The firewall has long been the cornerstone of any organisation’s security infrastructure and even though the additional features that are considered supplementary do change from time to time, the core function of the firewall remains.
So the traditional firewalls should continue to be used right? Well, yes and no. The core function of the firewall is to implicitly deny everything which hasn’t been explicitly allowed; in our opinion it’s what is being allowed and denied that needs to change. Over the past five years the way in which we work has changed so dramatically and is set to continue the traditional firewall just can’t cut the mustard on its own anymore. Web 2.0 still continues to play a huge part in our business communications and applications and this is only set to continue; alongside this the threats we face are developing just as fast – if not faster. Resulting in the need for a solution that can keep ahead of the pack when it comes to cyber threats – but can the NGFW deliver this?
Next Generation Firewalls delve deeper into the flow of data, understanding what’s going on inside a web session; as opposed to the less dynamic traditional firewalls that filter traffic based on source or destination IP address and port numbers. Next Generation Firewalls filter based on applications such as Facebook or YouTube and even have the ability to granularly control what is happening within the applications. For example it can allow the use of Facebook but block chat or games from being used within the application. What’s more as new web applications or ‘apps’ are being developed next generations firewalls are updated with new ones.
From a threat protection perspective, NGFW’s are also constantly being updated with the latest pieces of malware, including bot nets, worms and Trojan horses and are also being updated regarding any changes to their behavioural patterns.
Next Generation firewalls also encompass some features that would previously have been undertaken by dedicated devices such as web proxies, authentication proxies and Intrusion Prevention Systems that are now in many cases expected to be available as supplementary features of a Next Generation Firewall.
So if your firewall isn’t able to apply controls to this degree then it’s probably not a next generation firewall and therefore isn’t aligned to your business’s modern way of working but more to the point, isn’t adequately protecting you against modern threats.