within a system or in a network. The rapid growth of new innovative technology and alongside with the massive growth of new security threat, the traditional firewall is not enough to compete. To deal with these changes, vendors in the enterprise firewall market have created a new generation of firewall devices dubbed the Next Generation Firewall or NGFW.
A next-generation firewall (NGFW) is a hardware or software-based network security system that is able to detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level.
9 Top features in Next generation firewall:
- Application Awareness : Next Generation Firewall must be able to identify, allow, block or limit applications regardless of port, protocol etc. This provides visibility into unknown & proprietary application within the organization network.
One of the major difference between a traditional firewall and a next-generation firewall (NGFW) is the fact that these newer devices are application aware. Traditional firewalls rely on common application ports to determine the applications that were running and the types of attacks to monitor for.
- Identity Awareness: Next generation firewalls supports Identity awareness for granular control of applications by specific users, group of users and machines that the users are using.
A Next generation firewall device also supports all major authentication protocols such as LDAP/AD, RADIUS, Kerberos and Local Auth. This helps organizations control not only the types of traffic that are allowed to enter and exit the network, but also what a specific user is allowed to send and receive.
( Read more: Major components of IT GRC solutions )
- Centralized Management, Administration, Logging and Reporting: Separate management solution is available for management, logging and reporting. This helps organizations in log analysis and policy management. This tool is also used to export firewall rules set and configuration. Centralized management provides administrator with security health dashboard to view the happenings and traffic patterns and associated risks in network in real time.
Central management should also give you the ability to automate routine tasks, reuse elements and employ shortcuts and drill-downs to produce maximum efficiency with minimal effort. - State-full Inspection: While the general definition of Stateful inspection does not differ from traditional firewalls, a next-generation firewall (NGFW) tracks the connections from layer 2 to layer 7 (even layer 8 due to identity awareness) in contrast with the traditions firewalls which tracks the traffic from layer to layer 4. This difference allows a lot more control and provides the organizations the ability to have very granular policies.
- Deep Packet Inspection: Deep packet inspection (DPI) is one of the prior features of next-generation firewall (NGFW). This capability ensures the various pieces of each packet are thoroughly examined to identify malformed packets, errors, known attacks and any other anomalies. DPI can rapidly identify and then block Trojans, viruses, spam, intrusion attempts and any other violations of normal protocol communications.
- Integrated IPS: In an environment where a traditional firewall is deployed, it is common to see an Intrusion Detection System (IDS) or IPS deployed as well. Commonly, this was done with a separate appliance or an appliance that is logically separate within a single appliance. With a next-generation firewall (NGFW), the IPS or IDS appliance is fully integrated. It can be activated and de-activated as and when required. The IPS functionality itself is the same as it was with a separate appliance; the main difference is in the performance and accessibility of the information from all layers of the traffic.
( Read more: Incident Response: How to Respond to a Security Breach during First 24 Hours (Checklist) )
- Able to monitor SSL or other encrypted traffic: The next-generation firewall (NGFW) is able to monitor SSL and Http tunneled traffic flows as well. In order to secure encrypted traffic the Next generation Firewall supports all inbound and outbound SSL decryption capabilities. This helps Organization identify and prevent threats and malware in encrypted network streams
- Integration with other security solutions: The next-generation firewall (NGFW) is capable with integrating with other security solutions such as SIEM tools, reporting tool, two factor authentication systems etc. with littke or no modifications. This enhances the overall capability of security systems of an organization.
- Inbuilt Antivirus and Anti-Bot solution: Next-generation firewall (NGFW) have inbuilt antivirus engine and are able to inspect https traffic on the fly for any infected file. these protections are available for protocols like HTTP, HTTPS, FTP, POP3, SMTP, SMB etc. They are also capable of identifying malware coming from incoming file and malwares downloaded from internet
More: Want to become a speaker and address the security community? Click here
Comments