| |
|
|
 |
| |
Next Generation Firewalls
Gartner, Defining the Next-Generation Firewall
Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.
|
Technology Sprawl
and
Creep Are Not
The Answer
• “More stuff” doesn’t
solve
the problem
• Firewall “helpers” have
limited view of traffic
• Complex and costly to
buy and maintain
• Putting all of this in the
same box is just slow
|
 |
|
| |
| KEY FINDINGS |
|
 The stateful protocol filtering and limited application awareness offered by first generation firewalls are not effective in dealing with current and emerging threats.
Using separate firewalls and intrusion prevention appliances results in higher operational costs and no increase in security over an optimized combined platform.
Next-generation firewalls (NGFWs) are emerging that can detect application-specific attacks and enforce application-specific granular security policy, both inbound and outbound.
NGFWs will be most effective when working in conjunction with other layers of security controls.
|
| |
| |
| RECOMMENDATIONS |
|
If you have not yet deployed network intrusion prevention, require NGFW capabilities of all vendors at your next firewall refresh point.
If you have deployed both network firewalls and network intrusion prevention, synchronize the refresh cycle for both technologies and migrate to NGFW capabilities.
If you use managed perimeter security services, look to move up to managed NGFW services at the next contract renewal.
|
| |
| |
| What Is an NGFW Not? |
|
Small or midsize business (SMB) multifunction firewalls or unified threat management (UTM) devices
Network-based data loss prevention (DLP) appliance
Secure Web gateways (SWGs)
Messaging security gateways
|
| |
| |
 |
| RELATED PROJECTS: |
 Firewall
Intrusion Prevention System
SSL VPN
Quality of Service (Packet Shaping)
URL and Content Filtering
|
| |
| SOLUTIONS PARTNERS: |
PaloAlto
|
|
|
|
Applications Have Changed;
Firewalls Have Not! |
 |
Hundreds of applications are likely running on your network right now. Many are
good for your business, other may not be. But they all carry level of risk. Application
visibility and application control is critical today, and not available in a traditional
port-based firewall.
|
| |
| |
THE RIGHT ANSWER:
Make the Firewall Do Its Job |
 |
New Requirements for the Firewall:
1. Identify applications regardless of port, protocol, evasive tactic or SSL
2. Identify users regardless of IP address
3. Protect in real-time against threats embedded across applications
4. Fine-grained visibility and policy control over application access / functionality
5. Multi-gigabit, in-line deployment with no performance degradation
|
|
|
|
|
INFORMATION